Can't login with multifactor authentication

[pcgeek86]

I need to encrypt some environment variables in a Travis CI project. I followed the documentation, which says to use the Travis Ruby Gem to encrypt the data.

cd ~/my/git/repository
travis encrypt

When I try to encrypt the data, it tells me I need to login first.

not logged in, please run travis login --pro

When I try to login, I'm prompted for username and password for GitHub:

ubuntu@ip-10-0-157-218:~/fli-docs$ travis login --pro
We need your GitHub login to identify you.
This information will not be sent to Travis CI, only to api.github.com.
The password will not be displayed.

Try running with --github-token or --auto if you don't want to enter your password anyway.

Username: pcgeek86
Password for pcgeek86: ****************************************************************
This API can only be accessed with username and password Basic Auth
for a full error report, run travis report --pro

Then I try to use the --github-token parameter, but that requires me to specify my token on the command line, which is a security risk.

How do I login to Travis securely from the command line?

Cheers,
Trevor Sullivan
Docker Captain
Microsoft MVP: Cloud & Data Center Management
https://trevorsullivan.net
https://twitter.com/pcgeek86

[lukeyeager]

I'm seeing the same issue. What's worse, when I try to authenticate with a temporary token, I get a different error:

$ travis login -u lukeyeager --github-token $MYTOKEN
405: "request method not allowed"

[lukeyeager]

Full logs of attempts with --debug:

$ travis login -u lukeyeager --github-token XXX --debug
** Loading "/home/lyeager/.travis/config.yml"
** Loading gh
** GET "config"
**   took 0.098 seconds
** GitHub API: GET /user?per_page=100
**   took 0.34 seconds
** POST "auth/github" {:github_token=>"XXX"}
**   took 0.19 seconds
** POST "https://travis-ci.org/insufficient_oauth_permissions#existing-user"
**   took 0.33 seconds
405: "request method not allowed"

$ travis login -u lukeyeager --debug
** Loading "/home/lyeager/.travis/config.yml"
** Loading gh
** GET "config"
**   took 0.1 seconds
We need your GitHub login to identify you.
This information will not be sent to Travis CI, only to api.github.com.
The password will not be displayed.

Try running with --github-token or --auto if you don't want to enter your password anyway.

Password for lukeyeager: XXX
** GitHub API: POST /authorizations
Two-factor authentication code for lukeyeager: XXX
** GitHub API: POST /authorizations
**   took 0.37 seconds
** GitHub API: GET /user?per_page=100
**   took 0.4 seconds
** POST "auth/github" {:github_token=>"XXX"}
**   took 0.24 seconds
** GET "users/"
**   took 0.1 seconds
Successfully logged in as lukeyeager!
** GitHub API: DELETE /authorizations/58055487
** Storing "/home/lyeager/.travis/error.log"
GH request failed
verb:               :delete
url:                /authorizations/58055487
headers:            {"User-Agent"=>"GH/0.14.0", "Accept"=>"application/vnd.github.v3+json,application/vnd.github.beta+json;q=0.5,application/json;q=0.1", "Accept-Charset"=>"utf-8", "X-GitHub-OTP"=>"199888"}
error:              Faraday::ClientError: the server responded with status 401
payload:            nil
response_status:    401
response_headers:   {"server"=>"GitHub.com", "date"=>"Fri, 28 Oct 2016 18:30:01 GMT", "content-type"=>"application/json; charset=utf-8", "content-length"=>"160", "connection"=>"close", "status"=>"401 Unauthorized", "x-github-otp"=>"required; sms", "x-github-media-type"=>"github.v3; format=json", "x-ratelimit-limit"=>"60", "x-ratelimit-remaining"=>"47", "x-ratelimit-reset"=>"1477681162", "access-control-expose-headers"=>"ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval", "access-control-allow-origin"=>"*", "content-security-policy"=>"default-src 'none'", "strict-transport-security"=>"max-age=31536000; includeSubdomains; preload", "x-content-type-options"=>"nosniff", "x-frame-options"=>"deny", "x-xss-protection"=>"1; mode=block", "x-github-request-id"=>"D8E47015:4452:15A8E012:58139929"}
response_body:      {"message":"Must specify two-factor authentication OTP code.","documentation_url":"https://developer.github.com/v3/auth#working-with-two-factor-authentication"}
for a full error report, run travis report

[automata]

Getting the same error with 401 for two factor authentication.

[lukeyeager]

This is probably a duplicate of #315.

I think this is our (quite aggressive) auto-blocking kicking in, which we have in place due to a permanent DDoS we've been under since September. I think the "invalid access token" is a red herring that's automatically generated by the client on 403s.
#315 (comment)

[lukeyeager]

I got around it by ssh-ing into another machine (as suggested several times on #315).

[jdek]

I have the same issue, tried on two other IPs (digitalocean, and online.net) apart from my home one with no success.

[rkh]

This has been fixed by #454, which you should be able to try out right now via gem install travis --pre.

[pcgeek86]

@rkh Thanks for taking care of this.

[harmenjanssen]

I have installed travis using gem install travis --pre, as suggested above, but I'm still getting 405: "request method not allowed".

$ travis login --pro --github-token="XXX" --debug
** Loading "/Users/harmen/.travis/config.yml"
** Loading gh
** GET "config"
**   took 0.38 seconds
** GitHub API: GET /user?per_page=100
**   took 0.43 seconds
** POST "auth/github" {:github_token=>"XXX"}
**   took 0.14 seconds
** POST "https://travis-ci.com/insufficient_oauth_permissions#existing-user"
**   took 0.38 seconds
405: "request method not allowed"

Am I doing something wrong?

[harmenjanssen]

Alright, forget I said anything, it had to do with scopes attached to my token.
My apologies.

[Eyesonly88]

@harmenjanssen What scopes did travis require? I'm currently stuck here and I don't want to give it more permission that it needs. I didn't select any scope which should give it read only access to public information but i'm still getting the 405: request method not allowed

[harmenjanssen]

@Eyesonly88 You're going to need a bunch though. An overview is over here: https://docs.travis-ci.com/user/github-oauth-scopes/

[Eyesonly88]

@harmenjanssen thank you 🙇

[alexellis]

I feel like I'm hitting this with #775 - any suggestions? I know I'm here on an issue that's 3 years old.