From 11495608aaf748a6cb22411edfe33d0c7a5dda19 Mon Sep 17 00:00:00 2001
From: Caleb <inchristalway-tech4him@yahoo.com>
Date: Wed, 28 Mar 2018 12:08:23 -0600
Subject: [PATCH] Prevent Git Gateway users with invalid tokens from logging
 in. (#1209)

* Prevent Git Gateway users without permission from login.

* Handle Git Gateway token expiry explicitly.

This often happens when a user changes a repo from public to private, so
we want to make that specific case very clear.
---
 src/backends/git-gateway/API.js            | 16 ++++++++++++++++
 src/backends/git-gateway/implementation.js | 11 ++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/backends/git-gateway/API.js b/src/backends/git-gateway/API.js
index 10737bb35a61..91221f03a71f 100644
--- a/src/backends/git-gateway/API.js
+++ b/src/backends/git-gateway/API.js
@@ -10,6 +10,22 @@ export default class API extends GithubAPI {
     this.repoURL = "";
   }
 
+  hasWriteAccess() {
+    return this.getBranch()
+      .then(() => true)
+      .catch(error => {
+        if (error.status === 401) {
+          if (error.message === "Bad credentials") {
+            throw new Error("Git Gateway Error: Please ask your site administrator to reissue the Git Gateway token.");
+          } else {
+            return false;
+          }
+        } else {
+          console.error("Problem fetching repo data from GitHub");
+          throw error;
+        }
+      });
+  }
 
   getRequestHeaders(headers = {}) {
     return this.tokenPromise()
diff --git a/src/backends/git-gateway/implementation.js b/src/backends/git-gateway/implementation.js
index cd8f029cc17d..447c5324d570 100644
--- a/src/backends/git-gateway/implementation.js
+++ b/src/backends/git-gateway/implementation.js
@@ -75,7 +75,16 @@ export default class GitGateway extends GitHubBackend {
       } else {
         throw new Error("You don't have sufficient permissions to access Netlify CMS");
       }
-    });
+    })
+    .then(userData =>
+      this.api.hasWriteAccess().then(canWrite => {
+        if (canWrite) {
+          return userData;
+        } else {
+          throw new Error("You don't have sufficient permissions to access Netlify CMS");
+        }
+      })
+    );
   }
 
   logout() {