[Fix]: Dedup token verification logic in resolver (#7967)

Co-authored-by: openhands <openhands@all-hands.dev>
2026-03-22 13:47:19 +08:00 · 2025-04-21 16:34:29 -04:00
parent 300a59853b
commit 1e509a70d4
9 changed files with 41 additions and 66 deletions
--- a/openhands/resolver/resolve_issue.py
+++ b/openhands/resolver/resolve_issue.py
@@ -42,6 +42,7 @@ from openhands.resolver.utils import (
    reset_logger_for_multiprocessing,
 )
 from openhands.runtime.base import Runtime
+from openhands.utils.async_utils import GENERAL_TIMEOUT, call_async_from_sync

 # Don't make this confgurable for now, unless we have other competitive agents
 AGENT_CLASS = 'CodeActAgent'
@@ -688,7 +689,12 @@ def main() -> None:
    if not token:
        raise ValueError('Token is required.')

-    platform = identify_token(token, my_args.selected_repo, my_args.base_domain)
+    platform = call_async_from_sync(
+        identify_token,
+        GENERAL_TIMEOUT,
+        token,
+        my_args.base_domain,
+    )

    api_key = my_args.llm_api_key or os.environ['LLM_API_KEY']
    model = my_args.llm_model or os.environ['LLM_MODEL']
--- a/openhands/resolver/send_pull_request.py
+++ b/openhands/resolver/send_pull_request.py
@@ -22,6 +22,7 @@ from openhands.resolver.io_utils import (
 from openhands.resolver.patching import apply_diff, parse_patch
 from openhands.resolver.resolver_output import ResolverOutput
 from openhands.resolver.utils import identify_token
+from openhands.utils.async_utils import GENERAL_TIMEOUT, call_async_from_sync


 def apply_patch(repo_dir: str, patch: str) -> None:
@@ -685,7 +686,12 @@ def main() -> None:
        )
    username = my_args.username if my_args.username else os.getenv('GIT_USERNAME')

-    platform = identify_token(token, my_args.selected_repo, my_args.base_domain)
+    platform = call_async_from_sync(
+        identify_token,
+        GENERAL_TIMEOUT,
+        token,
+        my_args.base_domain,
+    )

    api_key = my_args.llm_api_key or os.environ['LLM_API_KEY']
    llm_config = LLMConfig(
--- a/openhands/resolver/utils.py
+++ b/openhands/resolver/utils.py
@@ -4,7 +4,7 @@ import os
 import re
 from typing import Callable

-import httpx
+from pydantic import SecretStr

 from openhands.controller.state.state import State
 from openhands.core.logger import get_console_handler
@@ -12,69 +12,21 @@ from openhands.core.logger import openhands_logger as logger
 from openhands.events.action import Action
 from openhands.events.action.message import MessageAction
 from openhands.integrations.service_types import ProviderType
+from openhands.integrations.utils import validate_provider_token


-def identify_token(
-    token: str, selected_repo: str | None = None, base_domain: str | None = 'github.com'
-) -> ProviderType:
+async def identify_token(token: str, base_domain: str | None) -> ProviderType:
    """
    Identifies whether a token belongs to GitHub or GitLab.
-
    Parameters:
        token (str): The personal access token to check.
-        selected_repo (str): Repository in format "owner/repo" for GitHub Actions token validation.
-        base_domain (str): The base domain for GitHub Enterprise (default: "github.com").
-
-    Returns:
-        ProviderType: "GitHub" if the token is valid for GitHub,
-             "GitLab" if the token is valid for GitLab,
-             "Invalid" if the token is not recognized by either.
+        base_domain (str): Custom base domain for provider (e.g GitHub Enterprise)
    """
-    # Determine GitHub API base URL based on domain
-    if base_domain is None or base_domain == 'github.com':
-        github_api_base = 'https://api.github.com'
-    else:
-        github_api_base = f'https://{base_domain}/api/v3'
+    provider = await validate_provider_token(SecretStr(token), base_domain)
+    if not provider:
+        raise ValueError('Token is invalid.')

-    # Try GitHub Actions token format (Bearer) with repo endpoint if repo is provided
-    if selected_repo:
-        github_repo_url = f'{github_api_base}/repos/{selected_repo}'
-        github_bearer_headers = {
-            'Authorization': f'Bearer {token}',
-            'Accept': 'application/vnd.github+json',
-        }
-
-        try:
-            github_repo_response = httpx.get(
-                github_repo_url, headers=github_bearer_headers, timeout=5
-            )
-            if github_repo_response.status_code == 200:
-                return ProviderType.GITHUB
-        except httpx.HTTPError as e:
-            logger.error(f'Error connecting to GitHub API (selected_repo check): {e}')
-
-    # Try GitHub PAT format (token)
-    github_url = f'{github_api_base}/user'
-    github_headers = {'Authorization': f'token {token}'}
-
-    try:
-        github_response = httpx.get(github_url, headers=github_headers, timeout=5)
-        if github_response.status_code == 200:
-            return ProviderType.GITHUB
-    except httpx.HTTPError as e:
-        logger.error(f'Error connecting to GitHub API: {e}')
-
-    gitlab_url = 'https://gitlab.com/api/v4/user'
-    gitlab_headers = {'Authorization': f'Bearer {token}'}
-
-    try:
-        gitlab_response = httpx.get(gitlab_url, headers=gitlab_headers, timeout=5)
-        if gitlab_response.status_code == 200:
-            return ProviderType.GITLAB
-    except httpx.HTTPError as e:
-        logger.error(f'Error connecting to GitLab API: {e}')
-
-    raise ValueError('Token is invalid.')
+    return provider


 def codeact_user_response(