From 338e99773a8396b3d993a5f37ef74fc80e372c62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Pinson?= Date: Wed, 17 Feb 2016 11:21:27 +0100 Subject: [PATCH] github provider: allow multiple teams --- README.md | 2 +- providers/github.go | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9c7d78d..089ce8d 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ The Azure AD auth provider uses `openid` as it default scope. It uses `https://g The GitHub auth provider supports two additional parameters to restrict authentication to Organization or Team level access. Restricting by org and team is normally accompanied with `--email-domain=*` -github-org="": restrict logins to members of this organisation - -github-team="": restrict logins to members of this team + -github-team="": restrict logins to members of any of these teams, separated by a comma If you are using github enterprise, make sure you set the following to the appropriate url: diff --git a/providers/github.go b/providers/github.go index 124eebe..cc5460b 100644 --- a/providers/github.go +++ b/providers/github.go @@ -3,6 +3,7 @@ package providers import ( "encoding/json" "fmt" + "strings" "io/ioutil" "log" "net/http" @@ -141,9 +142,12 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) { presentOrgs[team.Org.Login] = true if p.Org == team.Org.Login { hasOrg = true - if p.Team == team.Slug { - log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name) - return true, nil + ts := strings.Split(p.Team, ",") + for _, t := range ts { + if t == team.Slug { + log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name) + return true, nil + } } presentTeams = append(presentTeams, team.Slug) }