github provider: allow multiple teams

This commit is contained in:
Raphaël Pinson 2016-02-17 11:21:27 +01:00
parent 54efb1a2e1
commit 338e99773a
2 changed files with 8 additions and 4 deletions

View File

@ -94,7 +94,7 @@ The Azure AD auth provider uses `openid` as it default scope. It uses `https://g
The GitHub auth provider supports two additional parameters to restrict authentication to Organization or Team level access. Restricting by org and team is normally accompanied with `--email-domain=*` The GitHub auth provider supports two additional parameters to restrict authentication to Organization or Team level access. Restricting by org and team is normally accompanied with `--email-domain=*`
-github-org="": restrict logins to members of this organisation -github-org="": restrict logins to members of this organisation
-github-team="": restrict logins to members of this team -github-team="": restrict logins to members of any of these teams, separated by a comma
If you are using github enterprise, make sure you set the following to the appropriate url: If you are using github enterprise, make sure you set the following to the appropriate url:

View File

@ -3,6 +3,7 @@ package providers
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"strings"
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
@ -141,10 +142,13 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
presentOrgs[team.Org.Login] = true presentOrgs[team.Org.Login] = true
if p.Org == team.Org.Login { if p.Org == team.Org.Login {
hasOrg = true hasOrg = true
if p.Team == team.Slug { ts := strings.Split(p.Team, ",")
for _, t := range ts {
if t == team.Slug {
log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name) log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name)
return true, nil return true, nil
} }
}
presentTeams = append(presentTeams, team.Slug) presentTeams = append(presentTeams, team.Slug)
} }
} }