From 1e48d89e004861eab9d1388c34d10ea61a982627 Mon Sep 17 00:00:00 2001 From: Jehiah Czebotar Date: Fri, 24 Jul 2015 16:09:33 -0400 Subject: [PATCH 1/3] clarify required email validation settings --- options.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/options.go b/options.go index bcf7d29..99e0ef4 100644 --- a/options.go +++ b/options.go @@ -103,6 +103,9 @@ func (o *Options) Validate() error { if o.ClientSecret == "" { msgs = append(msgs, "missing setting: client-secret") } + if o.AuthenticatedEmailsFile == "" && len(o.EmailDomains) == 0 && o.HtpasswdFile == "" { + msgs = append(msgs, "missing setting for email validation: email-domain or authenticated-emails-file required.\n use email-domain=* to authorize all email addresses") + } o.redirectUrl, msgs = parseUrl(o.RedirectUrl, "redirect", msgs) From c1bf1ad16710659fd5b5763d7cacee30b0121ec2 Mon Sep 17 00:00:00 2001 From: Jehiah Czebotar Date: Fri, 24 Jul 2015 16:10:10 -0400 Subject: [PATCH 2/3] github: better debug output for org/team validation --- providers/github.go | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/providers/github.go b/providers/github.go index 4f2a988..a76d755 100644 --- a/providers/github.go +++ b/providers/github.go @@ -66,7 +66,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) { endpoint := "https://api.github.com/user/orgs?" + params.Encode() req, _ := http.NewRequest("GET", endpoint, nil) - req.Header.Set("Accept", "application/vnd.github.moondragon+json") + req.Header.Set("Accept", "application/vnd.github.v3+json") resp, err := http.DefaultClient.Do(req) if err != nil { return false, err @@ -85,11 +85,16 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) { return false, err } + var presentOrgs []string for _, org := range orgs { if p.Org == org.Login { + log.Printf("Found Github Organization: %q", org.Login) return true, nil } + presentOrgs = append(presentOrgs, org.Login) } + + log.Printf("Missing Organization:%q in %v", p.Org, presentOrgs) return false, nil } @@ -111,7 +116,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) { endpoint := "https://api.github.com/user/teams?" + params.Encode() req, _ := http.NewRequest("GET", endpoint, nil) - req.Header.Set("Accept", "application/vnd.github.moondragon+json") + req.Header.Set("Accept", "application/vnd.github.v3+json") resp, err := http.DefaultClient.Do(req) if err != nil { return false, err @@ -130,13 +135,29 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) { return false, fmt.Errorf("%s unmarshaling %s", err, body) } + var hasOrg bool + presentOrgs := make(map[string]bool) + var presentTeams []string for _, team := range teams { + presentOrgs[team.Org.Login] = true if p.Org == team.Org.Login { - if p.Team == "" || p.Team == team.Slug { + hasOrg = true + if p.Team == team.Slug { + log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name) return true, nil } + presentTeams = append(presentTeams, team.Slug) } } + if hasOrg { + log.Printf("Missing Team:%q from Org:%q in teams: %v", p.Team, p.Org, presentTeams) + } else { + var allOrgs []string + for org, _ := range presentOrgs { + allOrgs = append(allOrgs, org) + } + log.Printf("Missing Organization:%q in %#v", p.Org, allOrgs) + } return false, nil } From 0692c3763f1b5023ca8c37c539d1b4ed23a4aa10 Mon Sep 17 00:00:00 2001 From: Jehiah Czebotar Date: Fri, 24 Jul 2015 16:23:19 -0400 Subject: [PATCH 3/3] More robust handling for missing email --- options_test.go | 2 ++ providers/github.go | 3 +-- providers/linkedin.go | 3 --- validator.go | 6 ++++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/options_test.go b/options_test.go index 8d8fdf8..3b2f19f 100644 --- a/options_test.go +++ b/options_test.go @@ -15,6 +15,7 @@ func testOptions() *Options { o.CookieSecret = "foobar" o.ClientID = "bazquux" o.ClientSecret = "xyzzyplugh" + o.EmailDomains = []string{"*"} return o } @@ -27,6 +28,7 @@ func errorMsg(msgs []string) string { func TestNewOptions(t *testing.T) { o := NewOptions() + o.EmailDomains = []string{"*"} err := o.Validate() assert.NotEqual(t, nil, err) diff --git a/providers/github.go b/providers/github.go index a76d755..c9b490f 100644 --- a/providers/github.go +++ b/providers/github.go @@ -2,7 +2,6 @@ package providers import ( "encoding/json" - "errors" "fmt" "io/ioutil" "log" @@ -211,5 +210,5 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) { } } - return "", errors.New("no email address found") + return "", nil } diff --git a/providers/linkedin.go b/providers/linkedin.go index 78ad3c9..2151229 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -3,7 +3,6 @@ package providers import ( "errors" "fmt" - "log" "net/http" "net/url" @@ -60,13 +59,11 @@ func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) { json, err := api.Request(req) if err != nil { - log.Printf("failed making request %s", err) return "", err } email, err := json.String() if err != nil { - log.Printf("failed making request %s", err) return "", err } return email, nil diff --git a/validator.go b/validator.go index 396e605..e3c0a54 100644 --- a/validator.go +++ b/validator.go @@ -71,9 +71,11 @@ func newValidatorImpl(domains []string, usersFile string, domains[i] = fmt.Sprintf("@%s", strings.ToLower(domain)) } - validator := func(email string) bool { + validator := func(email string) (valid bool) { + if email == "" { + return + } email = strings.ToLower(email) - valid := false for _, domain := range domains { valid = valid || strings.HasSuffix(email, domain) }