meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #128 from jehiah/github_debug_128

Browse Source 
provider github not work with scope read:org
This commit is contained in:
Jehiah Czebotar 2015-07-28 07:58:54 -04:00
commit 5ff8aa3581
5 changed files with 34 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
options.go
View File

@ -103,6 +103,9 @@ func (o *Options) Validate() error {
if o.ClientSecret == "" { if o.ClientSecret == "" {
msgs = append(msgs, "missing setting: client-secret") msgs = append(msgs, "missing setting: client-secret")
} }
if o.AuthenticatedEmailsFile == "" && len(o.EmailDomains) == 0 && o.HtpasswdFile == "" {
msgs = append(msgs, "missing setting for email validation: email-domain or authenticated-emails-file required.\n use email-domain=* to authorize all email addresses")
}
o.redirectUrl, msgs = parseUrl(o.RedirectUrl, "redirect", msgs) o.redirectUrl, msgs = parseUrl(o.RedirectUrl, "redirect", msgs)

2
options_test.go
View File

@ -15,6 +15,7 @@ func testOptions() *Options {
o.CookieSecret = "foobar" o.CookieSecret = "foobar"
o.ClientID = "bazquux" o.ClientID = "bazquux"
o.ClientSecret = "xyzzyplugh" o.ClientSecret = "xyzzyplugh"
o.EmailDomains = []string{"*"}
return o return o
} }
@ -27,6 +28,7 @@ func errorMsg(msgs []string) string {
func TestNewOptions(t *testing.T) { func TestNewOptions(t *testing.T) {
o := NewOptions() o := NewOptions()
o.EmailDomains = []string{"*"}
err := o.Validate() err := o.Validate()
assert.NotEqual(t, nil, err) assert.NotEqual(t, nil, err)

30
providers/github.go
View File

@ -2,7 +2,6 @@ package providers
import ( import (
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "log"
@ -66,7 +65,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
endpoint := "https://api.github.com/user/orgs?" + params.Encode() endpoint := "https://api.github.com/user/orgs?" + params.Encode()
req, _ := http.NewRequest("GET", endpoint, nil) req, _ := http.NewRequest("GET", endpoint, nil)
req.Header.Set("Accept", "application/vnd.github.moondragon+json") req.Header.Set("Accept", "application/vnd.github.v3+json")
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
return false, err return false, err
@ -85,11 +84,16 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
return false, err return false, err
} }
var presentOrgs []string
for _, org := range orgs { for _, org := range orgs {
if p.Org == org.Login { if p.Org == org.Login {
log.Printf("Found Github Organization: %q", org.Login)
return true, nil return true, nil
} }
presentOrgs = append(presentOrgs, org.Login)
} }
log.Printf("Missing Organization:%q in %v", p.Org, presentOrgs)
return false, nil return false, nil
} }
@ -111,7 +115,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
endpoint := "https://api.github.com/user/teams?" + params.Encode() endpoint := "https://api.github.com/user/teams?" + params.Encode()
req, _ := http.NewRequest("GET", endpoint, nil) req, _ := http.NewRequest("GET", endpoint, nil)
req.Header.Set("Accept", "application/vnd.github.moondragon+json") req.Header.Set("Accept", "application/vnd.github.v3+json")
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
return false, err return false, err
@ -130,13 +134,29 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
return false, fmt.Errorf("%s unmarshaling %s", err, body) return false, fmt.Errorf("%s unmarshaling %s", err, body)
} }
var hasOrg bool
presentOrgs := make(map[string]bool)
var presentTeams []string
for _, team := range teams { for _, team := range teams {
presentOrgs[team.Org.Login] = true
if p.Org == team.Org.Login { if p.Org == team.Org.Login {
if p.Team == "" || p.Team == team.Slug { hasOrg = true
if p.Team == team.Slug {
log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name)
return true, nil return true, nil
} }
presentTeams = append(presentTeams, team.Slug)
} }
} }
if hasOrg {
log.Printf("Missing Team:%q from Org:%q in teams: %v", p.Team, p.Org, presentTeams)
} else {
var allOrgs []string
for org, _ := range presentOrgs {
allOrgs = append(allOrgs, org)
}
log.Printf("Missing Organization:%q in %#v", p.Org, allOrgs)
}
return false, nil return false, nil
} }
@ -190,5 +210,5 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
} }
} }
return "", errors.New("no email address found") return "", nil
} }

3
providers/linkedin.go
View File

@ -3,7 +3,6 @@ package providers
import ( import (
"errors" "errors"
"fmt" "fmt"
"log"
"net/http" "net/http"
"net/url" "net/url"
@ -60,13 +59,11 @@ func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) {
json, err := api.Request(req) json, err := api.Request(req)
if err != nil { if err != nil {
log.Printf("failed making request %s", err)
return "", err return "", err
} }
email, err := json.String() email, err := json.String()
if err != nil { if err != nil {
log.Printf("failed making request %s", err)
return "", err return "", err
} }
return email, nil return email, nil

6
validator.go
View File

@ -71,9 +71,11 @@ func newValidatorImpl(domains []string, usersFile string,
domains[i] = fmt.Sprintf("@%s", strings.ToLower(domain)) domains[i] = fmt.Sprintf("@%s", strings.ToLower(domain))
} }
validator := func(email string) bool { validator := func(email string) (valid bool) {
if email == "" {
return
}
email = strings.ToLower(email) email = strings.ToLower(email)
valid := false
for _, domain := range domains { for _, domain := range domains {
valid = valid || strings.HasSuffix(email, domain) valid = valid || strings.HasSuffix(email, domain)
} }