Solves problem with Github authentication restriction by organization membership…

Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate. How it is solved: * Take organizations_url field data from user basic data response * Make another request to get all organization the user is a member of (public membership) * Authenticate user if appropriate organization found in that list

Solves problem with Github authentication restriction by organization membership…
Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate. How it is solved: * Take organizations_url field data from user basic data response * Make another request to get all organization the user is a member of (public membership) * Authenticate user if appropriate organization found in that list
50daf746 · Adilet Maratov · 3aa1cb01 · 50daf746
Commit 50daf746 authored Dec 07, 2017 by Adilet Maratov
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 8 deletions

pkg/social/github_oauth.go
+10 -8

No files found.
--- a/pkg/social/github_oauth.go
+++ b/pkg/social/github_oauth.go
@@ -58,12 +58,12 @@ func (s *SocialGithub) IsTeamMember(client *http.Client) bool {
 	return false
 }

-func (s *SocialGithub) IsOrganizationMember(client *http.Client) bool {
+func (s *SocialGithub) IsOrganizationMember(client *http.Client, organizationsUrl string) bool {
 	if len(s.allowedOrganizations) == 0 {
 		return true
 	}

-	organizations, err := s.FetchOrganizations(client)
+	organizations, err := s.FetchOrganizations(client, organizationsUrl)
 	if err != nil {
 		return false
 	}
@@ -167,12 +167,12 @@ func (s *SocialGithub) HasMoreRecords(headers http.Header) (string, bool) {

 }

-func (s *SocialGithub) FetchOrganizations(client *http.Client) ([]string, error) {
+func (s *SocialGithub) FetchOrganizations(client *http.Client, organizationsUrl string) ([]string, error) {
 	type Record struct {
 		Login string `json:"login"`
 	}

-	response, err := HttpGet(client, fmt.Sprintf(s.apiUrl+"/orgs"))
+	response, err := HttpGet(client, organizationsUrl)
 	if err != nil {
 		return nil, fmt.Errorf("Error getting organizations: %s", err)
 	}
@@ -193,10 +193,12 @@ func (s *SocialGithub) FetchOrganizations(client *http.Client) ([]string, error)
 }

 func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
+
 	var data struct {
-		Id    int    `json:"id"`
-		Login string `json:"login"`
-		Email string `json:"email"`
+		Id               int    `json:"id"`
+		Login            string `json:"login"`
+		Email            string `json:"email"`
+		OrganizationsUrl string `json:"organizations_url"`
 	}

 	response, err := HttpGet(client, s.apiUrl)
@@ -219,7 +221,7 @@ func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
 		return nil, ErrMissingTeamMembership
 	}

-	if !s.IsOrganizationMember(client) {
+	if !s.IsOrganizationMember(client, data.OrganizationsUrl) {
 		return nil, ErrMissingOrganizationMembership
 	}