Solves problem with Github authentication restriction by organization membership…

Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate.

How it is solved:
* Take organizations_url field data from user basic data response
* Make another request to get all organization the user is a member of (public membership)
* Authenticate user if appropriate organization found in that list

pkg/social/github_oauth.go

@@ -58,12 +58,12 @@ func (s *SocialGithub) IsTeamMember(client *http.Client) bool {
 	return false
 	return false
 }
 }
 
 
-func (s *SocialGithub) IsOrganizationMember(client *http.Client) bool {
+func (s *SocialGithub) IsOrganizationMember(client *http.Client, organizationsUrl string) bool {
 	if len(s.allowedOrganizations) == 0 {
 	if len(s.allowedOrganizations) == 0 {
 		return true
 		return true
 	}
 	}
 
 
-	organizations, err := s.FetchOrganizations(client)
+	organizations, err := s.FetchOrganizations(client, organizationsUrl)
 	if err != nil {
 	if err != nil {
 		return false
 		return false
 	}
 	}
@@ -167,12 +167,12 @@ func (s *SocialGithub) HasMoreRecords(headers http.Header) (string, bool) {
 
 
 }
 }
 
 
-func (s *SocialGithub) FetchOrganizations(client *http.Client) ([]string, error) {
+func (s *SocialGithub) FetchOrganizations(client *http.Client, organizationsUrl string) ([]string, error) {
 	type Record struct {
 	type Record struct {
 		Login string `json:"login"`
 		Login string `json:"login"`
 	}
 	}
 
 
-	response, err := HttpGet(client, fmt.Sprintf(s.apiUrl+"/orgs"))
+	response, err := HttpGet(client, organizationsUrl)
 	if err != nil {
 	if err != nil {
 		return nil, fmt.Errorf("Error getting organizations: %s", err)
 		return nil, fmt.Errorf("Error getting organizations: %s", err)
 	}
 	}
@@ -193,10 +193,12 @@ func (s *SocialGithub) FetchOrganizations(client *http.Client) ([]string, error)
 }
 }
 
 
 func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
 func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
+
 	var data struct {
 	var data struct {
 		Id               int    `json:"id"`
 		Id               int    `json:"id"`
 		Login            string `json:"login"`
 		Login            string `json:"login"`
 		Email            string `json:"email"`
 		Email            string `json:"email"`
+		OrganizationsUrl string `json:"organizations_url"`
 	}
 	}
 
 
 	response, err := HttpGet(client, s.apiUrl)
 	response, err := HttpGet(client, s.apiUrl)
@@ -219,7 +221,7 @@ func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
 		return nil, ErrMissingTeamMembership
 		return nil, ErrMissingTeamMembership
 	}
 	}
 
 
-	if !s.IsOrganizationMember(client) {
+	if !s.IsOrganizationMember(client, data.OrganizationsUrl) {
 		return nil, ErrMissingOrganizationMembership
 		return nil, ErrMissingOrganizationMembership
 	}
 	}