Fix Github OAuth not working with private Organizations (#11028)

* Fix Github OAuth not working with private organizations * Update documentation

Fix Github OAuth not working with private Organizations (#11028)
* Fix Github OAuth not working with private organizations * Update documentation
59704ee9 · Laurent Godet · Torkel Ödegaard · e67b1ebf · 59704ee9 · 59704ee9
Commit 59704ee9 authored Feb 28, 2018 by Laurent Godet Committed by Torkel Ödegaard Feb 28, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 8 deletions

conf/defaults.ini
+1 -1

docs/sources/http_api/admin.md
+1 -1

docs/sources/installation/configuration.md
+3 -1

pkg/social/github_oauth.go
+6 -5

No files found.
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -248,7 +248,7 @@ enabled = false
 allow_sign_up = true
 client_id = some_id
 client_secret = some_secret
-scopes = user:email
+scopes = user:email,read:org
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 api_url = https://api.github.com/user

--- a/docs/sources/http_api/admin.md
+++ b/docs/sources/http_api/admin.md
@@ -61,7 +61,7 @@ Content-Type: application/json
    "client_id":"some_id",
    "client_secret":"************",
    "enabled":"false",
-    "scopes":"user:email",
+    "scopes":"user:email,read:org",
    "team_ids":"",
    "token_url":"https://github.com/login/oauth/access_token"
  },

--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@@ -354,7 +354,7 @@ enabled = true
 allow_sign_up = true
 client_id = YOUR_GITHUB_APP_CLIENT_ID
 client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
-scopes = user:email
+scopes = user:email,read:org
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 api_url = https://api.github.com/user
@@ -387,6 +387,7 @@ scopes = user:email,read:org
 team_ids = 150,300
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
+api_url = https://api.github.com/user
 allow_sign_up = true
 ```

@@ -405,6 +406,7 @@ client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
 scopes = user:email,read:org
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
+api_url = https://api.github.com/user
 allow_sign_up = true
 # space-delimited organization names
 allowed_organizations = github google

--- a/pkg/social/github_oauth.go
+++ b/pkg/social/github_oauth.go
@@ -195,10 +195,9 @@ func (s *SocialGithub) FetchOrganizations(client *http.Client, organizationsUrl 
 func (s *SocialGithub) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) {

 	var data struct {
-		Id               int    `json:"id"`
-		Login            string `json:"login"`
-		Email            string `json:"email"`
-		OrganizationsUrl string `json:"organizations_url"`
+		Id    int    `json:"id"`
+		Login string `json:"login"`
+		Email string `json:"email"`
 	}

 	response, err := HttpGet(client, s.apiUrl)
@@ -217,11 +216,13 @@ func (s *SocialGithub) UserInfo(client *http.Client, token *oauth2.Token) (*Basi
 		Email: data.Email,
 	}

+	organizationsUrl := fmt.Sprintf(s.apiUrl + "/orgs")
+
 	if !s.IsTeamMember(client) {
 		return nil, ErrMissingTeamMembership
 	}

-	if !s.IsOrganizationMember(client, data.OrganizationsUrl) {
+	if !s.IsOrganizationMember(client, organizationsUrl) {
 		return nil, ErrMissingOrganizationMembership
 	}