Fix Github OAuth not working with private Organizations (#11028)

* Fix Github OAuth not working with private organizations

* Update documentation

conf/defaults.ini

@@ -248,7 +248,7 @@ enabled = false
 allow_sign_up = true
 allow_sign_up = true
 client_id = some_id
 client_id = some_id
 client_secret = some_secret
 client_secret = some_secret
-scopes = user:email
+scopes = user:email,read:org
 auth_url = https://github.com/login/oauth/authorize
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 token_url = https://github.com/login/oauth/access_token
 api_url = https://api.github.com/user
 api_url = https://api.github.com/user

docs/sources/http_api/admin.md

@@ -61,7 +61,7 @@ Content-Type: application/json
     "client_id":"some_id",
     "client_id":"some_id",
     "client_secret":"************",
     "client_secret":"************",
     "enabled":"false",
     "enabled":"false",
-    "scopes":"user:email",
+    "scopes":"user:email,read:org",
     "team_ids":"",
     "team_ids":"",
     "token_url":"https://github.com/login/oauth/access_token"
     "token_url":"https://github.com/login/oauth/access_token"
   },
   },

docs/sources/installation/configuration.md

@@ -354,7 +354,7 @@ enabled = true
 allow_sign_up = true
 allow_sign_up = true
 client_id = YOUR_GITHUB_APP_CLIENT_ID
 client_id = YOUR_GITHUB_APP_CLIENT_ID
 client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
 client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
-scopes = user:email
+scopes = user:email,read:org
 auth_url = https://github.com/login/oauth/authorize
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 token_url = https://github.com/login/oauth/access_token
 api_url = https://api.github.com/user
 api_url = https://api.github.com/user
@@ -387,6 +387,7 @@ scopes = user:email,read:org
 team_ids = 150,300
 team_ids = 150,300
 auth_url = https://github.com/login/oauth/authorize
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 token_url = https://github.com/login/oauth/access_token
+api_url = https://api.github.com/user
 allow_sign_up = true
 allow_sign_up = true
 ```
 ```
 
 
@@ -405,6 +406,7 @@ client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
 scopes = user:email,read:org
 scopes = user:email,read:org
 auth_url = https://github.com/login/oauth/authorize
 auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 token_url = https://github.com/login/oauth/access_token
+api_url = https://api.github.com/user
 allow_sign_up = true
 allow_sign_up = true
 # space-delimited organization names
 # space-delimited organization names
 allowed_organizations = github google
 allowed_organizations = github google

pkg/social/github_oauth.go

@@ -198,7 +198,6 @@ func (s *SocialGithub) UserInfo(client *http.Client, token *oauth2.Token) (*Basi
 		Id    int    `json:"id"`
 		Id    int    `json:"id"`
 		Login string `json:"login"`
 		Login string `json:"login"`
 		Email string `json:"email"`
 		Email string `json:"email"`
-		OrganizationsUrl string `json:"organizations_url"`
 	}
 	}
 
 
 	response, err := HttpGet(client, s.apiUrl)
 	response, err := HttpGet(client, s.apiUrl)
@@ -217,11 +216,13 @@ func (s *SocialGithub) UserInfo(client *http.Client, token *oauth2.Token) (*Basi
 		Email: data.Email,
 		Email: data.Email,
 	}
 	}
 
 
+	organizationsUrl := fmt.Sprintf(s.apiUrl + "/orgs")
+
 	if !s.IsTeamMember(client) {
 	if !s.IsTeamMember(client) {
 		return nil, ErrMissingTeamMembership
 		return nil, ErrMissingTeamMembership
 	}
 	}
 
 
-	if !s.IsOrganizationMember(client, data.OrganizationsUrl) {
+	if !s.IsOrganizationMember(client, organizationsUrl) {
 		return nil, ErrMissingOrganizationMembership
 		return nil, ErrMissingOrganizationMembership
 	}
 	}