Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowing usage of https://github.<company>.com/api/v3 #2

Closed
wants to merge 2 commits into from
Closed

Allowing usage of https://github.<company>.com/api/v3 #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
51f510b
Allowing usage of `https://github.<company>.com/api/v3` in addition t…
BSick7 Feb 2, 2016
396bd82
Renaming github-base-url to github-api-url.
BSick7 Feb 3, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,11 +88,11 @@ The GitHub auth provider supports two additional parameters to restrict authenti

If you are using github enterprise, make sure you set the following to the appropriate url:

-github-api-url="https://<github domain>/api/v3/"
-login-url="<enterprise github url>/login/oauth/authorize"
-redeem-url="<enterprise github url>/login/oauth/access_token"
-validate-url="<enterprise github api url>/user/emails"


### LinkedIn Auth Provider

For LinkedIn, the registration steps are:
Expand Down
1 change: 1 addition & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ func main() {
flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")

flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
flagSet.String("github-api-url", "", "github api url to configure github enterprise endpoint")
flagSet.String("github-org", "", "restrict logins to members of this organisation")
flagSet.String("github-team", "", "restrict logins to members of this team")
flagSet.Var(&googleGroups, "google-group", "restrict logins to members of this google group (may be given multiple times).")
Expand Down
2 changes: 2 additions & 0 deletions options.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ type Options struct {
EmailDomains []string `flag:"email-domain" cfg:"email_domains"`
GitHubOrg string `flag:"github-org" cfg:"github_org"`
GitHubTeam string `flag:"github-team" cfg:"github_team"`
GitHubApiUrl string `flag:"github-api-url" cfg:"github_api_url"`
GoogleGroups []string `flag:"google-group" cfg:"google_group"`
GoogleAdminEmail string `flag:"google-admin-email" cfg:"google_admin_email"`
GoogleServiceAccountJSON string `flag:"google-service-account-json" cfg:"google_service_account_json"`
Expand Down Expand Up @@ -210,6 +211,7 @@ func parseProviderInfo(o *Options, msgs []string) []string {
switch p := o.provider.(type) {
case *providers.GitHubProvider:
p.SetOrgTeam(o.GitHubOrg, o.GitHubTeam)
p.SetApiUrl(o.GitHubApiUrl)
case *providers.GoogleProvider:
if o.GoogleServiceAccountJSON != "" {
file, err := os.Open(o.GoogleServiceAccountJSON)
Expand Down
28 changes: 21 additions & 7 deletions providers/github.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,14 @@ import (
"log"
"net/http"
"net/url"
"strings"
)

type GitHubProvider struct {
*ProviderData
Org string
Team string
Org string
Team string
ApiUrl string
}

func NewGitHubProvider(p *ProviderData) *GitHubProvider {
Expand Down Expand Up @@ -51,6 +53,16 @@ func (p *GitHubProvider) SetOrgTeam(org, team string) {
}
}

func (p *GitHubProvider) SetApiUrl(uri string) {
// Expecting BaseUrl to be https://github.<domain>/api/v3/
p.ApiUrl = uri
if len(p.ApiUrl) <= 0 {
p.ApiUrl = fmt.Sprintf("%s://%s/", p.ValidateURL.Scheme, p.ValidateURL.Host)
} else if !strings.HasSuffix(p.ApiUrl, "/") {
p.ApiUrl = fmt.Sprintf("%s/", p.ApiUrl)
}
}

func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
// https://developer.github.com/v3/orgs/#list-your-organizations

Expand All @@ -62,8 +74,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
"access_token": {accessToken},
"limit": {"100"},
}

endpoint := p.ValidateURL.Scheme + "://" + p.ValidateURL.Host + "/user/orgs?" + params.Encode()
endpoint := p.getEndpoint("user/orgs", params)
req, _ := http.NewRequest("GET", endpoint, nil)
req.Header.Set("Accept", "application/vnd.github.v3+json")
resp, err := http.DefaultClient.Do(req)
Expand Down Expand Up @@ -112,8 +123,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
"access_token": {accessToken},
"limit": {"100"},
}

endpoint := p.ValidateURL.Scheme + "://" + p.ValidateURL.Host + "/user/teams?" + params.Encode()
endpoint := p.getEndpoint("user/teams", params)
req, _ := http.NewRequest("GET", endpoint, nil)
req.Header.Set("Accept", "application/vnd.github.v3+json")
resp, err := http.DefaultClient.Do(req)
Expand Down Expand Up @@ -183,7 +193,7 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
params := url.Values{
"access_token": {s.AccessToken},
}
endpoint := p.ValidateURL.Scheme + "://" + p.ValidateURL.Host + p.ValidateURL.Path + "?" + params.Encode()
endpoint := fmt.Sprintf("%s?%s", p.ValidateURL.String(), params.Encode())
resp, err := http.DefaultClient.Get(endpoint)
if err != nil {
return "", err
Expand Down Expand Up @@ -212,3 +222,7 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {

return "", nil
}

func (p *GitHubProvider) getEndpoint(path string, params url.Values) string {
return fmt.Sprintf("%s%s?%s", p.ApiUrl, path, params.Encode())
}