IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 01:23:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate.

Browse Source 
How it is solved:
* Take organizations_url field data from user basic data response
* Make another request to get all organization the user is a member of (public membership)
* Authenticate user if appropriate organization found in that list
This commit is contained in:
Adilet Maratov 2017-12-07 16:13:49 +06:00
parent 3aa1cb012a
commit 50daf7463d
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/social/github_oauth.go
View File

@ -58,12 +58,12 @@ func (s *SocialGithub) IsTeamMember(client *http.Client) bool {
return false
}
func (s *SocialGithub) IsOrganizationMember(client *http.Client) bool {
func (s *SocialGithub) IsOrganizationMember(client *http.Client, organizationsUrl string) bool {
if len(s.allowedOrganizations) == 0 {
return true
}
organizations, err := s.FetchOrganizations(client)
organizations, err := s.FetchOrganizations(client, organizationsUrl)
if err != nil {
return false
}
@ -167,12 +167,12 @@ func (s *SocialGithub) HasMoreRecords(headers http.Header) (string, bool) {
}
func (s *SocialGithub) FetchOrganizations(client *http.Client) ([]string, error) {
func (s *SocialGithub) FetchOrganizations(client *http.Client, organizationsUrl string) ([]string, error) {
type Record struct {
Login string `json:"login"`
}
response, err := HttpGet(client, fmt.Sprintf(s.apiUrl+"/orgs"))
response, err := HttpGet(client, organizationsUrl)
if err != nil {
return nil, fmt.Errorf("Error getting organizations: %s", err)
}
@ -193,10 +193,12 @@ func (s *SocialGithub) FetchOrganizations(client *http.Client) ([]string, error)
}
func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
var data struct {
Id int `json:"id"`
Login string `json:"login"`
Email string `json:"email"`
Id int `json:"id"`
Login string `json:"login"`
Email string `json:"email"`
OrganizationsUrl string `json:"organizations_url"`
}
response, err := HttpGet(client, s.apiUrl)
@ -219,7 +221,7 @@ func (s *SocialGithub) UserInfo(client *http.Client) (*BasicUserInfo, error) {
return nil, ErrMissingTeamMembership
}
if !s.IsOrganizationMember(client) {
if !s.IsOrganizationMember(client, data.OrganizationsUrl) {
return nil, ErrMissingOrganizationMembership
}