diff options
author | Patrick O'Doherty <p@trickod.com> | 2016-05-24 19:48:48 +0200 |
---|---|---|
committer | Patrick O'Doherty <p@trickod.com> | 2016-05-24 19:48:48 +0200 |
commit | 0bedc0266b16e26c6f3346f2db65d14700b76b91 (patch) | |
tree | d5e98834090b6f800893b7ff3708f0ff419f106c /server/auth/github/github.go | |
parent | 7f6b342de26e16e197f69c7576bb687aac03e527 (diff) | |
parent | 6f86efb594721bc577c56b284f5f2499e563c45c (diff) |
Merge pull request #4 from patrickod/patrickod/fail-open-open-config
Don't allow wide-open Google or Github configs
Diffstat (limited to 'server/auth/github/github.go')
-rw-r--r-- | server/auth/github/github.go | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/server/auth/github/github.go b/server/auth/github/github.go index 1c62d9b..192cd9d 100644 --- a/server/auth/github/github.go +++ b/server/auth/github/github.go @@ -1,6 +1,7 @@ package github import ( + "errors" "net/http" "github.com/nsheridan/cashier/server/auth" @@ -23,7 +24,10 @@ type Config struct { } // New creates a new Github provider from a configuration. -func New(c *config.Auth) auth.Provider { +func New(c *config.Auth) (auth.Provider, error) { + if c.ProviderOpts["organization"] == "" { + return nil, errors.New("github_opts organization must not be empty") + } return &Config{ config: &oauth2.Config{ ClientID: c.OauthClientID, @@ -36,7 +40,7 @@ func New(c *config.Auth) auth.Provider { }, }, organization: c.ProviderOpts["organization"], - } + }, nil } // A new oauth2 http client. @@ -54,9 +58,6 @@ func (c *Config) Valid(token *oauth2.Token) bool { if !token.Valid() { return false } - if c.organization == "" { - return true - } client := githubapi.NewClient(c.newClient(token)) member, _, err := client.Organizations.IsMember(c.organization, c.Username(token)) if err != nil { |