aboutsummaryrefslogtreecommitdiff
path: root/server/auth/github
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-04-22 23:01:32 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-04-22 23:16:11 +0100
commitbd1e6a57fe354ccfe51d295fec3c06a1c878c3f7 (patch)
tree8741e4537293221e64d5bf9dc6df3b9fb8816bc6 /server/auth/github
parent5a57870d808f1601d85a35d08429b9ae19dafe93 (diff)
Add github oauth provider.
Diffstat (limited to 'server/auth/github')
-rw-r--r--server/auth/github/github.go95
-rw-r--r--server/auth/github/github_test.go49
2 files changed, 144 insertions, 0 deletions
diff --git a/server/auth/github/github.go b/server/auth/github/github.go
new file mode 100644
index 0000000..da12531
--- /dev/null
+++ b/server/auth/github/github.go
@@ -0,0 +1,95 @@
+package github
+
+import (
+ "net/http"
+
+ "github.com/nsheridan/cashier/server/auth"
+ "github.com/nsheridan/cashier/server/config"
+
+ githubapi "github.com/google/go-github/github"
+ "golang.org/x/oauth2"
+ "golang.org/x/oauth2/github"
+)
+
+const (
+ // revokeURL = "https://accounts.google.com/o/oauth2/revoke?token=%s"
+ name = "github"
+)
+
+// Config is an implementation of `auth.Provider` for authenticating using a
+// Github account.
+type Config struct {
+ config *oauth2.Config
+ organization string
+}
+
+// New creates a new Github provider from a configuration.
+func New(c *config.Auth) auth.Provider {
+ return &Config{
+ config: &oauth2.Config{
+ ClientID: c.OauthClientID,
+ ClientSecret: c.OauthClientSecret,
+ RedirectURL: c.OauthCallbackURL,
+ Endpoint: github.Endpoint,
+ Scopes: []string{
+ string(githubapi.ScopeUser),
+ string(githubapi.ScopeReadOrg),
+ },
+ },
+ organization: c.ProviderOpts["organization"],
+ }
+}
+
+// A new oauth2 http client.
+func (c *Config) newClient(token *oauth2.Token) *http.Client {
+ return c.config.Client(oauth2.NoContext, token)
+}
+
+// Name returns the name of the provider.
+func (c *Config) Name() string {
+ return name
+}
+
+// Valid validates the oauth token.
+func (c *Config) Valid(token *oauth2.Token) bool {
+ if !token.Valid() {
+ return false
+ }
+ if c.organization == "" {
+ return true
+ }
+ client := githubapi.NewClient(c.newClient(token))
+ member, _, err := client.Organizations.IsMember(c.organization, c.Username(token))
+ if err != nil {
+ return false
+ }
+ return member
+}
+
+// Revoke disables the access token.
+func (c *Config) Revoke(token *oauth2.Token) error {
+ return nil
+}
+
+// StartSession retrieves an authentication endpoint from Github.
+func (c *Config) StartSession(state string) *auth.Session {
+ return &auth.Session{
+ AuthURL: c.config.AuthCodeURL(state),
+ State: state,
+ }
+}
+
+// Exchange authorizes the session and returns an access token.
+func (c *Config) Exchange(code string) (*oauth2.Token, error) {
+ return c.config.Exchange(oauth2.NoContext, code)
+}
+
+// Username retrieves the username portion of the user's email address.
+func (c *Config) Username(token *oauth2.Token) string {
+ client := githubapi.NewClient(c.newClient(token))
+ u, _, err := client.Users.Get("")
+ if err != nil {
+ return ""
+ }
+ return *u.Login
+}
diff --git a/server/auth/github/github_test.go b/server/auth/github/github_test.go
new file mode 100644
index 0000000..383642f
--- /dev/null
+++ b/server/auth/github/github_test.go
@@ -0,0 +1,49 @@
+package github
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/nsheridan/cashier/server/auth"
+ "github.com/nsheridan/cashier/server/config"
+ "github.com/stretchr/testify/assert"
+)
+
+var (
+ oauthClientID = "id"
+ oauthClientSecret = "secret"
+ oauthCallbackURL = "url"
+ organization = "exampleorg"
+)
+
+func TestNew(t *testing.T) {
+ a := assert.New(t)
+
+ p := newGithub()
+ g := p.(*Config)
+ a.Equal(g.config.ClientID, oauthClientID)
+ a.Equal(g.config.ClientSecret, oauthClientSecret)
+ a.Equal(g.config.RedirectURL, oauthCallbackURL)
+ a.Equal(g.organization, organization)
+}
+
+func TestStartSession(t *testing.T) {
+ a := assert.New(t)
+
+ p := newGithub()
+ s := p.StartSession("test_state")
+ a.Equal(s.State, "test_state")
+ a.Contains(s.AuthURL, "github.com/login/oauth/authorize")
+ a.Contains(s.AuthURL, "state=test_state")
+ a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID))
+}
+
+func newGithub() auth.Provider {
+ c := &config.Auth{
+ OauthClientID: oauthClientID,
+ OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
+ ProviderOpts: map[string]string{"organization": organization},
+ }
+ return New(c)
+}