diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2016-06-15 09:42:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-06-15 09:42:44 +0100 |
| commit | bbbe873ebd93821f0db0a9d88dbbeccf3679f290 (patch) | |
| tree | cc55353786fcbe1424abd18382f32ab63e3473a2 /server/auth | |
| parent | 77c2a94644dd7ec9c3ae8c995c32f2ad8d90a7b1 (diff) | |
| parent | cd138ddf742d124aea3d1e7f155735576459be67 (diff) | |
Merge pull request #22 from nsheridan/whitelist
Update whitelisting
Diffstat (limited to 'server/auth')
| -rw-r--r-- | server/auth/github/github.go | 7 | ||||
| -rw-r--r-- | server/auth/google/google.go | 18 |
2 files changed, 19 insertions, 6 deletions
diff --git a/server/auth/github/github.go b/server/auth/github/github.go index 912caae..24a4bbf 100644 --- a/server/auth/github/github.go +++ b/server/auth/github/github.go @@ -62,12 +62,17 @@ func (c *Config) Name() string { // Valid validates the oauth token. func (c *Config) Valid(token *oauth2.Token) bool { - if len(c.whitelist) == 0 && !c.whitelist[c.Username(token)] { + if len(c.whitelist) > 0 && !c.whitelist[c.Username(token)] { return false } if !token.Valid() { return false } + if c.organization == "" { + // There's no organization and the token is valid. Can only reach here + // if there's a user whitelist set and the user is in the whitelist. + return true + } client := githubapi.NewClient(c.newClient(token)) member, _, err := client.Organizations.IsMember(c.organization, c.Username(token)) if err != nil { diff --git a/server/auth/google/google.go b/server/auth/google/google.go index 3a833ab..08a4083 100644 --- a/server/auth/google/google.go +++ b/server/auth/google/google.go @@ -62,7 +62,7 @@ func (c *Config) Name() string { // Valid validates the oauth token. func (c *Config) Valid(token *oauth2.Token) bool { - if len(c.whitelist) == 0 && !c.whitelist[c.Username(token)] { + if len(c.whitelist) > 0 && !c.whitelist[c.Email(token)] { return false } if !token.Valid() { @@ -78,11 +78,14 @@ func (c *Config) Valid(token *oauth2.Token) bool { if err != nil { return false } + if ti.Audience != c.config.ClientID { + return false + } ui, err := svc.Userinfo.Get().Do() if err != nil { return false } - if ti.Audience != c.config.ClientID || ui.Hd != c.domain { + if c.domain != "" && ui.Hd != c.domain { return false } return true @@ -107,8 +110,8 @@ func (c *Config) Exchange(code string) (*oauth2.Token, error) { return c.config.Exchange(oauth2.NoContext, code) } -// Username retrieves the username portion of the user's email address. -func (c *Config) Username(token *oauth2.Token) string { +// Email retrieves the email address of the user. +func (c *Config) Email(token *oauth2.Token) string { svc, err := googleapi.New(c.newClient(token)) if err != nil { return "" @@ -117,5 +120,10 @@ func (c *Config) Username(token *oauth2.Token) string { if err != nil { return "" } - return strings.Split(ui.Email, "@")[0] + return ui.Email +} + +// Username retrieves the username portion of the user's email address. +func (c *Config) Username(token *oauth2.Token) string { + return strings.Split(c.Email(token), "@")[0] } |