From 6f86efb594721bc577c56b284f5f2499e563c45c Mon Sep 17 00:00:00 2001
From: Patrick O'Doherty <p@trickod.com>
Date: Mon, 23 May 2016 17:56:15 +0100
Subject: Don't allow wide-open Google or Github configs

Fail loudly if either the google_opts domain value or github_opts organization
values are not set in the configuration. The lack of these values means that
 a) in the Google case any @gmail.com address will be allowed
 b) the Github case any Github user will be allowed.

This was previously documented but left as a foot-gun in the code.

Future commits will allow for explicit wildcards to be set.
---
 cmd/cashierd/main.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'cmd/cashierd')

diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index e482dde..61461a7 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -212,13 +212,17 @@ func main() {
 	var authprovider auth.Provider
 	switch config.Auth.Provider {
 	case "google":
-		authprovider = google.New(&config.Auth)
+		authprovider, err = google.New(&config.Auth)
 	case "github":
-		authprovider = github.New(&config.Auth)
+		authprovider, err = github.New(&config.Auth)
 	default:
 		log.Fatalln("Unknown provider %s", config.Auth.Provider)
 	}
 
+	if err != nil {
+		log.Fatal(err)
+	}
+
 	ctx := &appContext{
 		cookiestore:  sessions.NewCookieStore([]byte(config.Server.CookieSecret)),
 		authprovider: authprovider,
-- 
cgit v1.2.3