From 3cd11c8f4509ffbf7e63fc58c1ea929f7aa6a12b Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Thu, 16 Apr 2015 12:17:39 -0400
Subject: [PATCH] GitHub login fixes:   - Allow for case insensitivity in the
 org name list   - Remove the check for verified email addresses when under
 Enterprise; it isn't supported there.

---
 endpoints/callbacks.py |  4 ++--
 util/oauth.py          | 11 +++++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/endpoints/callbacks.py b/endpoints/callbacks.py
index 1984af3a7..77af39572 100644
--- a/endpoints/callbacks.py
+++ b/endpoints/callbacks.py
@@ -181,7 +181,7 @@ def github_oauth_callback():
     get_orgs = client.get(github_login.orgs_endpoint(), params=token_param,
                            headers={'Accept': 'application/vnd.github.moondragon+json'})
 
-    organizations = set([org.get('login') for org in get_orgs.json()])
+    organizations = set([org.get('login').lower() for org in get_orgs.json()])
     if not (organizations & set(github_login.allowed_organizations())):
       err = """You are not a member of an allowed GitHub organization.
                Please contact your system administrator if you believe this is in error."""
@@ -193,7 +193,7 @@ def github_oauth_callback():
 
   found_email = None
   for user_email in get_email.json():
-    if not user_email['verified']:
+    if not github_login.is_enterprise() and not user_email['verified']:
       continue
 
     found_email = user_email['email']
diff --git a/util/oauth.py b/util/oauth.py
index 466db4d98..245766cb6 100644
--- a/util/oauth.py
+++ b/util/oauth.py
@@ -45,7 +45,11 @@ class GithubOAuthConfig(OAuthConfig):
     if not self.config.get('ORG_RESTRICT', False):
       return None
 
-    return self.config.get('ALLOWED_ORGANIZATIONS', None)
+    allowed = self.config.get('ALLOWED_ORGANIZATIONS', None)
+    if allowed is None:
+      return None
+
+    return [org.lower() for org in allowed]
 
   def _endpoint(self):
     endpoint = self.config.get('GITHUB_ENDPOINT', 'https://github.com')
@@ -53,6 +57,9 @@ class GithubOAuthConfig(OAuthConfig):
       endpoint = endpoint + '/'
     return endpoint
 
+  def is_enterprise(self):
+    return self._endpoint().find('.github.com') < 0
+
   def authorize_endpoint(self):
     return self._get_url(self._endpoint(), '/login/oauth/authorize')  + '?'
 
@@ -104,7 +111,7 @@ class GithubOAuthConfig(OAuthConfig):
 
   def validate_organization(self, organization_id, http_client):
     api_endpoint = self._api_endpoint()
-    org_endpoint = self._get_url(api_endpoint, 'orgs/%s' % organization_id)
+    org_endpoint = self._get_url(api_endpoint, 'orgs/%s' % organization_id.lower())
 
     result = http_client.get(org_endpoint,
       headers={'Accept': 'application/vnd.github.moondragon+json'},