Add support for filtering github login by org

2015-03-03 19:58:42 -05:00 · 2015-03-03 19:58:42 -05:00 · 4ca5d9b04b
commit 4ca5d9b04b
parent 9e61668c34
7 changed files with 86 additions and 5 deletions
--- a/util/oauth.py
+++ b/util/oauth.py
@ -1,4 +1,5 @@
 import urlparse
+import github

 class OAuthConfig(object):
  def __init__(self, config, key_name):
@ -40,6 +41,12 @@ class GithubOAuthConfig(OAuthConfig):
  def service_name(self):
    return 'GitHub'

+  def allowed_organizations(self):
+    if not self.config.get('ORG_RESTRICT', False):
+      return None
+
+    return self.config.get('ALLOWED_ORGANIZATIONS', None)
+
  def _endpoint(self):
    endpoint = self.config.get('GITHUB_ENDPOINT', 'https://github.com')
    if not endpoint.endswith('/'):
@ -66,6 +73,10 @@ class GithubOAuthConfig(OAuthConfig):
    api_endpoint = self._api_endpoint()
    return self._get_url(api_endpoint, 'user/emails')

+  def orgs_endpoint(self):
+    api_endpoint = self._api_endpoint()
+    return self._get_url(api_endpoint, 'user/orgs')
+
  def validate_client_id_and_secret(self, http_client):
    # First: Verify that the github endpoint is actually Github by checking for the
    # X-GitHub-Request-Id here.
@ -91,6 +102,17 @@ class GithubOAuthConfig(OAuthConfig):
                                                timeout=5)
    return result.status_code == 404

+  def validate_organization(self, organization_id, http_client):
+    api_endpoint = self._api_endpoint()
+    org_endpoint = self._get_url(api_endpoint, 'orgs/%s' % organization_id)
+
+    result = http_client.get(org_endpoint,
+      headers={'Accept': 'application/vnd.github.moondragon+json'},
+      timeout=5)
+
+    return result.status_code == 200
+
+
  def get_public_config(self):
    return  {
      'CLIENT_ID': self.client_id(),