Merge resistanceisfutile into master
This commit is contained in:
Joseph Schorr
commit
85d6500daa
7 changed files with 91 additions and 3 deletions
|
|
@ -122,12 +122,20 @@ def _validate_github_with_key(config_key, config):
|
|||
if not github_config.get('CLIENT_SECRET'):
|
||||
raise Exception('Missing Client Secret')
|
||||
|
||||
if github_config.get('ORG_RESTRICT') and not github_config.get('ALLOWED_ORGANIZATIONS'):
|
||||
raise Exception('Organization restriction must have at least one allowed organization')
|
||||
|
||||
client = app.config['HTTPCLIENT']
|
||||
oauth = GithubOAuthConfig(config, config_key)
|
||||
result = oauth.validate_client_id_and_secret(client)
|
||||
if not result:
|
||||
raise Exception('Invalid client id or client secret')
|
||||
|
||||
if github_config.get('ALLOWED_ORGANIZATIONS'):
|
||||
for org_id in github_config.get('ALLOWED_ORGANIZATIONS'):
|
||||
if not oauth.validate_organization(org_id, client):
|
||||
raise Exception('Invalid organization: %s' % org_id)
|
||||
|
||||
|
||||
def _validate_google_login(config):
|
||||
""" Validates the Google Login client ID and secret. """
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
import urlparse
|
||||
import github
|
||||
|
||||
class OAuthConfig(object):
|
||||
def __init__(self, config, key_name):
|
||||
|
|
@ -40,6 +41,12 @@ class GithubOAuthConfig(OAuthConfig):
|
|||
def service_name(self):
|
||||
return 'GitHub'
|
||||
|
||||
def allowed_organizations(self):
|
||||
if not self.config.get('ORG_RESTRICT', False):
|
||||
return None
|
||||
|
||||
return self.config.get('ALLOWED_ORGANIZATIONS', None)
|
||||
|
||||
def _endpoint(self):
|
||||
endpoint = self.config.get('GITHUB_ENDPOINT', 'https://github.com')
|
||||
if not endpoint.endswith('/'):
|
||||
|
|
@ -66,6 +73,10 @@ class GithubOAuthConfig(OAuthConfig):
|
|||
api_endpoint = self._api_endpoint()
|
||||
return self._get_url(api_endpoint, 'user/emails')
|
||||
|
||||
def orgs_endpoint(self):
|
||||
api_endpoint = self._api_endpoint()
|
||||
return self._get_url(api_endpoint, 'user/orgs')
|
||||
|
||||
def validate_client_id_and_secret(self, http_client):
|
||||
# First: Verify that the github endpoint is actually Github by checking for the
|
||||
# X-GitHub-Request-Id here.
|
||||
|
|
@ -91,11 +102,23 @@ class GithubOAuthConfig(OAuthConfig):
|
|||
timeout=5)
|
||||
return result.status_code == 404
|
||||
|
||||
def validate_organization(self, organization_id, http_client):
|
||||
api_endpoint = self._api_endpoint()
|
||||
org_endpoint = self._get_url(api_endpoint, 'orgs/%s' % organization_id)
|
||||
|
||||
result = http_client.get(org_endpoint,
|
||||
headers={'Accept': 'application/vnd.github.moondragon+json'},
|
||||
timeout=5)
|
||||
|
||||
return result.status_code == 200
|
||||
|
||||
|
||||
def get_public_config(self):
|
||||
return {
|
||||
'CLIENT_ID': self.client_id(),
|
||||
'AUTHORIZE_ENDPOINT': self.authorize_endpoint(),
|
||||
'GITHUB_ENDPOINT': self._endpoint()
|
||||
'GITHUB_ENDPOINT': self._endpoint(),
|
||||
'ORG_RESTRICT': self.config.get('ORG_RESTRICT', False)
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue