Parameterize GitHub OAuth2 scopes.
If no scope provided, default will be used: scope=repo,repo:status,user:email.
This commit is contained in:
alex
parent
671461dc00
commit
c2f3cf06ad
3 changed files with 39 additions and 1 deletions
|
|
@ -28,6 +28,7 @@ This section lists all connection options used in the connection string format.
|
|||
|
||||
* `client_id` oauth client id for registered application.
|
||||
* `client_secret` oauth client secret for registered application.
|
||||
* `scope=repo,repo:status,user:email` oauth scopes.
|
||||
* `open=false` allows users to self-register. Defaults to false..
|
||||
* `orgs=drone&orgs=docker` restricts access to these GitHub organizations. **Optional**
|
||||
* `private_mode=false` indicates GitHub Enterprise is running in private mode.
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ type Github struct {
|
|||
API string
|
||||
Client string
|
||||
Secret string
|
||||
Scope string
|
||||
MergeRef string
|
||||
Orgs []string
|
||||
Open bool
|
||||
|
|
@ -56,6 +57,7 @@ func Load(env envconfig.Env) *Github {
|
|||
github.URL = url_.String()
|
||||
github.Client = params.Get("client_id")
|
||||
github.Secret = params.Get("client_secret")
|
||||
github.Scope = params.Get("scope")
|
||||
github.Orgs = params["orgs"]
|
||||
github.PrivateMode, _ = strconv.ParseBool(params.Get("private_mode"))
|
||||
github.SkipVerify, _ = strconv.ParseBool(params.Get("skip_verify"))
|
||||
|
|
@ -69,6 +71,10 @@ func Load(env envconfig.Env) *Github {
|
|||
github.API = github.URL + "/api/v3/"
|
||||
}
|
||||
|
||||
if github.Scope == "" {
|
||||
github.Scope = DefaultScope
|
||||
}
|
||||
|
||||
if github.MergeRef == "" {
|
||||
github.MergeRef = DefaultMergeRef
|
||||
}
|
||||
|
|
@ -83,7 +89,7 @@ func (g *Github) Login(res http.ResponseWriter, req *http.Request) (*model.User,
|
|||
var config = &oauth2.Config{
|
||||
ClientId: g.Client,
|
||||
ClientSecret: g.Secret,
|
||||
Scope: DefaultScope,
|
||||
Scope: g.Scope,
|
||||
AuthURL: fmt.Sprintf("%s/login/oauth/authorize", g.URL),
|
||||
TokenURL: fmt.Sprintf("%s/login/oauth/access_token", g.URL),
|
||||
RedirectURL: fmt.Sprintf("%s/authorize", httputil.GetURL(req)),
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"net/http"
|
||||
"testing"
|
||||
|
||||
"github.com/drone/drone/shared/envconfig"
|
||||
"github.com/franela/goblin"
|
||||
)
|
||||
|
||||
|
|
@ -45,3 +46,33 @@ func TestHook(t *testing.T) {
|
|||
})
|
||||
})
|
||||
}
|
||||
|
||||
func TestLoad(t *testing.T) {
|
||||
env := envconfig.Env{
|
||||
"REMOTE_CONFIG": "https://github.com?client_id=client&client_secret=secret&scope=scope1,scope2",
|
||||
}
|
||||
g := Load(env)
|
||||
if g.URL != "https://github.com" {
|
||||
t.Errorf("g.URL = %q; want https://github.com")
|
||||
}
|
||||
if g.Client != "client" {
|
||||
t.Errorf("g.Client = %q; want client", g.Client)
|
||||
}
|
||||
if g.Secret != "secret" {
|
||||
t.Errorf("g.Secret = %q; want secret", g.Secret)
|
||||
}
|
||||
if g.Scope != "scope1,scope2" {
|
||||
t.Errorf("g.Scope = %q; want scope1,scope2", g.Scope)
|
||||
}
|
||||
if g.API != DefaultAPI {
|
||||
t.Errorf("g.API = %q; want %q", g.API, DefaultAPI)
|
||||
}
|
||||
if g.MergeRef != DefaultMergeRef {
|
||||
t.Errorf("g.MergeRef = %q; want %q", g.MergeRef, DefaultMergeRef)
|
||||
}
|
||||
|
||||
g = Load(envconfig.Env{})
|
||||
if g.Scope != DefaultScope {
|
||||
t.Errorf("g.Scope = %q; want %q", g.Scope, DefaultScope)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue