Merge pull request #1486 from Bugagazavr/gitlab-group-verify

GitLab allowed groups for login
This commit is contained in:
Brad Rydzewski 2016-02-16 09:48:51 -08:00
commit 35b9c0ff9a
3 changed files with 77 additions and 20 deletions

View file

@ -0,0 +1,53 @@
package client
import (
"encoding/json"
"strconv"
)
const (
groupsUrl = "/groups"
)
// Get a list of all projects owned by the authenticated user.
func (g *Client) AllGroups() ([]*Namespace, error) {
var perPage = 100
var groups []*Namespace
for i := 1; true; i++ {
contents, err := g.Groups(i, perPage)
if err != nil {
return groups, err
}
for _, value := range contents {
groups = append(groups, value)
}
if len(groups) == 0 {
break
}
if len(groups)/i < perPage {
break
}
}
return groups, nil
}
func (g *Client) Groups(page, perPage int) ([]*Namespace, error) {
url, opaque := g.ResourceUrl(groupsUrl, nil, QMap{
"page": strconv.Itoa(page),
"per_page": strconv.Itoa(perPage),
})
var groups []*Namespace
contents, err := g.Do("GET", url, opaque, nil)
if err == nil {
err = json.Unmarshal(contents, &groups)
}
return groups, err
}

View file

@ -55,6 +55,7 @@ type Project struct {
type Namespace struct {
Id int `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Path string `json:"path,omitempty"`
}
type Person struct {

View file

@ -103,6 +103,28 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
if err != nil {
return nil, false, err
}
if len(g.AllowedOrgs) != 0 {
groups, err := client.AllGroups()
if err != nil {
return nil, false, fmt.Errorf("Could not check org membership. %s", err)
}
var member bool
for _, group := range groups {
for _, allowedOrg := range g.AllowedOrgs {
if group.Path == allowedOrg {
member = true
break
}
}
}
if !member {
return nil, false, fmt.Errorf("User does not belong to correct group. Must belong to %v", g.AllowedOrgs)
}
}
user := &model.User{}
user.Login = login.Username
user.Email = login.Email
@ -115,7 +137,7 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
user.Avatar = g.URL + "/" + login.AvatarUrl
}
return user, true, nil
return user, g.Open, nil
}
func (g *Gitlab) Auth(token, secret string) (string, error) {
@ -456,25 +478,6 @@ func (g *Gitlab) Oauth2Transport(r *http.Request) *oauth2.Transport {
}
}
// Accessor method, to allowed remote organizations field.
func (g *Gitlab) GetOrgs() []string {
return g.AllowedOrgs
}
// Accessor method, to open field.
func (g *Gitlab) GetOpen() bool {
return g.Open
}
// return default scope for GitHub
func (g *Gitlab) Scope() string {
return DefaultScope
}
func (g *Gitlab) String() string {
return "gitlab"
}
const (
StatusPending = "pending"
StatusRunning = "running"