(instrument *promoauth.Factory, params *githubOAuth2ConfigParams)
| 2179 | } |
| 2180 | |
| 2181 | func configureGithubOAuth2(instrument *promoauth.Factory, params *githubOAuth2ConfigParams) (*coderd.GithubOAuth2Config, error) { |
| 2182 | redirectURL, err := params.accessURL.Parse("/api/v2/users/oauth2/github/callback") |
| 2183 | if err != nil { |
| 2184 | return nil, xerrors.Errorf("parse github oauth callback url: %w", err) |
| 2185 | } |
| 2186 | if params.allowEveryone && len(params.allowOrgs) > 0 { |
| 2187 | return nil, xerrors.New("allow everyone and allowed orgs cannot be used together") |
| 2188 | } |
| 2189 | if params.allowEveryone && len(params.rawTeams) > 0 { |
| 2190 | return nil, xerrors.New("allow everyone and allowed teams cannot be used together") |
| 2191 | } |
| 2192 | if !params.allowEveryone && len(params.allowOrgs) == 0 { |
| 2193 | return nil, xerrors.New("allowed orgs is empty: must specify at least one org or allow everyone") |
| 2194 | } |
| 2195 | allowTeams := make([]coderd.GithubOAuth2Team, 0, len(params.rawTeams)) |
| 2196 | for _, rawTeam := range params.rawTeams { |
| 2197 | parts := strings.SplitN(rawTeam, "/", 2) |
| 2198 | if len(parts) != 2 { |
| 2199 | return nil, xerrors.Errorf("github team allowlist is formatted incorrectly. got %s; wanted <organization>/<team>", rawTeam) |
| 2200 | } |
| 2201 | allowTeams = append(allowTeams, coderd.GithubOAuth2Team{ |
| 2202 | Organization: parts[0], |
| 2203 | Slug: parts[1], |
| 2204 | }) |
| 2205 | } |
| 2206 | |
| 2207 | endpoint := xgithub.Endpoint |
| 2208 | if params.enterpriseBaseURL != "" { |
| 2209 | enterpriseURL, err := url.Parse(params.enterpriseBaseURL) |
| 2210 | if err != nil { |
| 2211 | return nil, xerrors.Errorf("parse enterprise base url: %w", err) |
| 2212 | } |
| 2213 | authURL, err := enterpriseURL.Parse("/login/oauth/authorize") |
| 2214 | if err != nil { |
| 2215 | return nil, xerrors.Errorf("parse enterprise auth url: %w", err) |
| 2216 | } |
| 2217 | tokenURL, err := enterpriseURL.Parse("/login/oauth/access_token") |
| 2218 | if err != nil { |
| 2219 | return nil, xerrors.Errorf("parse enterprise token url: %w", err) |
| 2220 | } |
| 2221 | endpoint = oauth2.Endpoint{ |
| 2222 | AuthURL: authURL.String(), |
| 2223 | TokenURL: tokenURL.String(), |
| 2224 | } |
| 2225 | } |
| 2226 | |
| 2227 | instrumentedOauth := instrument.NewGithub("github-login", &oauth2.Config{ |
| 2228 | ClientID: params.clientID, |
| 2229 | ClientSecret: params.clientSecret, |
| 2230 | Endpoint: endpoint, |
| 2231 | RedirectURL: redirectURL.String(), |
| 2232 | Scopes: []string{ |
| 2233 | "read:user", |
| 2234 | "read:org", |
| 2235 | "user:email", |
| 2236 | }, |
| 2237 | }) |
| 2238 |
no test coverage detected