trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

website/integrations: add github org checking policy example

Browse source 
closes #2047

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-03 22:00:00 +01:00
parent 7d3d17acb9
commit 01fcbb325b
3 changed files with 49 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
web/src/pages/sources/oauth/OAuthSourceForm.ts
View file

@ -254,7 +254,10 @@ export class OAuthSourceForm extends ModelForm<OAuthSource, string> {
> >
<textarea class="pf-c-form-control"></textarea> <textarea class="pf-c-form-control"></textarea>
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal label=${t`Additional Scope`} name="additionalScopes"> <ak-form-element-horizontal
label=${t`Additional Scope`}
name="additionalScopes"
>
<input <input
type="text" type="text"
value="${first(this.instance?.additionalScopes, "")}" value="${first(this.instance?.additionalScopes, "")}"

BIN
website/integrations/sources/github/github_org_membership.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 138 KiB

45
website/integrations/sources/github/index.md
View file

@ -48,3 +48,48 @@ Save, and you now have Github as a source.
:::note :::note
For more details on how-to have the new source display on the Login Page see [here](../). For more details on how-to have the new source display on the Login Page see [here](../).
::: :::
### Checking for membership of a GitHub Organisation
:::info
Requires authentik 2021.12.5.
:::
To check if the user is member of an organisation, you can use the following policy on your flows:
```python
accepted_org = "foo"
# Get the user-source connection object from the context, and get the access token
connection = context['goauthentik.io/sources/connection']
access_token = connection.access_token
# We also access the user info authentik already retrieved, to get the correct username
github_username = context["oauth_userinfo"]
# Github does not include Organisations in the userinfo endpoint, so we have to call another URL
orgs = requests.get(
"https://api.github.com/user/orgs",
auth=(github_username["login"], access_token),
headers={
"accept": "application/vnd.github.v3+json"
}
).json()
# `orgs` will be formatted like this
# [
# {
# "login": "beryjuorg",
# [...]
# }
# ]
user_matched = any(org['login'] == accepted_org for org in orgs)
if not user_matched:
ak_message(f"User is not member of {accepted_org}.")
return user_matched
```
If a user is not member of the chosen organisation, they will see this message
![](./github_org_membership.png)