Feature: GHE Support (#151)

* Parametrize GitHub host, for use with GHE

Author: schmitzhermes

auth_server/authn/data/github_auth.tmpl

@@ -1,6 +1,6 @@
 <html itemscope itemtype="http://schema.org/Article">
 <body>
-  <button type="button" onclick="location.href='https://github.com/login/oauth/authorize?scope=user:email&client_id={{.ClientId}}'">Login with GitHub</button>
-  <button type="button" onclick="location.href='https://github.com/settings/applications'">Revoke access</button>
+  <button type="button" onclick="location.href='{{.GithubWebUri}}/login/oauth/authorize?scope=user:email&client_id={{.ClientId}}'">Login with GitHub</button>
+  <button type="button" onclick="location.href='{{.GithubWebUri}}/settings/applications'">Revoke access</button>
 </body>
 </html>

auth_server/authn/github_auth.go

@@ -39,6 +39,8 @@ type GitHubAuthConfig struct {
 	TokenDB          string        `yaml:"token_db,omitempty"`
 	HTTPTimeout      time.Duration `yaml:"http_timeout,omitempty"`
 	RevalidateAfter  time.Duration `yaml:"revalidate_after,omitempty"`
+	GithubWebUri     string        `yaml:"github_web_uri,omitempty"`
+	GithubApiUri     string        `yaml:"github_api_uri,omitempty"`
 }
 
 type GitHubAuthRequest struct {
@@ -90,13 +92,30 @@ func (gha *GitHubAuth) DoGitHubAuth(rw http.ResponseWriter, req *http.Request) {
 	}
 }
 
+func (gha *GitHubAuth) getGithubApiUri() string {
+	if gha.config.GithubApiUri != "" {
+		return gha.config.GithubApiUri
+	} else {
+		return "https://api.github.com"
+	}
+}
+
+func (gha *GitHubAuth) getGithubWebUri() string {
+	if gha.config.GithubWebUri != "" {
+		return gha.config.GithubWebUri
+	} else {
+		return "https://github.com"
+	}
+}
+
 func (gha *GitHubAuth) doGitHubAuthCreateToken(rw http.ResponseWriter, code string) {
 	data := url.Values{
 		"code":          []string{string(code)},
 		"client_id":     []string{gha.config.ClientId},
 		"client_secret": []string{gha.config.ClientSecret},
 	}
-	req, err := http.NewRequest("POST", "https://github.com/login/oauth/access_token", bytes.NewBufferString(data.Encode()))
+	
+	req, err := http.NewRequest("POST", fmt.Sprintf("%s/login/oauth/access_token", gha.getGithubWebUri()), bytes.NewBufferString(data.Encode()))
 	if err != nil {
 		http.Error(rw, fmt.Sprintf("Error creating request to GitHub auth backend: %s", err), http.StatusServiceUnavailable)
 		return
@@ -150,7 +169,7 @@ func (gha *GitHubAuth) doGitHubAuthCreateToken(rw http.ResponseWriter, code stri
 }
 
 func (gha *GitHubAuth) validateAccessToken(token string) (user string, err error) {
-	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
+	req, err := http.NewRequest("GET", fmt.Sprintf("%s/user", gha.getGithubApiUri()), nil)
 	if err != nil {
 		err = fmt.Errorf("could not create request to get information for token %s: %s", token, err)
 		return
@@ -187,7 +206,7 @@ func (gha *GitHubAuth) checkOrganization(token, user string) (err error) {
 	if gha.config.Organization == "" {
 		return nil
 	}
-	url := fmt.Sprintf("https://api.github.com/orgs/%s/members/%s", gha.config.Organization, user)
+	url := fmt.Sprintf("%s/orgs/%s/members/%s", gha.getGithubApiUri(), gha.config.Organization, user)
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		err = fmt.Errorf("could not create request to get organization membership: %s", err)

examples/reference.yml

@@ -87,6 +87,12 @@ github_auth:
   http_timeout: "10s"
   # How long to wait before revalidating the GitHub token. Optional.
   revalidate_after: "1h"
+  # The Github Web URI in case you are using Github Enterprise.
+  # Includes the protocol, without trailing slash. Optional - defaults to: https://github.com
+  github_web_uri: "https://github.acme.com"
+  # The Github API URI in case you are using Github Enterprise.
+  # Includes the protocol, without trailing slash. - defaults to: https://api.github.com
+  github_api_uri: "https://github.acme.com/api/v3" 
 
 # LDAP authentication.
 # Authentication is performed by first binding to the server, looking up the user entry