Merge pull request #503 from nickromano/github-enterprise-org-sso

Github and Github enterprise single-sign-on

cabot/settings.py

@@ -26,7 +26,7 @@ TEST_RUNNER = 'django.test.runner.DiscoverRunner'
 
 URL_PREFIX = os.environ.get('URL_PREFIX', '/').rstrip('/')
 
-LOGIN_URL = reverse_lazy('login')
+LOGIN_URL = os.environ.get('LOGIN_URL', reverse_lazy('login'))
 LOGIN_REDIRECT_URL = reverse_lazy('services')
 
 USE_TZ = True
@@ -273,4 +273,29 @@ if AUTH_LDAP:
     from settings_ldap import *
     AUTHENTICATION_BACKENDS += tuple(['django_auth_ldap.backend.LDAPBackend'])
 
+# Github SSO
+AUTH_GITHUB_ENTERPRISE_ORG = force_bool(os.environ.get('AUTH_GITHUB_ENTERPRISE_ORG', False))
+AUTH_GITHUB_ORG = force_bool(os.environ.get('AUTH_GITHUB_ORG', False))
+
+AUTH_SOCIAL = AUTH_GITHUB_ORG or AUTH_GITHUB_ENTERPRISE_ORG
+
+if AUTH_SOCIAL:
+    SOCIAL_AUTH_URL_NAMESPACE = 'social'
+    INSTALLED_APPS += tuple(['social_django'])
+
+if AUTH_GITHUB_ORG:
+    AUTHENTICATION_BACKENDS += tuple(['social_core.backends.github.GithubOrganizationOAuth2'])
+    SOCIAL_AUTH_GITHUB_ORG_KEY = os.environ.get('AUTH_GITHUB_ORG_CLIENT_ID')
+    SOCIAL_AUTH_GITHUB_ORG_SECRET = os.environ.get('AUTH_GITHUB_ORG_CLIENT_SECRET')
+    SOCIAL_AUTH_GITHUB_ORG_NAME = os.environ.get('AUTH_GITHUB_ORG_NAME')
+    SOCIAL_AUTH_GITHUB_ORG_SCOPE = ['read:org']
+
+if AUTH_GITHUB_ENTERPRISE_ORG:
+    AUTHENTICATION_BACKENDS += tuple(['social_core.backends.github_enterprise.GithubEnterpriseOrganizationOAuth2'])
+    SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL = os.environ.get('AUTH_GITHUB_ENTERPRISE_ORG_URL')
+    SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL = os.environ.get('AUTH_GITHUB_ENTERPRISE_ORG_API_URL')
+    SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY = os.environ.get('AUTH_GITHUB_ENTERPRISE_ORG_CLIENT_ID')
+    SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET = os.environ.get('AUTH_GITHUB_ENTERPRISE_ORG_CLIENT_SECRET')
+    SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME = os.environ.get('AUTH_GITHUB_ENTERPRISE_ORG_NAME')
+
 EXPOSE_USER_API = force_bool(os.environ.get('EXPOSE_USER_API', False))

cabot/urls.py

@@ -171,6 +171,11 @@ def append_plugin_urls():
 
 append_plugin_urls()
 
+if settings.AUTH_SOCIAL:
+    urlpatterns += [
+        url('', include('social_django.urls', namespace='social'))
+    ]
+
 if settings.URL_PREFIX.strip('/'):
     urlpatterns = [
         url(r'^%s/' % settings.URL_PREFIX.strip('/'), include(urlpatterns))

conf/development.env.example

@@ -66,3 +66,19 @@ AUTH_LDAP_BIND_DN="cn=Manager,dc=example,dc=com"
 AUTH_LDAP_BIND_PASSWORD=""
 AUTH_LDAP_USER_FILTER="(uid=%(user)s)"
 AUTH_LDAP_USER_SEARCH="ou=People,dc=example,dc=com"
+
+# Use Github Organization for Authentication
+# LOGIN_URL=/login/github-org/
+# AUTH_GITHUB_ORG=True
+# AUTH_GITHUB_ORG_CLIENT_ID=2l34k5j43tb46l2kj234
+# AUTH_GITHUB_ORG_CLIENT_SECRET=23l4k5j43l6k546lk5n4kl64j2j3l5k4jjlkj2345
+# AUTH_GITHUB_ORG_NAME=myorganization
+
+# Use Github Enterprise Organization for Authentication
+# LOGIN_URL=/login/github-enterprise-org/
+# GITHUB_ENTERPRISE_ORG_AUTH=True
+# GITHUB_ENTERPRISE_ORG_URL=https://mygithubenterprise.com/
+# GITHUB_ENTERPRISE_ORG_API_URL=https://mygithubenterprise.com/api/v3/
+# GITHUB_ENTERPRISE_ORG_KEY=alskdjflkj5lk123j345l3
+# GITHUB_ENTERPRISE_ORG_SECRET=alskjdflkasjdflqkj5lkntrk13j45lk3451453245
+# GITHUB_ENTERPRISE_ORG_NAME=myorganization

requirements.txt

@@ -38,6 +38,7 @@ redis==2.10.5
 requests==2.13.0
 rjsmin==1.0.12
 six==1.10.0
+social-auth-app-django==1.1.0
 twilio==5.7.0
 uritemplate==3.0.0
 vine==1.1.3