Parameterize GitHub OAuth2 scopes.

If no scope provided, default will be used: scope=repo,repo:status,user:email.
2024-06-02 13:39:55 +00:00 · 2016-03-10 19:30:14 +00:00 · 2016-03-10 19:30:14 +00:00 · c2f3cf06ad
parent 671461dc00
commit c2f3cf06ad
3 changed files with 39 additions and 1 deletions
--- a/docs/setup/github.md
+++ b/docs/setup/github.md
@ -28,6 +28,7 @@ This section lists all connection options used in the connection string format.

 * `client_id` oauth client id for registered application.
 * `client_secret` oauth client secret for registered application.
+* `scope=repo,repo:status,user:email` oauth scopes.
 * `open=false` allows users to self-register. Defaults to false..
 * `orgs=drone&orgs=docker` restricts access to these GitHub organizations. **Optional**
 * `private_mode=false` indicates GitHub Enterprise is running in private mode.
--- a/remote/github/github.go
+++ b/remote/github/github.go
@ -30,6 +30,7 @@ type Github struct {
 	API         string
 	Client      string
 	Secret      string
+	Scope       string
 	MergeRef    string
 	Orgs        []string
 	Open        bool
@ -56,6 +57,7 @@ func Load(env envconfig.Env) *Github {
 	github.URL = url_.String()
 	github.Client = params.Get("client_id")
 	github.Secret = params.Get("client_secret")
+	github.Scope = params.Get("scope")
 	github.Orgs = params["orgs"]
 	github.PrivateMode, _ = strconv.ParseBool(params.Get("private_mode"))
 	github.SkipVerify, _ = strconv.ParseBool(params.Get("skip_verify"))
@ -69,6 +71,10 @@ func Load(env envconfig.Env) *Github {
 		github.API = github.URL + "/api/v3/"
 	}

+	if github.Scope == "" {
+		github.Scope = DefaultScope
+	}
+
 	if github.MergeRef == "" {
 		github.MergeRef = DefaultMergeRef
 	}
@ -83,7 +89,7 @@ func (g *Github) Login(res http.ResponseWriter, req *http.Request) (*model.User,
 	var config = &oauth2.Config{
 		ClientId:     g.Client,
 		ClientSecret: g.Secret,
-		Scope:        DefaultScope,
+		Scope:        g.Scope,
 		AuthURL:      fmt.Sprintf("%s/login/oauth/authorize", g.URL),
 		TokenURL:     fmt.Sprintf("%s/login/oauth/access_token", g.URL),
 		RedirectURL:  fmt.Sprintf("%s/authorize", httputil.GetURL(req)),
--- a/remote/github/github_test.go
+++ b/remote/github/github_test.go
@ -6,6 +6,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/drone/drone/shared/envconfig"
 	"github.com/franela/goblin"
 )

@ -45,3 +46,33 @@ func TestHook(t *testing.T) {
 		})
 	})
 }
+
+func TestLoad(t *testing.T) {
+	env := envconfig.Env{
+		"REMOTE_CONFIG": "https://github.com?client_id=client&client_secret=secret&scope=scope1,scope2",
+	}
+	g := Load(env)
+	if g.URL != "https://github.com" {
+		t.Errorf("g.URL = %q; want https://github.com")
+	}
+	if g.Client != "client" {
+		t.Errorf("g.Client = %q; want client", g.Client)
+	}
+	if g.Secret != "secret" {
+		t.Errorf("g.Secret = %q; want secret", g.Secret)
+	}
+	if g.Scope != "scope1,scope2" {
+		t.Errorf("g.Scope = %q; want scope1,scope2", g.Scope)
+	}
+	if g.API != DefaultAPI {
+		t.Errorf("g.API = %q; want %q", g.API, DefaultAPI)
+	}
+	if g.MergeRef != DefaultMergeRef {
+		t.Errorf("g.MergeRef = %q; want %q", g.MergeRef, DefaultMergeRef)
+	}
+
+	g = Load(envconfig.Env{})
+	if g.Scope != DefaultScope {
+		t.Errorf("g.Scope = %q; want %q", g.Scope, DefaultScope)
+	}
+}