githubAuthLogin starts user authorization of github app. In case github app is installed by another user, other users of the repo need to separately authorise github app where this flow comes into picture. Some implementation details are copied from auth package. It's implemented as a non-gRPC endpo
(w http.ResponseWriter, r *http.Request)
| 734 | // Some implementation details are copied from auth package. |
| 735 | // It's implemented as a non-gRPC endpoint mounted directly on /github/auth/login. |
| 736 | func (s *Server) githubAuth(w http.ResponseWriter, r *http.Request) { |
| 737 | // Check the request is made by an authenticated user |
| 738 | claims := auth.GetClaims(r.Context()) |
| 739 | if claims.OwnerType() != auth.OwnerTypeUser { |
| 740 | // Redirect to the auth site, with a redirect back to here after successful auth. |
| 741 | s.redirectLogin(w, r) |
| 742 | return |
| 743 | } |
| 744 | |
| 745 | // Generate random state for CSRF |
| 746 | b := make([]byte, 32) |
| 747 | _, err := rand.Read(b) |
| 748 | if err != nil { |
| 749 | http.Error(w, fmt.Sprintf("failed to generate state: %s", err), http.StatusInternalServerError) |
| 750 | return |
| 751 | } |
| 752 | state := base64.StdEncoding.EncodeToString(b) |
| 753 | |
| 754 | // Get auth cookie |
| 755 | sess := s.cookies.Get(r, githubcookieName) |
| 756 | // Set state in cookie |
| 757 | sess.Values[githubcookieFieldState] = state |
| 758 | remote := r.URL.Query().Get("remote") |
| 759 | remote = normalizeGitRemote(remote) // Backwards compatibility |
| 760 | if remote != "" { |
| 761 | sess.Values[githubcookieFieldRemote] = remote |
| 762 | } |
| 763 | redirect := r.URL.Query().Get("redirect") |
| 764 | if redirect != "" { |
| 765 | sess.Values[githubcookieFieldRedirect] = redirect |
| 766 | } |
| 767 | |
| 768 | // Save cookie |
| 769 | if err := sess.Save(r, w); err != nil { |
| 770 | http.Error(w, fmt.Sprintf("failed to save session: %s", err), http.StatusInternalServerError) |
| 771 | return |
| 772 | } |
| 773 | |
| 774 | oauthConf := &oauth2.Config{ |
| 775 | ClientID: s.opts.GithubClientID, |
| 776 | ClientSecret: s.opts.GithubClientSecret, |
| 777 | Endpoint: githuboauth.Endpoint, |
| 778 | RedirectURL: s.admin.URLs.GithubAuthCallback(), |
| 779 | } |
| 780 | // Redirect to github login page |
| 781 | http.Redirect(w, r, oauthConf.AuthCodeURL(state, oauth2.AccessTypeOnline), http.StatusTemporaryRedirect) |
| 782 | } |
| 783 | |
| 784 | // githubAuthCallback is called after a user authorizes github app on their account |
| 785 | // It's implemented as a non-gRPC endpoint mounted directly on /github/auth/callback. |
nothing calls this directly
no test coverage detected