Merge pull request #354 from nvs-abhilash/github-tls-verify

Respect validate_server_cert attribute for GitHub
jupyterhub · May 16, 2020 · d2d3ac8 · d2d3ac8
2 parents aec2846 + c135d72
commit d2d3ac8
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/.flake8 b/.flake8
@@ -1,4 +1,8 @@
 [flake8]
 select = F
 ignore = E,W,C,F401,F841
-exclude = __init__.py
+builtins =
+    c
+    get_config
+exclude =
+    __init__.py
diff --git a/docs/source/example-oauthenticator.py b/docs/source/example-oauthenticator.py
@@ -64,7 +64,7 @@ async def authenticate(self, handler, data=None):
                 ),
             )
         else:
-            raise HTTPError(500, "Bad response: %s".format(resp))
+            raise HTTPError(500, "Bad response: {}".format(resp))
 
         # Determine who the logged in user is
         # by using the new access token to make a request

diff --git a/oauthenticator/github.py b/oauthenticator/github.py
@@ -136,6 +136,7 @@ async def authenticate(self, handler, data=None):
             method="POST",
             headers={"Accept": "application/json"},
             body='',  # Body is required for a POST...
+            validate_cert=self.validate_server_cert,
         )
 
         resp = await http_client.fetch(req)
@@ -151,11 +152,14 @@ async def authenticate(self, handler, data=None):
                 ),
             )
         else:
-            raise HTTPError(500, "Bad response: %s".format(resp))
+            raise HTTPError(500, "Bad response: {}".format(resp))
 
         # Determine who the logged in user is
         req = HTTPRequest(
-            self.github_api + "/user", method="GET", headers=_api_headers(access_token)
+            self.github_api + "/user",
+            method="GET",
+            headers=_api_headers(access_token),
+            validate_cert=self.validate_server_cert,
         )
         resp = await http_client.fetch(req)
         resp_json = json.loads(resp.body.decode('utf8', 'replace'))
@@ -205,7 +209,12 @@ async def _check_organization_whitelist(self, org, username, access_token):
             org,
             username,
         )
-        req = HTTPRequest(check_membership_url, method="GET", headers=headers)
+        req = HTTPRequest(
+            check_membership_url,
+            method="GET",
+            headers=headers,
+            validate_cert=self.validate_server_cert,
+        )
         self.log.debug(
             "Checking GitHub organization membership: %s in %s?", username, org
         )