This repository has been archived by the owner on Aug 21, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 18
/
githublogin_validator.go
99 lines (86 loc) · 3.11 KB
/
githublogin_validator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package githublogin
import (
"cuelang.org/go/pkg/strings"
"github.com/quay/config-tool/pkg/lib/shared"
)
// Validate checks the configuration settings for this field group
func (fg *GitHubLoginFieldGroup) Validate(opts shared.Options) []shared.ValidationError {
fgName := "GitHubLogin"
// Make empty errors
errors := []shared.ValidationError{}
// If github trigger is off
if !fg.FeatureGithubLogin {
return errors
}
// Check for config
if fg.GithubLoginConfig == nil {
newError := shared.ValidationError{
Tags: []string{"GITHUB_LOGIN_CONFIG"},
FieldGroup: fgName,
Message: "GITHUB_LOGIN_CONFIG is required for GitHubLogin",
}
errors = append(errors, newError)
return errors
}
// Check for endpoint
if fg.GithubLoginConfig.GithubEndpoint == "" {
newError := shared.ValidationError{
Tags: []string{"GITHUB_LOGIN_CONFIG.GITHUB_ENDPOINT"},
FieldGroup: fgName,
Message: "GITHUB_LOGIN_CONFIG.GITHUB_ENDPOINT is required for GitHubLogin",
}
errors = append(errors, newError)
}
// Check for endpoint
if !strings.HasPrefix(fg.GithubLoginConfig.GithubEndpoint, "http://") && !strings.HasPrefix(fg.GithubLoginConfig.GithubEndpoint, "https://") {
newError := shared.ValidationError{
Tags: []string{"GITHUB_LOGIN_CONFIG.GITHUB_ENDPOINT"},
FieldGroup: fgName,
Message: "GITHUB_LOGIN_CONFIG.GITHUB_ENDPOINT must be a url",
}
errors = append(errors, newError)
}
// Check for client id
if fg.GithubLoginConfig.ClientId == "" {
newError := shared.ValidationError{
Tags: []string{"GITHUB_LOGIN_CONFIG.CLIENT_ID"},
FieldGroup: fgName,
Message: "GITHUB_LOGIN_CONFIG.CLIENT_ID is required for GitHubLogin",
}
errors = append(errors, newError)
}
// Check for endpoint
if fg.GithubLoginConfig.ClientSecret == "" {
newError := shared.ValidationError{
Tags: []string{"GITHUB_LOGIN_CONFIG.CLIENT_SECRET"},
FieldGroup: fgName,
Message: "GITHUB_LOGIN_CONFIG.CLIENT_SECRET is required for GitHubLogin",
}
errors = append(errors, newError)
}
// If restricted orgs, make sure
if fg.GithubLoginConfig.OrgRestrict && len(fg.GithubLoginConfig.AllowedOrganizations) == 0 {
newError := shared.ValidationError{
Tags: []string{"GITHUB_LOGIN_CONFIG.ORG_RESTRICT", "GITHUB_LOGIN_CONFIG.ALLOWED_ORGANIZATIONS"},
FieldGroup: fgName,
Message: "GITHUB_LOGIN_CONFIG.ALLOWED_ORGANIZATIONS must contain values if GITHUB_LOGIN_CONFIG.ORG_RESTRICT is true",
}
errors = append(errors, newError)
}
// Check OAuth endpoint
var success bool
if opts.Mode != "testing" {
success = shared.ValidateGitHubOAuth(opts, fg.GithubLoginConfig.ClientId, fg.GithubLoginConfig.ClientSecret, fg.GithubLoginConfig.GithubEndpoint)
} else {
success = (fg.GithubLoginConfig.ClientId == "test_client_key") && (fg.GithubLoginConfig.ClientSecret == "test_secret_key")
}
if !success {
newError := shared.ValidationError{
Tags: []string{"GITHUB_TRIGGER_CONFIG.CLIENT_ID", "GITHUB_TRIGGER_CONFIG.CLIENT_SECRET"},
FieldGroup: fgName,
Message: "Could not verify GitHub OAuth credentials",
}
errors = append(errors, newError)
}
return errors
}