From 30cc6798b3b98bdb0de84e335f5b4e9407b34fb0 Mon Sep 17 00:00:00 2001
From: Mateusz Mandera <mateusz.mandera@protonmail.com>
Date: Sun, 1 Mar 2020 14:58:30 +0100
Subject: [PATCH] auth: Fix Github auth with organization/team membership
 restriction.

We need to request access to read:org scope to be able to check org/team
membership. Without it SOCIAL_AUTH_GITHUB_ORG_NAME and
SOCIAL_AUTH_GITHUB_TEAM_ID settings don't work and simply lead to all
auth attempts failing.
Tested manually.
---
 zproject/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/zproject/settings.py b/zproject/settings.py
index d8908be4d7..b5431b39a4 100644
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -980,6 +980,8 @@ SOCIAL_AUTH_LOGIN_ERROR_URL = '/login/'
 
 SOCIAL_AUTH_GITHUB_SECRET = get_secret('social_auth_github_secret')
 SOCIAL_AUTH_GITHUB_SCOPE = ['user:email']
+if SOCIAL_AUTH_GITHUB_ORG_NAME or SOCIAL_AUTH_GITHUB_TEAM_ID:
+    SOCIAL_AUTH_GITHUB_SCOPE.append("read:org")
 SOCIAL_AUTH_GITHUB_ORG_KEY = SOCIAL_AUTH_GITHUB_KEY
 SOCIAL_AUTH_GITHUB_ORG_SECRET = SOCIAL_AUTH_GITHUB_SECRET
 SOCIAL_AUTH_GITHUB_TEAM_KEY = SOCIAL_AUTH_GITHUB_KEY