Skip to content

Commit eec78a7

Browse files
eiriksmeiriksm
committed
Add support for SSO errors coming from the API
1 parent 03445f2 commit eec78a7

File tree

2 files changed

+36
-0
lines changed

2 files changed

+36
-0
lines changed

lib/Github/Exception/SsoRequiredException.php

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<?php
2+
3+
namespace Github\Exception;
4+
5+
/**
6+
* SsoRequiredException.
7+
*/
8+
class SsoRequiredException extends RuntimeException
9+
{
10+
private $url;
11+
12+
public function __construct($url, $code = 0, $previous = null)
13+
{
14+
$this->url = $url;
15+
16+
parent::__construct('Resource protected by organization SAML enforcement. You must grant your personal token access to this organization.', $code, $previous);
17+
}
18+
19+
20+
public function getUrl()
21+
{
22+
return $this->url;
23+
}
24+
25+
}

lib/Github/HttpClient/Plugin/GithubExceptionThrower.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
use Github\Exception\ApiLimitExceedException;
66
use Github\Exception\ErrorException;
77
use Github\Exception\RuntimeException;
8+
use Github\Exception\SsoRequiredException;
89
use Github\Exception\TwoFactorAuthenticationRequiredException;
910
use Github\Exception\ValidationFailedException;
1011
use Github\HttpClient\Message\ResponseMediator;
@@ -103,6 +104,16 @@ public function doHandleRequest(RequestInterface $request, callable $next, calla
103104
throw new RuntimeException(implode(', ', $errors), 502);
104105
}
105106

107+
if ((403 === $response->getStatusCode()) && $response->hasHeader('X-GitHub-SSO') && 0 === strpos((string) ResponseMediator::getHeader($response, 'X-GitHub-SSO'), 'required;')) {
108+
// The header will look something like this:
109+
// required; url=https://github.com/orgs/octodocs-test/sso?authorization_request=AZSCKtL4U8yX1H3sCQIVnVgmjmon5fWxks5YrqhJgah0b2tlbl9pZM4EuMz4
110+
// So we strip out the first 14 characters, leaving only the URL.
111+
// @see https://developer.github.com/v3/auth/#authenticating-for-saml-sso
112+
$url = substr((string) ResponseMediator::getHeader($response, 'X-GitHub-SSO'), 14);
113+
114+
throw new SsoRequiredException($url);
115+
}
116+
106117
throw new RuntimeException(isset($content['message']) ? $content['message'] : $content, $response->getStatusCode());
107118
});
108119
}

0 commit comments

Comments
 (0)