forked from github/platform-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request github#47 from github/2fa-checker-enhancements
Improve token handling; add support for GHE endpoints
- Loading branch information
Showing
1 changed file
with
37 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,46 @@ | ||
| # GitHub & GitHub Enterprise 2FA auditor | ||
| # ====================================== | ||
| # | ||
| # Usage: ruby 2fa_checker.rb <orgname> | ||
| # | ||
| # These environment variables must be set: | ||
| # - GITHUB_TOKEN: A valid personal access token with Organzation admin priviliges | ||
| # - GITHUB_API_ENDPOINT: A valid GitHub/GitHub Enterprise API endpoint URL | ||
| # (use http://api.github.com for GitHub.com auditing) | ||
| # | ||
| # Requires the Octokit Rubygem: https://github.com/octokit/octokit.rb | ||
|
|
||
| require 'octokit.rb' | ||
|
|
||
| if ARGV.length != 1 | ||
| $stderr.puts "Pass in the name of the organization you're interested in checking." | ||
| begin | ||
| ACCESS_TOKEN = ENV.fetch("GITHUB_TOKEN") | ||
| API_ENDPOINT = ENV.fetch("GITHUB_API_ENDPOINT") | ||
| rescue KeyError | ||
| $stderr.puts "To run this script, please set the following environment variables:" | ||
| $stderr.puts "- GITHUB_TOKEN: A valid personal access token with Organzation admin priviliges" | ||
| $stderr.puts "- GITHUB_API_ENDPOINT: A valid GitHub/GitHub Enterprise API endpoint URL" | ||
| $stderr.puts " (use http://api.github.com for GitHub.com auditing)" | ||
| exit 1 | ||
| end | ||
|
|
||
| # !!! DO NOT EVER USE HARD-CODED VALUES IN A REAL APP !!! | ||
| # Instead, set and test environment variables, like below | ||
| client = Octokit::Client.new(:access_token => ENV['MY_PERSONAL_TOKEN']) | ||
| Octokit.configure do |kit| | ||
| kit.api_endpoint = API_ENDPOINT | ||
| kit.access_token = ACCESS_TOKEN | ||
| kit.auto_paginate = true | ||
| end | ||
|
|
||
| if ARGV.length != 1 | ||
| $stderr.puts "Pass a valid Organization name to audit." | ||
| exit 1 | ||
| end | ||
|
|
||
| ORG = ARGV[0].to_s | ||
|
|
||
| client.organization_members(ORG, { :filter => "2fa_disabled" }).each do |user| | ||
| puts "#{user[:login]} does not have 2FA enabled, and yet is a member of #{ORG}!" | ||
| client = Octokit::Client.new | ||
|
|
||
| users = client.organization_members(ORG, {:filter => "2fa_disabled"}) | ||
|
|
||
| puts "The following #{users.count} users do not have 2FA enabled:\n\n" | ||
| users.each do |user| | ||
| puts "#{user[:login]}" | ||
| end |