sambauers · October 4, 2016 09:12
diff --git a/github-2fa-nag.sh b/github-2fa-nag.sh
 #!/usr/bin/env bash

 # 2FA Nag

 # This script allows you to nag your organisation members to turn on two factor
 # auth on GitHub. It grabs all organisation members, determines which have 2FA
 # disabled and enabled, and assigns/deassigns them from a preset issue on a
 # repository and adds comments once a week in order to nag them to do it. The
 # script should be run once per day via a cron job.

 # Configure authentication
 # Your GitHub login
 GITHUB_USER="your-github-login";
 # A personal access token for that login - must have "repo" and "read:org" access
 GITHUB_TOKEN="0123456789abcdef0123456789abcdef01234567";

 # Configure issue location
 GITHUB_OWNER="your-organisation";
 GITHUB_REPO="some-repository-in-the-organisation";
 GITHUB_ISSUE_NUMBER="1";

 # What day would you like to nag people on? "Mon", "Mon Thu", "Fri", etc...
 NAG_DAYS="Mon Thu";

 # This script requires the `jq` utility - https://stedolan.github.io/jq/
 JQ_PATH="/usr/local/bin/jq";

 # Don't touch these!
 GITHUB_AUTH=$( printf "%s:%s" $GITHUB_USER $GITHUB_TOKEN );
 GITHUB_MEMBERS_API=$( printf "https://api.github.com/orgs/%s/members" $GITHUB_OWNER );
 GITHUB_ISSUES_API=$( printf "https://api.github.com/repos/%s/%s/issues" $GITHUB_OWNER $GITHUB_REPO );

 # in_array() function
 function in_array() {
  local x;
  ENTRY=$1;
  shift 1;
  ARRAY=( "$@" );
  [ -z "${ARRAY}" ] && return 1;
  [ -z "${ENTRY}" ] && return 1;
  for x in ${ARRAY[@]};
  do
    [ "${x}" == "${ENTRY}" ] && return 0
  done
  return 1
 }

 # join_array() function
 function join_array() {
  local d=$1;
  shift;
  printf "$1";
  shift;
  printf "%s" "${@/#/$d}";
 }

 # countup() function
 function countup() {
  printf "> ";
  ITEMS=$*;
  for ITEM in $ITEMS;
  do
    sleep 0.2;
    printf ".";
  done
  printf "\\n";
 }

 LOGINS=$( curl --silent -u $GITHUB_AUTH $GITHUB_MEMBERS_API | $JQ_PATH -r ".[] | .login" );
 DISABLED_LOGINS=$( curl --silent -u $GITHUB_AUTH "$GITHUB_MEMBERS_API?filter=2fa_disabled" | $JQ_PATH -r ".[] | .login" );

 printf "===========================\\n";
 printf "Here is what's going on...\\n";
 printf "===========================\\n";
 printf "\\n";
 printf "Members without 2FA enabled\\n"
 printf -- "---------------------------\\n"
 printf "$DISABLED_LOGINS\\n";
 printf "\\n";

 # Loop thorough all logins to remove those with 2FA disabled, and create a list
 # of those with 2FA enabled.
 ENABLED_LOGINS="";
 for LOGIN in $LOGINS;
 do

  in_array "$LOGIN" "${DISABLED_LOGINS[@]}";
  if [[ $? == 0 ]];
  then
    continue;
  fi

  if [[ $ENABLED_LOGINS ]];
  then
    ENABLED_LOGINS="$ENABLED_LOGINS
 $LOGIN";
  else
    ENABLED_LOGINS="$LOGIN";
  fi
 done

 printf "Members with 2FA enabled\\n";
 printf -- "---------------------------\\n";
 printf "$ENABLED_LOGINS\\n";
 printf "\\n";

 # Remove assignment from the good people
 printf "Removing issue assignment for members with 2FA enabled:\\n";
 ENABLED_JOINED=$( join_array "\",\"" $ENABLED_LOGINS );
 DEASSIGNMENT=$( curl --silent -u $GITHUB_AUTH -H "Content-Type: application/json" -X DELETE -d "{\"assignees\":[\"$ENABLED_JOINED\"]}" "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/assignees" );

 # Pretend we are doing something
 countup $ENABLED_LOGINS;
 printf "\\n";

 # Add assignment for the bad people
 printf "Adding issue assignment for members without 2FA enabled:\\n";
 DISABLED_JOINED=$( join_array "\",\"" $DISABLED_LOGINS );
 ASSIGNMENT=$( curl --silent -u $GITHUB_AUTH -H 'Content-Type: application/json' -X POST -d "{\"assignees\":[\"$DISABLED_JOINED\"]}" "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/assignees" );

 # Pretend we are doing something
 countup $DISABLED_LOGINS;
 printf "\\n";

 # What day is it anyway?
 DAY=$( date "+%a" );

 # Write comments every nag day
 in_array "$DAY" "${NAG_DAYS[@]}";
 if [[ $? == 0 ]];
 then
  printf "Deleting current comments on the issue:\\n";
  COMMENTS=$( curl --silent -u $GITHUB_AUTH "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/comments" | $JQ_PATH -r ".[] | .id" );
  printf "> ";

  for COMMENT in $COMMENTS;
  do
    printf ".";
    DELETE_COMMENT=$( curl --silent -u $GITHUB_AUTH -X DELETE "$GITHUB_ISSUES_API/comments/$COMMENT" );
  done
  printf "\\n";
  printf "\\n";

  printf "Writing comments into issue for members without 2FA enabled:\\n";
  printf "> ";

  for DISABLED_LOGIN in $DISABLED_LOGINS;
  do
    printf ".";
    MESSAGE="Hi @$DISABLED_LOGIN, you still haven't got 2FA enabled on your GitHub account. Please enable it today to allow continued access to the @$GITHUB_OWNER GitHub organisation. Follow these instructions to set it up - https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/";
    ADD_COMMENT=$( curl --silent -u $GITHUB_AUTH -H "Content-Type: application/json" -X POST -d "{\"body\":\"$MESSAGE\"}" "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/comments" );
  done
  printf "\\n";
  printf "\\n";
 fi

 printf "===========================\\n";
 printf "All done!\\n";
 printf "===========================\\n";
 printf "\\n";
 exit 0;
	#!/usr/bin/env bash

	# 2FA Nag

	# This script allows you to nag your organisation members to turn on two factor
	# auth on GitHub. It grabs all organisation members, determines which have 2FA
	# disabled and enabled, and assigns/deassigns them from a preset issue on a
	# repository and adds comments once a week in order to nag them to do it. The
	# script should be run once per day via a cron job.

	# Configure authentication
	# Your GitHub login
	GITHUB_USER="your-github-login";
	# A personal access token for that login - must have "repo" and "read:org" access
	GITHUB_TOKEN="0123456789abcdef0123456789abcdef01234567";

	# Configure issue location
	GITHUB_OWNER="your-organisation";
	GITHUB_REPO="some-repository-in-the-organisation";
	GITHUB_ISSUE_NUMBER="1";

	# What day would you like to nag people on? "Mon", "Mon Thu", "Fri", etc...
	NAG_DAYS="Mon Thu";

	# This script requires the `jq` utility - https://stedolan.github.io/jq/
	JQ_PATH="/usr/local/bin/jq";

	# Don't touch these!
	GITHUB_AUTH=$( printf "%s:%s" $GITHUB_USER $GITHUB_TOKEN );
	GITHUB_MEMBERS_API=$( printf "https://api.github.com/orgs/%s/members" $GITHUB_OWNER );
	GITHUB_ISSUES_API=$( printf "https://api.github.com/repos/%s/%s/issues" $GITHUB_OWNER $GITHUB_REPO );

	# in_array() function
	function in_array() {
	local x;
	ENTRY=$1;
	shift 1;
	ARRAY=( "$@" );
	[ -z "${ARRAY}" ] && return 1;
	[ -z "${ENTRY}" ] && return 1;
	for x in ${ARRAY[@]};
	do
	[ "${x}" == "${ENTRY}" ] && return 0
	done
	return 1
	}

	# join_array() function
	function join_array() {
	local d=$1;
	shift;
	printf "$1";
	shift;
	printf "%s" "${@/#/$d}";
	}

	# countup() function
	function countup() {
	printf "> ";
	ITEMS=$*;
	for ITEM in $ITEMS;
	do
	sleep 0.2;
	printf ".";
	done
	printf "\\n";
	}

	LOGINS=$( curl --silent -u $GITHUB_AUTH $GITHUB_MEMBERS_API \| $JQ_PATH -r ".[] \| .login" );
	DISABLED_LOGINS=$( curl --silent -u $GITHUB_AUTH "$GITHUB_MEMBERS_API?filter=2fa_disabled" \| $JQ_PATH -r ".[] \| .login" );

	printf "===========================\\n";
	printf "Here is what's going on...\\n";
	printf "===========================\\n";
	printf "\\n";
	printf "Members without 2FA enabled\\n"
	printf -- "---------------------------\\n"
	printf "$DISABLED_LOGINS\\n";
	printf "\\n";

	# Loop thorough all logins to remove those with 2FA disabled, and create a list
	# of those with 2FA enabled.
	ENABLED_LOGINS="";
	for LOGIN in $LOGINS;
	do

	in_array "$LOGIN" "${DISABLED_LOGINS[@]}";
	if [[ $? == 0 ]];
	then
	continue;
	fi

	if [[ $ENABLED_LOGINS ]];
	then
	ENABLED_LOGINS="$ENABLED_LOGINS
	$LOGIN";
	else
	ENABLED_LOGINS="$LOGIN";
	fi
	done

	printf "Members with 2FA enabled\\n";
	printf -- "---------------------------\\n";
	printf "$ENABLED_LOGINS\\n";
	printf "\\n";

	# Remove assignment from the good people
	printf "Removing issue assignment for members with 2FA enabled:\\n";
	ENABLED_JOINED=$( join_array "\",\"" $ENABLED_LOGINS );
	DEASSIGNMENT=$( curl --silent -u $GITHUB_AUTH -H "Content-Type: application/json" -X DELETE -d "{\"assignees\":[\"$ENABLED_JOINED\"]}" "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/assignees" );

	# Pretend we are doing something
	countup $ENABLED_LOGINS;
	printf "\\n";

	# Add assignment for the bad people
	printf "Adding issue assignment for members without 2FA enabled:\\n";
	DISABLED_JOINED=$( join_array "\",\"" $DISABLED_LOGINS );
	ASSIGNMENT=$( curl --silent -u $GITHUB_AUTH -H 'Content-Type: application/json' -X POST -d "{\"assignees\":[\"$DISABLED_JOINED\"]}" "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/assignees" );

	# Pretend we are doing something
	countup $DISABLED_LOGINS;
	printf "\\n";

	# What day is it anyway?
	DAY=$( date "+%a" );

	# Write comments every nag day
	in_array "$DAY" "${NAG_DAYS[@]}";
	if [[ $? == 0 ]];
	then
	printf "Deleting current comments on the issue:\\n";
	COMMENTS=$( curl --silent -u $GITHUB_AUTH "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/comments" \| $JQ_PATH -r ".[] \| .id" );
	printf "> ";

	for COMMENT in $COMMENTS;
	do
	printf ".";
	DELETE_COMMENT=$( curl --silent -u $GITHUB_AUTH -X DELETE "$GITHUB_ISSUES_API/comments/$COMMENT" );
	done
	printf "\\n";
	printf "\\n";

	printf "Writing comments into issue for members without 2FA enabled:\\n";
	printf "> ";

	for DISABLED_LOGIN in $DISABLED_LOGINS;
	do
	printf ".";
	MESSAGE="Hi @$DISABLED_LOGIN, you still haven't got 2FA enabled on your GitHub account. Please enable it today to allow continued access to the @$GITHUB_OWNER GitHub organisation. Follow these instructions to set it up - https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/";
	ADD_COMMENT=$( curl --silent -u $GITHUB_AUTH -H "Content-Type: application/json" -X POST -d "{\"body\":\"$MESSAGE\"}" "$GITHUB_ISSUES_API/$GITHUB_ISSUE_NUMBER/comments" );
	done
	printf "\\n";
	printf "\\n";
	fi

	printf "===========================\\n";
	printf "All done!\\n";
	printf "===========================\\n";
	printf "\\n";
	exit 0;