apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9122 Commits
6018 Branches
596 Tags
1.8 GiB
Tag: Branch: Tree: 158656f570
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '158656f570'
${ noResults }
grafana/pkg/middleware/auth_proxy.go

81 lines
2.1 KiB
Raw Normal View History Unescape

Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
package middleware
import (
"github.com/grafana/grafana/pkg/bus"
fix(auth proxy): Fix for server side rendering of panel when using auth proxy, fixes #2568
10 years ago
"github.com/grafana/grafana/pkg/log"
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
)
func initContextWithAuthProxy(ctx *Context) bool {
if !setting.AuthProxyEnabled {
return false
}
proxyHeaderValue := ctx.Req.Header.Get(setting.AuthProxyHeaderName)
Final tweaks to auth proxy feature
10 years ago
if len(proxyHeaderValue) == 0 {
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
return false
}
query := getSignedInUserQueryForProxyAuth(proxyHeaderValue)
if err := bus.Dispatch(query); err != nil {
if err != m.ErrUserNotFound {
minor spelling corrections Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
9 years ago
ctx.Handle(500, "Failed to find user specified in auth proxy header", err)
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
return true
}
if setting.AuthProxyAutoSignUp {
cmd := getCreateUserCommandForProxyAuth(proxyHeaderValue)
if err := bus.Dispatch(cmd); err != nil {
ctx.Handle(500, "Failed to create user specified in auth proxy header", err)
return true
}
query = &m.GetSignedInUserQuery{UserId: cmd.Result.Id}
if err := bus.Dispatch(query); err != nil {
ctx.Handle(500, "Failed find user after creation", err)
return true
}
Final tweaks to auth proxy feature
10 years ago
} else {
return false
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
}
}
fix(auth proxy): Fix for server side rendering of panel when using auth proxy, fixes #2568
10 years ago
// initialize session
if err := ctx.Session.Start(ctx); err != nil {
log.Error(3, "Failed to start session", err)
return false
}
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
ctx.SignedInUser = query.Result
ctx.IsSignedIn = true
fix(auth proxy): Fix for server side rendering of panel when using auth proxy, fixes #2568
10 years ago
ctx.Session.Set(SESS_KEY_USERID, ctx.UserId)
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
return true
}
func getSignedInUserQueryForProxyAuth(headerVal string) *m.GetSignedInUserQuery {
query := m.GetSignedInUserQuery{}
if setting.AuthProxyHeaderProperty == "username" {
query.Login = headerVal
} else if setting.AuthProxyHeaderProperty == "email" {
query.Email = headerVal
} else {
panic("Auth proxy header property invalid")
}
return &query
}
func getCreateUserCommandForProxyAuth(headerVal string) *m.CreateUserCommand {
cmd := m.CreateUserCommand{}
if setting.AuthProxyHeaderProperty == "username" {
cmd.Login = headerVal
Set email when creating user from auth_proxy header, Fixes #2156
10 years ago
cmd.Email = headerVal
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
} else if setting.AuthProxyHeaderProperty == "email" {
cmd.Email = headerVal
Set email when creating user from auth_proxy header, Fixes #2156
10 years ago
cmd.Login = headerVal
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
10 years ago
} else {
panic("Auth proxy header property invalid")
}
return &cmd
}