apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21955 Commits
1680 Branches
645 Tags
2.2 GiB
Tag: Branch: Tree: 1a2841e244
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1a2841e244'
${ noResults }
grafana/pkg/middleware/auth_proxy.go

64 lines
1.3 KiB
Raw Normal View History Unescape

Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
11 years ago
package middleware
import (
Chore: use remote cache instead of session storage (#16114) Replaces session storage in auth_proxy middleware with remote cache Fixes #15161
7 years ago
"github.com/grafana/grafana/pkg/infra/remotecache"
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
authproxy "github.com/grafana/grafana/pkg/middleware/auth_proxy"
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
11 years ago
m "github.com/grafana/grafana/pkg/models"
)
Chore: use remote cache instead of session storage (#16114) Replaces session storage in auth_proxy middleware with remote cache Fixes #15161
7 years ago
const (
// cachePrefix is a prefix for the cache key
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
cachePrefix = authproxy.CachePrefix
restrict session usage to auth_proxy
7 years ago
)
update auth proxy
8 years ago
Chore: use remote cache instead of session storage (#16114) Replaces session storage in auth_proxy middleware with remote cache Fixes #15161
7 years ago
func initContextWithAuthProxy(store *remotecache.RemoteCache, ctx *m.ReqContext, orgID int64) bool {
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
auth := authproxy.New(&authproxy.Options{
Store: store,
Ctx: ctx,
OrgID: orgID,
})
// Bail if auth proxy is not enabled
Chore: remove use of `== false` (#17036) Interestingly enough, golint or revive doesn't not prohibit the use that construction :) Ref #17035
7 years ago
if !auth.IsEnabled() {
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
11 years ago
return false
}
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
// If the there is no header - we can't move forward
Chore: remove use of `== false` (#17036) Interestingly enough, golint or revive doesn't not prohibit the use that construction :) Ref #17035
7 years ago
if !auth.HasHeader() {
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
11 years ago
return false
}
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
// Check if allowed to continue with this IP
Chore: remove use of `== false` (#17036) Interestingly enough, golint or revive doesn't not prohibit the use that construction :) Ref #17035
7 years ago
if result, err := auth.IsAllowedIP(); !result {
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
ctx.Handle(407, err.Error(), err.DetailsError)
Auth Proxy improvements - adds the option to use ldap groups for authorization in combination with an auth proxy - adds an option to limit where auth proxy requests come from by configure a list of ip's - fixes a security issue, session could be reused
10 years ago
return true
}
Feature: LDAP refactoring (#16950) * incapsulates multipleldap logic under one module * abstracts users upsert and get logic * changes some of the text error messages and import sort sequence * heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour * integrates affected auth_proxy module and their tests * refactoring of the auth_proxy logic
7 years ago
// Try to log in user from various providers
id, err := auth.Login()
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
if err != nil {
ctx.Handle(500, err.Error(), err.DetailsError)
return true
refactor authproxy & ldap integration, address comments
8 years ago
}
update auth proxy
8 years ago
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
// Get full user info
user, err := auth.GetSignedUser(id)
if err != nil {
ctx.Handle(500, err.Error(), err.DetailsError)
refactor authproxy & ldap integration, address comments
8 years ago
return true
Auth Proxy improvements - adds the option to use ldap groups for authorization in combination with an auth proxy - adds an option to limit where auth proxy requests come from by configure a list of ip's - fixes a security issue, session could be reused
10 years ago
}
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
// Add user info to context
ctx.SignedInUser = user
ctx.IsSignedIn = true
Auth Proxy improvements - adds the option to use ldap groups for authorization in combination with an auth proxy - adds an option to limit where auth proxy requests come from by configure a list of ip's - fixes a security issue, session could be reused
10 years ago
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
// Remember user data it in cache
Feature: LDAP refactoring (#16950) * incapsulates multipleldap logic under one module * abstracts users upsert and get logic * changes some of the text error messages and import sort sequence * heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour * integrates affected auth_proxy module and their tests * refactoring of the auth_proxy logic
7 years ago
if err := auth.Remember(id); err != nil {
Chore: refactor auth proxy (#16504) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy
7 years ago
ctx.Handle(500, err.Error(), err.DetailsError)
return true
Auth Proxy improvements - adds the option to use ldap groups for authorization in combination with an auth proxy - adds an option to limit where auth proxy requests come from by configure a list of ip's - fixes a security issue, session could be reused
10 years ago
}
Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921
11 years ago
return true
}