apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40924 Commits
1680 Branches
645 Tags
2.2 GiB
Tag: Branch: Tree: 6ca9e5b440
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6ca9e5b440'
${ noResults }
grafana/pkg/services/authn/clients/ldap.go

92 lines
2.5 KiB
Raw Normal View History Unescape

AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
package clients
import (
"context"
"errors"
"github.com/grafana/grafana/pkg/services/authn"
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
3 years ago
"github.com/grafana/grafana/pkg/services/ldap/multildap"
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
3 years ago
"github.com/grafana/grafana/pkg/services/login"
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
"github.com/grafana/grafana/pkg/setting"
)
AuthN: Add auth proxy client (#61555) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down
3 years ago
var _ authn.ProxyClient = new(LDAP)
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
var _ authn.PasswordClient = new(LDAP)
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
3 years ago
type ldapService interface {
Login(query *login.LoginUserQuery) (*login.ExternalUserInfo, error)
User(username string) (*login.ExternalUserInfo, error)
}
func ProvideLDAP(cfg *setting.Cfg, ldapService ldapService) *LDAP {
return &LDAP{cfg, ldapService}
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
}
type LDAP struct {
cfg *setting.Cfg
service ldapService
}
AuthN: Add auth proxy client (#61555) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down
3 years ago
func (c *LDAP) AuthenticateProxy(ctx context.Context, r *authn.Request, username string, _ map[string]string) (*authn.Identity, error) {
info, err := c.service.User(username)
if errors.Is(err, multildap.ErrDidNotFindUser) {
return nil, errIdentityNotFound.Errorf("no user found: %w", err)
}
if err != nil {
return nil, err
}
return identityFromLDAPInfo(r.OrgID, info, c.cfg.LDAPAllowSignup), nil
}
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
3 years ago
func (c *LDAP) AuthenticatePassword(ctx context.Context, r *authn.Request, username, password string) (*authn.Identity, error) {
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
3 years ago
info, err := c.service.Login(&login.LoginUserQuery{
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
Username: username,
Password: password,
})
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
3 years ago
if errors.Is(err, multildap.ErrCouldNotFindUser) {
AuthN: Perform login with authn.Service (#61466) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors
3 years ago
// FIXME: disable user in grafana if not found
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
3 years ago
return nil, errIdentityNotFound.Errorf("no user found: %w", err)
}
// user was found so set auth module in req metadata
r.SetMeta(authn.MetaKeyAuthModule, "ldap")
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
3 years ago
if errors.Is(err, multildap.ErrInvalidCredentials) {
return nil, errInvalidPassword.Errorf("invalid password: %w", err)
}
if err != nil {
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
return nil, err
}
AuthN: Add auth proxy client (#61555) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down
3 years ago
return identityFromLDAPInfo(r.OrgID, info, c.cfg.LDAPAllowSignup), nil
}
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
3 years ago
func identityFromLDAPInfo(orgID int64, info *login.ExternalUserInfo, allowSignup bool) *authn.Identity {
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
return &authn.Identity{
AuthN: Add auth proxy client (#61555) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down
3 years ago
OrgID: orgID,
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
OrgRoles: info.OrgRoles,
Login: info.Login,
Name: info.Name,
Email: info.Email,
IsGrafanaAdmin: info.IsGrafanaAdmin,
AuthModule: info.AuthModule,
AuthID: info.AuthId,
Authn: JWT client (#61157) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
3 years ago
Groups: info.Groups,
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
ClientParams: authn.ClientParams{
SyncUser: true,
SyncTeamMembers: true,
EnableDisabledUsers: true,
AuthN: fetch final state of signed in user (#62854) * AuthN: add a hook we can use to fetch final state of user
3 years ago
FetchSyncedUser: true,
AllowSignUp: allowSignup,
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
3 years ago
LookUpParams: login.UserLookupParams{
Authn: JWT client (#61157) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
3 years ago
Login: &info.Login,
Email: &info.Email,
},
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
3 years ago
},
}
}