apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8582 Commits
2186 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: d4fd1c82e3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd4fd1c82e3'
${ noResults }
grafana/pkg/api/login_oauth.go

127 lines
3.2 KiB
Raw Normal View History Unescape

InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
package api
import (
"errors"
"fmt"
Added a state parameter for all OAuth requests
9 years ago
"crypto/rand"
"encoding/base64"
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
updated to new golang/x/oauth2
11 years ago
"golang.org/x/oauth2"
Changed go package path
11 years ago
"github.com/grafana/grafana/pkg/bus"
Added server metrics
10 years ago
"github.com/grafana/grafana/pkg/metrics"
Changed go package path
11 years ago
"github.com/grafana/grafana/pkg/middleware"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/social"
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
)
Added a state parameter for all OAuth requests
9 years ago
func GenStateString() string {
rnd := make([]byte, 32)
rand.Read(rnd)
return base64.StdEncoding.EncodeToString(rnd)
}
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
func OAuthLogin(ctx *middleware.Context) {
if setting.OAuthService == nil {
ctx.Handle(404, "login.OAuthLogin(oauth service not enabled)", nil)
return
}
name := ctx.Params(":name")
connect, ok := social.SocialMap[name]
if !ok {
ctx.Handle(404, "login.OAuthLogin(social login not enabled)", errors.New(name))
return
}
code := ctx.Query("code")
if code == "" {
Added a state parameter for all OAuth requests
9 years ago
state := GenStateString()
ctx.Session.Set(middleware.SESS_KEY_OAUTH_STATE, state)
ctx.Redirect(connect.AuthCodeURL(state, oauth2.AccessTypeOnline))
return
}
// verify state string
savedState := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string)
queryState := ctx.Query("state")
if savedState != queryState {
ctx.Handle(500, "login.OAuthLogin(state mismatch)", nil)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
return
}
// handle call back
updated to new golang/x/oauth2
11 years ago
token, err := connect.Exchange(oauth2.NoContext, code)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
if err != nil {
ctx.Handle(500, "login.OAuthLogin(NewTransportWithCode)", err)
return
}
feat(alerting): new design for alert tab with sidemenu
9 years ago
ctx.Logger.Debug("OAuthLogin Got token")
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
updated to new golang/x/oauth2
11 years ago
userInfo, err := connect.UserInfo(token)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
if err != nil {
Handle special error case if connect.UserInfo returns an error
10 years ago
if err == social.ErrMissingTeamMembership {
fix(security): fixed login issue that was a potential for social engineering, fixes #6014
9 years ago
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1000")
Add github organizations support
10 years ago
} else if err == social.ErrMissingOrganizationMembership {
fix(security): fixed login issue that was a potential for social engineering, fixes #6014
9 years ago
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1001")
Handle special error case if connect.UserInfo returns an error
10 years ago
} else {
ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err)
}
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
return
}
feat(alerting): new design for alert tab with sidemenu
9 years ago
ctx.Logger.Debug("OAuthLogin got user info", "userInfo", userInfo)
OAuth: Specify allowed email address domains for google or and github oauth logins, Closes #1660
10 years ago
// validate that the email is allowed to login to grafana
if !connect.IsEmailAllowed(userInfo.Email) {
feat(alerting): new design for alert tab with sidemenu
9 years ago
ctx.Logger.Info("OAuth login attempt with unallowed email", "email", userInfo.Email)
fix(security): fixed login issue that was a potential for social engineering, fixes #6014
9 years ago
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1002")
OAuth: Specify allowed email address domains for google or and github oauth logins, Closes #1660
10 years ago
return
}
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers
11 years ago
userQuery := m.GetUserByLoginQuery{LoginOrEmail: userInfo.Email}
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
err = bus.Dispatch(&userQuery)
// create account if missing
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers
11 years ago
if err == m.ErrUserNotFound {
Add allow_sign_up override for auth.google/github.
10 years ago
if !connect.IsSignupAllowed() {
Added disable user sign up feature
11 years ago
ctx.Redirect(setting.AppSubUrl + "/login")
return
}
enhance quota support. now includes: - perOrg (users, dashboards, datasources, api_keys) - perUser (orgs) - global (users, orgs, dashboards, datasources, api_keys, sessions)
10 years ago
limitReached, err := middleware.QuotaReached(ctx, "user")
if err != nil {
ctx.Handle(500, "Failed to get user quota", err)
return
}
if limitReached {
ctx.Redirect(setting.AppSubUrl + "/login")
return
}
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers
11 years ago
cmd := m.CreateUserCommand{
support setting default org role when adding user via grafana.net auth
9 years ago
Login: userInfo.Email,
Email: userInfo.Email,
Name: userInfo.Name,
Company: userInfo.Company,
DefaultOrgRole: userInfo.Role,
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}
if err = bus.Dispatch(&cmd); err != nil {
ctx.Handle(500, "Failed to create account", err)
return
}
userQuery.Result = &cmd.Result
} else if err != nil {
ctx.Handle(500, "Unexpected error", err)
}
// login
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers
11 years ago
loginUserWithUser(userQuery.Result, ctx)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
Added server metrics
10 years ago
metrics.M_Api_Login_OAuth.Inc(1)
fixed oauth login redirect when using app sub url
11 years ago
ctx.Redirect(setting.AppSubUrl + "/")
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}