apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3723 Commits
2186 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: eb793f7feb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eb793f7feb'
${ noResults }
grafana/pkg/api/login.go

162 lines
4.1 KiB
Raw Normal View History Unescape

InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
package api
import (
Worked on login remember cookie, and redirect after login
11 years ago
"net/url"
Changed go package path
11 years ago
"github.com/grafana/grafana/pkg/api/dtos"
Initial work on ldap support, #1450
10 years ago
"github.com/grafana/grafana/pkg/api/ldapauth"
"github.com/grafana/grafana/pkg/auth"
Changed go package path
11 years ago
"github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/log"
Added server metrics
10 years ago
"github.com/grafana/grafana/pkg/metrics"
Changed go package path
11 years ago
"github.com/grafana/grafana/pkg/middleware"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
)
Worked on login remember cookie, and redirect after login
11 years ago
const (
VIEW_INDEX = "index"
)
Changed from goconfig to its new counter part go-ini
11 years ago
func LoginView(c *middleware.Context) {
if err := setIndexViewData(c); err != nil {
c.Handle(500, "Failed to get settings", err)
return
}
Login: only enabled oauth options are shown on login page
11 years ago
settings := c.Data["Settings"].(map[string]interface{})
settings["googleAuthEnabled"] = setting.OAuthService.Google
settings["githubAuthEnabled"] = setting.OAuthService.GitHub
Simplified single org settings, now auto_assign_org, and auto_assign_org_role, new [users] config section, Closes #1585
10 years ago
settings["disableUserSignUp"] = !setting.AllowUserSignUp
Login: only enabled oauth options are shown on login page
11 years ago
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
if !tryLoginUsingRememberCookie(c) {
c.HTML(200, VIEW_INDEX)
return
}
if redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to")); len(redirectTo) > 0 {
c.SetCookie("redirect_to", "", -1, setting.AppSubUrl+"/")
c.Redirect(redirectTo)
return
}
c.Redirect(setting.AppSubUrl + "/")
}
func tryLoginUsingRememberCookie(c *middleware.Context) bool {
Worked on login remember cookie, and redirect after login
11 years ago
// Check auto-login.
uname := c.GetCookie(setting.CookieUserName)
if len(uname) == 0 {
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
return false
Worked on login remember cookie, and redirect after login
11 years ago
}
isSucceed := false
defer func() {
if !isSucceed {
log.Trace("auto-login cookie cleared: %s", uname)
c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl+"/")
c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl+"/")
return
}
}()
userQuery := m.GetUserByLoginQuery{LoginOrEmail: uname}
if err := bus.Dispatch(&userQuery); err != nil {
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
return false
Worked on login remember cookie, and redirect after login
11 years ago
}
user := userQuery.Result
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
// validate remember me cookie
Worked on login remember cookie, and redirect after login
11 years ago
if val, _ := c.GetSuperSecureCookie(
util.EncodeMd5(user.Rands+user.Password), setting.CookieRememberName); val != user.Login {
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
return false
Worked on login remember cookie, and redirect after login
11 years ago
}
isSucceed = true
loginUserWithUser(user, c)
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
return true
}
Worked on login remember cookie, and redirect after login
11 years ago
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
func LoginApiPing(c *middleware.Context) {
if !tryLoginUsingRememberCookie(c) {
c.JsonApiErr(401, "Unauthorized", nil)
Worked on login remember cookie, and redirect after login
11 years ago
return
}
Datasource proxy & session timeout fix (casued 401 Unauthorized error after a while), Fixes #1667
10 years ago
c.JsonOK("Logged in")
Changed from goconfig to its new counter part go-ini
11 years ago
}
Initial work on ldap support, #1450
10 years ago
func LoginPost(c *middleware.Context, cmd dtos.LoginCommand) Response {
sourcesQuery := auth.GetAuthSourcesQuery{}
if err := bus.Dispatch(&sourcesQuery); err != nil {
return ApiError(500, "Could not get login sources", err)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}
Initial work on ldap support, #1450
10 years ago
var err error
var user *m.User
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
Initial work on ldap support, #1450
10 years ago
for _, authSource := range sourcesQuery.Sources {
user, err = authSource.AuthenticateUser(cmd.User, cmd.Password)
if err == nil {
break
}
// handle non invalid credentials error, otherwise try next auth source
if err != auth.ErrInvalidCredentials {
return ApiError(500, "Error while trying to authenticate user", err)
}
}
if err != nil {
return ApiError(401, "Invalid username or password", err)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers
11 years ago
loginUserWithUser(user, c)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
Worked on login remember cookie, and redirect after login
11 years ago
result := map[string]interface{}{
"message": "Logged in",
}
if redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to")); len(redirectTo) > 0 {
result["redirectUrl"] = redirectTo
c.SetCookie("redirect_to", "", -1, setting.AppSubUrl+"/")
}
Added server metrics
10 years ago
metrics.M_Api_Login_Post.Inc(1)
Initial work on ldap support, #1450
10 years ago
return Json(200, result)
}
func LoginUsingLdap(c *middleware.Context, cmd dtos.LoginCommand) Response {
err := ldapauth.Login(cmd.User, cmd.Password)
if err != nil {
if err == ldapauth.ErrInvalidCredentials {
return ApiError(401, "Invalid username or password", err)
}
return ApiError(500, "Ldap login failed", err)
}
return Empty(401)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}
User / Account model split, User and account now seperate entities, collaborators are now AccountUsers
11 years ago
func loginUserWithUser(user *m.User, c *middleware.Context) {
if user == nil {
log.Error(3, "User login with nil user")
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}
Backend auth: remember cookie is needed for oauth logins as well
10 years ago
days := 86400 * setting.LogInRememberDays
c.SetCookie(setting.CookieUserName, user.Login, days, setting.AppSubUrl+"/")
c.SetSuperSecureCookie(util.EncodeMd5(user.Rands+user.Password), setting.CookieRememberName, user.Login, days, setting.AppSubUrl+"/")
More work on backend for user favorites
11 years ago
c.Session.Set(middleware.SESS_KEY_USERID, user.Id)
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}
Added disable user sign up feature
11 years ago
func Logout(c *middleware.Context) {
Worked on login remember cookie, and redirect after login
11 years ago
c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl+"/")
c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl+"/")
A big refactoring for how sessions are handled, Api calls that authenticate with api key will no longer create a new session
10 years ago
c.Session.Destory(c)
Added disable user sign up feature
11 years ago
c.Redirect(setting.AppSubUrl + "/login")
InfluxDB now works in proxy mode, influxdb username and password is added in the backend and never exposed to frontend, #8
11 years ago
}