|
|
|
|
@ -127,40 +127,21 @@ func GetAuthInfo(query *m.GetAuthInfoQuery) error { |
|
|
|
|
return m.ErrUserNotFound |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if userAuth.OAuthAccessToken != "" { |
|
|
|
|
decodedAccessToken, err := base64.StdEncoding.DecodeString(userAuth.OAuthAccessToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
decryptedAccessToken, err := util.Decrypt(decodedAccessToken, setting.SecretKey) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
userAuth.OAuthAccessToken = string(decryptedAccessToken) |
|
|
|
|
|
|
|
|
|
secretAccessToken, err := decodeAndDecrypt(userAuth.OAuthAccessToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
if userAuth.OAuthRefreshToken != "" { |
|
|
|
|
decodedRefreshToken, err := base64.StdEncoding.DecodeString(userAuth.OAuthRefreshToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
decryptedRefreshToken, err := util.Decrypt(decodedRefreshToken, setting.SecretKey) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
userAuth.OAuthRefreshToken = string(decryptedRefreshToken) |
|
|
|
|
secretRefreshToken, err := decodeAndDecrypt(userAuth.OAuthRefreshToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
if userAuth.OAuthTokenType != "" { |
|
|
|
|
decodedTokenType, err := base64.StdEncoding.DecodeString(userAuth.OAuthTokenType) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
decryptedTokenType, err := util.Decrypt(decodedTokenType, setting.SecretKey) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
userAuth.OAuthTokenType = string(decryptedTokenType) |
|
|
|
|
secretTokenType, err := decodeAndDecrypt(userAuth.OAuthTokenType) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
userAuth.OAuthAccessToken = secretAccessToken |
|
|
|
|
userAuth.OAuthRefreshToken = secretRefreshToken |
|
|
|
|
userAuth.OAuthTokenType = secretTokenType |
|
|
|
|
|
|
|
|
|
query.Result = userAuth |
|
|
|
|
return nil |
|
|
|
|
@ -176,22 +157,22 @@ func SetAuthInfo(cmd *m.SetAuthInfoCommand) error { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if cmd.OAuthToken != nil { |
|
|
|
|
secretAccessToken, err := util.Encrypt([]byte(cmd.OAuthToken.AccessToken), setting.SecretKey) |
|
|
|
|
secretAccessToken, err := encryptAndEncode(cmd.OAuthToken.AccessToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
secretRefreshToken, err := util.Encrypt([]byte(cmd.OAuthToken.RefreshToken), setting.SecretKey) |
|
|
|
|
secretRefreshToken, err := encryptAndEncode(cmd.OAuthToken.RefreshToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
secretTokenType, err := util.Encrypt([]byte(cmd.OAuthToken.TokenType), setting.SecretKey) |
|
|
|
|
secretTokenType, err := encryptAndEncode(cmd.OAuthToken.TokenType) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
authUser.OAuthAccessToken = base64.StdEncoding.EncodeToString(secretAccessToken) |
|
|
|
|
authUser.OAuthRefreshToken = base64.StdEncoding.EncodeToString(secretRefreshToken) |
|
|
|
|
authUser.OAuthTokenType = base64.StdEncoding.EncodeToString(secretTokenType) |
|
|
|
|
authUser.OAuthAccessToken = secretAccessToken |
|
|
|
|
authUser.OAuthRefreshToken = secretRefreshToken |
|
|
|
|
authUser.OAuthTokenType = secretTokenType |
|
|
|
|
authUser.OAuthExpiry = cmd.OAuthToken.Expiry |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -210,21 +191,22 @@ func UpdateAuthInfo(cmd *m.UpdateAuthInfoCommand) error { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if cmd.OAuthToken != nil { |
|
|
|
|
secretAccessToken, err := util.Encrypt([]byte(cmd.OAuthToken.AccessToken), setting.SecretKey) |
|
|
|
|
secretAccessToken, err := encryptAndEncode(cmd.OAuthToken.AccessToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
secretRefreshToken, err := util.Encrypt([]byte(cmd.OAuthToken.RefreshToken), setting.SecretKey) |
|
|
|
|
secretRefreshToken, err := encryptAndEncode(cmd.OAuthToken.RefreshToken) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
secretTokenType, err := util.Encrypt([]byte(cmd.OAuthToken.TokenType), setting.SecretKey) |
|
|
|
|
secretTokenType, err := encryptAndEncode(cmd.OAuthToken.TokenType) |
|
|
|
|
if err != nil { |
|
|
|
|
return err |
|
|
|
|
} |
|
|
|
|
authUser.OAuthAccessToken = base64.StdEncoding.EncodeToString(secretAccessToken) |
|
|
|
|
authUser.OAuthRefreshToken = base64.StdEncoding.EncodeToString(secretRefreshToken) |
|
|
|
|
authUser.OAuthTokenType = base64.StdEncoding.EncodeToString(secretTokenType) |
|
|
|
|
|
|
|
|
|
authUser.OAuthAccessToken = secretAccessToken |
|
|
|
|
authUser.OAuthRefreshToken = secretRefreshToken |
|
|
|
|
authUser.OAuthTokenType = secretTokenType |
|
|
|
|
authUser.OAuthExpiry = cmd.OAuthToken.Expiry |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -244,3 +226,31 @@ func DeleteAuthInfo(cmd *m.DeleteAuthInfoCommand) error { |
|
|
|
|
return err |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// decodeAndDecrypt will decode the string with the standard bas64 decoder
|
|
|
|
|
// and then decrypt it with grafana's secretKey
|
|
|
|
|
func decodeAndDecrypt(s string) (string, error) { |
|
|
|
|
// Bail out if empty string since it'll cause a segfault in util.Decrypt
|
|
|
|
|
if s == "" { |
|
|
|
|
return "", nil |
|
|
|
|
} |
|
|
|
|
decoded, err := base64.StdEncoding.DecodeString(s) |
|
|
|
|
if err != nil { |
|
|
|
|
return "", err |
|
|
|
|
} |
|
|
|
|
decrypted, err := util.Decrypt(decoded, setting.SecretKey) |
|
|
|
|
if err != nil { |
|
|
|
|
return "", err |
|
|
|
|
} |
|
|
|
|
return string(decrypted), nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// encryptAndEncode will encrypt a string with grafana's secretKey, and
|
|
|
|
|
// then encode it with the standard bas64 encoder
|
|
|
|
|
func encryptAndEncode(s string) (string, error) { |
|
|
|
|
encrypted, err := util.Encrypt([]byte(s), setting.SecretKey) |
|
|
|
|
if err != nil { |
|
|
|
|
return "", err |
|
|
|
|
} |
|
|
|
|
return base64.StdEncoding.EncodeToString(encrypted), nil |
|
|
|
|
} |
|
|
|
|
|
Sean Lafferty
6 years ago