grafana

Commit Graph

Author	SHA1	Message	Date
Gabriel MABILLE	059ba25973	AuthN: Check API Key is not trying to access another organization (#78749 ) * AuthN: Check API Key is not trying to access another organization * Revert local change * Add test * Discussed with Kalle we should set r.OrgID * Syntax sugar * Suggestion org-mismatch	2 years ago
Jo	7d559bc69a	AuthProxy: Do not allow sessions to be assigned with other methods (#78602 ) do not allow login token with other methods	2 years ago
Kevin Wang	8bdfb7e1cf	chore(authn.service): fix typo in log statement (#76205 )	2 years ago
Karl Persson	1eb19befaa	Login: refactor auth info package (#78459 ) * Remove unused stats and metrics * No longer collect metrics * Remove unused dependency * Move database from sub package	2 years ago
Karl Persson	d42201dbf4	Login: remove unused function (#78442 ) * Move test to the db so we test the queries and not just testing the mock * Remove unused function and dependencies * Remove unused functions from the database * Add some integration tests	2 years ago
Karl Persson	140b5b4a61	AuthN: Add debug logs and check error during oauth token sync (#78323 ) Add some debug logs and handle error	2 years ago
Ryan McKinley	f69fd3726b	FeatureToggles: Add context and and an explicit global check (#78081 )	2 years ago
Ryan McKinley	5d5f8dfc52	Chore: Upgrade Go to 1.21.3 (#77304 )	2 years ago
Gabriel MABILLE	83e9088314	AuthN: Set oauth client grant_types based on plugin state (#77248 ) * Disable plugin service account * Fix bug seen by linoman 💯 Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Account for PR feedback Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Fix test data * Enable datasource plugins by default Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> * Update pkg/services/extsvcauth/oauthserver/oasimpl/service.go * Handle error differently * Fix service reg --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>	2 years ago
Misi	1e81ffccac	Auth: Handle when access token has already been refreshed in OAuth token sync (#77118 ) * Use singleflight to prevent logging error if the token has already been refreshed * Change order of error checks * align tests, change error name * Change sf key * Update based on the review * refactor	2 years ago
Karl Persson	ed1c50233f	Revert "AuthN: move oauth token hook into session client" (#76882 ) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit `455cede699`.	2 years ago
Karl Persson	455cede699	AuthN: move oauth token hook into session client (#76688 ) * Move rotate logic into its own function * Move oauth token sync to session client * Add user to the local cache if refresh tokens are not enabled for the provider so we can skip the check in other requests	2 years ago
Karl Persson	1528d6f5c4	Authn: Prevent empty username and email during sync (#76330 ) * Move errors to error file * Move check for both empty username and email to user service * Move check for empty email and username to user service Update * Wrap inner error * Set username in test	2 years ago
Karl Persson	ceb6f8b409	Authn: error logs (#76264 ) * Reduce to debug for session need rotation error * try to extract log level from error and fallback to warning	2 years ago
Karl Persson	ea741dda6b	Signingkeys: Add local cache (#76234 ) * IDForwarding: change audience to be prefixed by org and remove JTI * IDForwarding: Construct new signer each time we want to sign a token. * SigningKeys: Simplify storage layer and move logic to service * SigningKeys: Add private key to local cache	2 years ago
Karl Persson	81b366e2c8	AuthN: Make logger less noisy (#76044 ) * Change to debug for token needs rotation errors	2 years ago
Misi	bd2191c158	Auth: OAuth token sync improvements (#75943 ) * Add metric, improve token refresh * changes * handle ctx cancelled * Fix import order	2 years ago
Gabriel MABILLE	193ec8de2b	AuthN: Move oauthserver to extsvcauth (#75972 ) * AuthN: Move oauthserver to extsvcauth * Codeowners	2 years ago
Jo	44fa0697ce	Auth: Signing Key persistence (#75487 ) * signing key wip use db keyset storage add signing_key table add testing for key storage add ES256 key tests Remove caching and implement UpdateOrCreate Stabilize interfaces * Encrypt private keys * Fixup signer * Fixup ext_jwt * Add GetOrCreatePrivate with automatic key rotation * use GetOrCreate for ext_jwt * use GetOrCreate in id * catch invalid block type * fix broken test * remove key generator * reduce public interface of signing service	2 years ago
Marcus Efraimsson	e4c1a7a141	Tracing: Standardize on otel tracing (#75528 )	2 years ago
Karl Persson	7a38090bc0	AuthN: Fix namespaces for anonymous and render (#75661 ) * AuthN: remove IsAnonymous from identity struct and set correct namespace for anonymous and render * Don't parse user id for render namespace	2 years ago
Karl Persson	fd2235b5ad	AuthN: Implement requester interface for identity (#75618 ) * AuthN: Implement identity.Requester interface for authn.Identity * AuthN: Replace OrgRole with GetOrgRole * IDForwarding: skip converting to SignedInUser * Pass identity directly in permission sync hook	2 years ago
Karl Persson	b9b4246432	IDForwarding: Add auth hook to generate id token (#75555 ) * AuthN: Move identity struct to its own file * IDForwarding: Add IDToken property to usr and identity structs and add GetIDToken to requester interface * Inject IDService into background services * IDForwarding: Register post auth hook when feature toggle is enabled	2 years ago
Gabriel MABILLE	0ed649b108	AuthN: Change EnableDisabledUserHook to EnableUserHook (#75248 ) * Replace the enable disable user hook by a hook that systematically enable users * Fix tests * Remove the skip test	2 years ago
Jo	40a1f8434d	Anon: Scaffold anon service (#74744 ) * remove API tagging method and authed tagging * add anonstore move debug to after cache change test order fix issue where mysql trims to second * add old device cleanup lint utc-ize everything trim whitespace * remove dangling setting * Add delete devices * Move anonymous authnclient to anonimpl * Add simple post login hook * move registration of Background Service cleanup * add updated_at index * do not untag device if login err * add delete device integration test	2 years ago
Gabriel MABILLE	c8149d50f9	LDAP: FIX Enable users on successfull login (#75073 ) * LDAP: Enable users on successfull login * Force enable ldap users on successful login * Fix tests * Fix tests	2 years ago
Karl Persson	cebae4fb9a	Requester: Update GetCacheKey (#74834 ) * AuthN: re-export all namespaces * Identity: Change signature of GetCacheKey * User: check HasUniqueID * Default to org role None if role is empty	2 years ago
Artur Wierzbicki	d50ccd6741	Chore: AuthN/IdentitySynchronizer interface/impl compatibility wire fix (#74400 ) authn/identitysynchronizer fix	2 years ago
linoman	13f4382214	Auth: Implement requester interface in access control module (#74289 ) * Implement requester interface in the access control module	2 years ago
Serge Zaitsev	8187d8cb66	Chore: capitalise log message for auth packages (#74332 )	2 years ago
Ryan McKinley	025b2f3011	Chore: use any rather than interface{} (#74066 )	2 years ago
Gabriel MABILLE	f900098cc9	[LDAP] Disable removed users on login (#74016 ) * [LDAP] Disable removed users on login * Fix tests * Add test for user disabling * Add tests for disabling user behind auth proxy * Linting. * Rename setup func * Account for reviews comments Co-authored-by: Kalle Persson <kalle.persson@grafana.com> --------- Co-authored-by: Kalle Persson <kalle.persson@grafana.com>	2 years ago
Karl Persson	37ceffb74c	Authn: Standardize errors (#74012 )	2 years ago
Jo	fe1563882a	Chore: Port oauth token service to identity requester (#73988 ) * port oauth token service to identity requester * fix broken test * no need to check for render	2 years ago
Gabriel MABILLE	9e52414a91	LDAP: Fix active sync with large quantities of users (#73834 )	2 years ago
Karl Persson	5d14b6ba19	AuthProxy: Fix user retrieval through cache (#73802 ) * AuthProxy: Change auth proxy sync cache key	2 years ago
Marcus Efraimsson	040b7d2571	Chore: Add errutils helpers (#73577 ) Add helpers for the errutil package in favor of errutil.NewBase.	2 years ago
Karl Persson	618daf0518	Login: remove login.Service (#73542 )	2 years ago
Karl Persson	124e0efe1f	Authn: external identity sync (#73461 ) * Authn: Add interface for external identity sync This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default * Authn: Add SyncIdentity to fake and add a new mock	2 years ago
Karl Persson	e53e22ef2a	Contexthandler: Remove code that is no longer used (#73101 ) * Contexthandler: remove dead code * Contexthandler: Add tests * Update pkg/tests/api/alerting/api_alertmanager_test.go Co-authored-by: Jo <joao.guerreiro@grafana.com> --------- Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Jo	bd1a856d33	Auth: Add SignedIn user interface NamespacedID (#72944 ) * wip * scope active user to 1 org * remove TODOs * add render auth namespace * import cycle fix * make condition more readable * convert Evaluate to user Requester * only use active OrgID for SearchUserPermissions * add cache key to interface definition * change final SignedInUsers to interface * fix api key managed roles fetch * fix anon auth id parsing * Update pkg/services/accesscontrol/acimpl/accesscontrol.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Karl Persson	144e4887ee	Auth: Use authn.Service for all tests (#72921 ) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token	2 years ago
Ryan McKinley	7431c0ddb1	UserSync: Avoid UpdateLastSeenAt with invalid user ids (#72776 ) * avoid user zero * more errors * more tests * split	2 years ago
Jo	7d347cd428	Auth: remove org count from signedInUser (#72661 ) * tweaks * remove org count from signedinUser * remove org count from signedinUser store * fix broken tests * restore frontend interface	2 years ago
Aksel Skaar Leirvaag	6d98d06f6e	Auth: Check id token expiry date (#69829 ) * fixed: added id token expiry check to oauth token sync * use go-jose and id token in cache * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go * refactored getOAuthTokenCacheTTL and added unit tests * Small changes to oauth_token_sync * Remove unnecessary contexthandler changes --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>	2 years ago
Jo	3353b1a8aa	Auth: Add authed device tagging (#72442 ) * add authed device tagging * fix config * implement feedback * implement feedback * add reverse untag behavior * remove duplicate stat * Update pkg/services/anonymous/anonimpl/impl.go	2 years ago
Jo	e04a6fb08e	Auth: Fix static test fake (#72514 ) fix static fake	2 years ago
Jo	a4a87f6228	Auth: Rename Sessions to Devices in counting (#72432 ) * rename session to device * rename session to device	2 years ago
Jo	ed780ce0e9	Auth: Fix Last Seen being updated on every request (#72036 ) * make sure LastSeen hook has information to decide if update is necessary * make user service check if it should update the user's last seen * do not run last seen hook if is a login request * make service return error when last seen is up to date * fix err * Update pkg/services/contexthandler/contexthandler.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix golint --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Misi	dcf26564db	OAuth: Introduce user_refresh_token setting and make it default for the selected providers (#71533 ) * First changes * WIP docs * Align current tests * Add test for UseRefreshToken * Update docs * Fix * Remove unnecessary AuthCodeURL from generic_oauth * Change GitHub to disable use_refresh_token by default	2 years ago

1 2 3

141 Commits (059ba2597357a84083ab5c726dc920ae9f8644f2)