grafana

Commit Graph

Author	SHA1	Message	Date
Misi	d411ce2664	Auth: Use sessionStorage instead of cookie for automatic redirection (#92759 ) * WIP: working as expected, has to be tested * Rename query param, small changes * Remove unused code * Address feedback * Cleanup * Use the feature toggle to control the behaviour * Use the toggle on the FE too * Prevent the extra redirect/reload Co-authored-by: Josh Hunt <joshhunt@users.noreply.github.com> * Return to login if user is not authenticated * Add tracking issue * Align BE redirect constructor to locationSvc	9 months ago
Karl Persson	7a78ad3893	Authn: Remove response writer from auth req (#90110 ) Authn: Remove response writer from request	1 year ago
Karl Persson	43aab615c3	Auth: Remove unused Authenticator service (#73143 ) Auth: remove unused Authenticator service	2 years ago
Karl Persson	2c57bca176	Auth: Remove auth broker flag and clean up login handlers (#73109 ) * Auth: Remove auth broker flag and clean up login handlers	2 years ago
Karl Persson	144e4887ee	Auth: Use authn.Service for all tests (#72921 ) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token	2 years ago
Jo	b8a336c9d7	Auth: Remove Email Lookup from oauth integrations (#894 ) Remove email lookup from oauth integrations Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	914daef0fd	Auth: Add request context to UserInfo calls (#70007 ) * use context for UserInfo requests * set timeouts for oauth http client * Update pkg/login/social/common.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Jo	aee5c6dea0	Auth: Use auth broker by default (#69620 ) remove authnservice toggle	2 years ago
Serge Zaitsev	a38f230d37	Chore: Remove result fields from login (#65136 ) * remove result fields from login * fix tests * fix tests * another shadowing	2 years ago
Karl Persson	382b24742a	Auth: Add feature flag to move token rotation to client (#65060 ) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Karl Persson	872d2d1e1c	AuthN: Login error handling (#64239 ) * Social: Fix type so it appears in error responses * AuthN: construct errutil.Error from social.Error * login: Check for errutil.Error and use public message * Login: redirectURLWithErrorCookie for authn errors Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Karl Persson	f258adadbf	AuthN: add utility functions for different type of login responses (#64133 ) * AuthN: add utility functions to handle response and redirect after successful login * API: Reuse utility functions for logins if authnService flag is enabled	2 years ago
Karl Persson	efeb0daec6	AuthN: Add oauth clients and perform oauth authentication with authn.Service (#62072 ) * AuthN: Update signature of redirect client and RedirectURL function * OAuth: use authn.Service to perform oauth authentication and login if feature toggle is enabled * AuthN: register oauth clients * AuthN: set auth module metadata * AuthN: add logs for failed login attempts * AuthN: Don't use enable disabled setting * OAuth: only run hooks when authnService feature toggle is disabled * OAuth: Add function to handle oauth errors from authn.Service	2 years ago
Kristin Laemmert	9256a520a4	chore: move user_auth models to (mostly) login service (#62269 ) * chore: move user_auth models to (mostly) login service	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Karl Persson	5b4e1ee6fc	Oauth: Remove extra decoding of redirect url (#60875 ) Oauth: remove extra decoding of redirect cookie url	3 years ago
Misi	9c98314e9f	OAuth: Refactor OAuth parameters handling to support obtaining refresh tokens for Google OAuth (#58782 ) * Add ApprovalForce to AuthCodeOptions * Extract access token validity check to a function * Refactor * Oauth: set options internally instead of exposing new function * Align tests * Remove unused function Co-authored-by: Karl Persson <kalle.persson@grafana.com>	3 years ago
Misi	4915d21c25	OAuth: Feature toggle for access token expiration check and docs (#58179 ) * Add feature toggle for access token expiration check * Add docs for configuring refresh tokens * Update docs * Update docs based on review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Improve documentation * Change access_type default to Offline * Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update pkg/services/featuremgmt/registry.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Regenerate toggles * Update Generic OAuth docs Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>	3 years ago
Jo	7f3536a6d2	OAuth: Fix misleading warn log related to oauth and increase logged content (#57336 ) * only emit warn log when sync is not skipped. Fix warn log that had wrong recommendation * log presence of refresh token	3 years ago
Misi	9c954d06ab	Auth: Refresh OAuth access_token automatically using the refresh_token (#56076 ) * Verify OAuth token expiration for oauth users in the ctx handler middleware * Use refresh token to get a new access token * Refactor oauth_token.go * Add tests for the middleware changes * Align other tests * Add tests, wip * Add more tests * Add InvalidateOAuthTokens method * Fix ExpiryDate update to default * Invalidate OAuth tokens during logout * Improve logout * Add more comments * Cleanup * Fix import order * Add error to HasOAuthEntry return values * add dev debug logs * Fix tests Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Junaid Ali	33eb4a2807	Exclude full OAuth token details from printing out on stdout (#55426 ) * remove token details from printing out on stdout * Update login_oauth.go * address comment	3 years ago
Jo	00e7324bf6	Auth: Restore legacy behavior and add deprecation notice for empty org role in oauth (#55118 ) * Auth: Add deprecation notice for empty org role Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix recasts * fix azure tests missing logger * Adding test to gitlab oauth * Covering more cases * Cover more options * Add role attributestrict check fail * Adding one more edge case test * Using legacy for gitlab * Yet another edge case YAEC * Reverting github oauth to legacy Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Not using token Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Nit. * Adding warning in docs Co-authored-by: Jguer <joao.guerreiro@grafana.com> * add warning to generic oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Be more precise Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to github oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to gitlab oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Adding warning to okta oauth Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Add docs about mapping to AzureAD Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Clarify oauth_skip_org_role_update_sync Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Nit. * Nit on Azure AD Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Reorder docs index Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Fix typo Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: gamab <gabi.mabs@gmail.com>	3 years ago
Jo	ef245874da	OAuth: Allow assigning Server Admin (#54780 ) * extract errors to errors file * implement oauth server admin assignment * add server admin tests * deduplicate autoAssignOrgRole * deduplicate strict setting * deduplicate strict setting * add support for generic oauth * add role attribute strict support for generic oauth * add support for github/gitlab * assignGrafanaAdmin option is here to stay * unify similar errors * add config option * add okta server admin mapping * remove never used Company attribute * unify generic oauth role extract with other methods * case insensitive role match as in azure * add ini settings * add server admin to devenv * remove duplicate fields * add documentation to oauth * fix titlecase test * implement doc feedback	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
Jo	beb3cb9abe	Oauth: Reduce error scope on upsert (#53242 )	3 years ago
Jo	f3ee57abef	Fix: Choose Lookup params per auth module (#395 ) (#52312 ) Co-authored-by: Karl Persson <kalle.persson@grafana.com> Fix: Prefer pointer to struct in lookup Co-authored-by: Karl Persson <kalle.persson@grafana.com> Fix: user email for ldap Co-authored-by: Karl Persson <kalle.persson@grafana.com> Fix: Use only login for lookup in LDAP Co-authored-by: Karl Persson <kalle.persson@grafana.com> Fix: use user email for ldap Co-authored-by: Karl Persson <kalle.persson@grafana.com> fix remaining test fix nit picks	3 years ago
idafurjes	6c43eb0b4d	Split Create User (#50502 ) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2	3 years ago
Jguer	d2ab3556fa	OAuth: Restore debug log behavior (#51244 )	3 years ago
Karl Persson	95a4c4a4d6	OAuth: Redirect to login if no oauth module is found or if module is not configured (#50661 ) * OAuth: Redirect to login if no oauth module is found or if module is not configured * OAuth: Update test to check for location header	3 years ago
Alexander Zobnin	9b61d9eb1c	Fix wrap_handler() panic during OAuth login (#49671 )	3 years ago
baez90	6beba5a049	Chore: add setting to skip org assignment for external users (#34834 ) * Chore: add setting to skip org assignment for external users Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users. As a consequence manual organization assignments won't be overridden during the upsert of an external user. Part of #22605 * Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section * Chore: replace global setting access where possible	3 years ago
ying-jeanne	016fa77460	remove bus from loginservice (#44907 )	3 years ago
idafurjes	8e6d6af744	Rename DispatchCtx to Dispatch (#43563 )	4 years ago
Serge Zaitsev	d9cdcb550e	Chore: Refactor api handlers to use web.Bind (#42199 ) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments	4 years ago
idafurjes	ac6867c3bb	Chore: Add context to authinfo (#42096 ) * Add context to authinfo * Replace Dispatch with DispatchCtx	4 years ago
ying-jeanne	54de1078c8	remove the global log error/warn etc functions (#41404 ) * remove the global log error/warn etc functions and use request context logger whenever possible	4 years ago
ying-jeanne	681218275e	remove crit and trace (#40320 )	4 years ago
Emil Tullstedt	e73cd2fdeb	OAuth: Support PKCE (#39948 )	4 years ago
Serge Zaitsev	57fcfd578d	Chore: replace macaron with web package (#40136 ) * replace macaron with web package * add web.go	4 years ago
Serge Zaitsev	063160aae2	Chore: pass url parameters through context.Context (#38826 ) * pass url parameters through context.Context * fix url param names without colon prefix * change context params to vars * replace url vars in tests using new api * rename vars to params * add some comments * rename seturlvars to seturlparams	4 years ago
idafurjes	60ac54d969	Chore: Refactor OAuth/social package to service (#35403 ) * Creating SocialService * Add GetOAuthProviders as socialService method * Add OAuthTokenService * Add GetOAuthHttpClient method to SocialService * Rename services, access socialMap from GetConnector * Fix tests by mocking oauthtoken methods * Move NewAuthService into Init * Move OAuthService to social pkg * Refactor OAuthService to OAuthProvider * Fix nil map error, rename file, simplify tests * Fix bug for Forward OAuth Identify * Remove file after rebase	4 years ago
Arve Knudsen	dd2d206d99	Backend: Remove more globals (#29644 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	c2cad26ca9	Chore: Disable default golangci-lint filter (#29751 ) * Disable default golangci-lint filter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix linter warnings Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Arve Knudsen	294770f411	Chore: Handle wrapped errors (#29223 ) * Chore: Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Agnès Toulet	2c246276fd	API: replace SendLoginLogCommand with LoginHook (#28777 ) * API: replace SendLoginLogCommand with LoginHook * LoginInfo: Query -> LoginUsername	5 years ago
Bill Oley	19caa100dc	OAuth: Fix token refresh failure when custom SSL settings are configured for OAuth provider (#27523 ) OAuth token refresh fails when custom SSL settings are configured for oauth provider. These changes makes sure that custom SSL settings are applied for HTTP client before refreshing token. Fixes #27514	5 years ago
Agnès Toulet	a9daaadd50	API: send Login actions (#27249 ) * API: first version to send events about login actions * API: improve login actions events * Login: update auth test with new behavior * Login: update auth test for auth module * Login OAuth: improve functions structure * API: make struct public to use for saml * API: add send login log tests for grafana and ldap login * API: remove log from tests * Login API: fix test linting * Update pkg/api/login_oauth.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Login API: refactor using defer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	7589b1b517	OAuth: Refactor user syncing (#26721 ) * OAuth: Refactor user syncing Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Don't ignore error Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	5a6afd9096	OAuth: Add some debug logs (#26716 ) * OAuth: Add some debug logs Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago

1 2 3

130 Commits (08dab3f81600f73e9a8756ac752f37cf1ec611a0)