grafana

Commit Graph

Author	SHA1	Message	Date
Karl Persson	efeb0daec6	AuthN: Add oauth clients and perform oauth authentication with authn.Service (#62072 ) * AuthN: Update signature of redirect client and RedirectURL function * OAuth: use authn.Service to perform oauth authentication and login if feature toggle is enabled * AuthN: register oauth clients * AuthN: set auth module metadata * AuthN: add logs for failed login attempts * AuthN: Don't use enable disabled setting * OAuth: only run hooks when authnService feature toggle is disabled * OAuth: Add function to handle oauth errors from authn.Service	2 years ago
Serge Zaitsev	7dbd2cd139	Chore: Fix goimports grouping (#62426 ) fix goimports ordering	2 years ago
Kristin Laemmert	9256a520a4	chore: move user_auth models to (mostly) login service (#62269 ) * chore: move user_auth models to (mostly) login service	2 years ago
Eric Leijonmarck	5531e22f46	Auth: Add disable of team sync for JWT Authentication (#62191 ) * fix: disable team sync for JWT Authentication * add: comment to test * change test to conform to new expected behavior * fix: spelling * formatting	2 years ago
Karl Persson	3447ad2602	AuthN: support priority for post auth and post login hooks (#62208 ) * AuthN: store post auth hooks in a priority list and update registration function to take a priority * AuthN: store post login hooks in a priority list and update registration function to take a priority * AuthN: Change priority for sync user	2 years ago
Jo	284ca4eab4	AuthN: JWT remove unnecessary if (#62233 ) remove unnecessary if	2 years ago
Karl Persson	95ea4bad6f	AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705 ) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Karl Persson	50608db59a	AuthN: Add interface and function to operate on clients that supports redirects (#61905 )	2 years ago
Kristin Laemmert	cd08f2575a	chore: move jwt models into auth/jwt (#61862 ) * chore: move jwt models into auth/jwt	2 years ago
linoman	56c2755b3b	Fix JWT claims request (#61650 ) * Fix JWT claims request * Add test scenarios for missing config options	2 years ago
linoman	4d095547f8	Auth: Implement skip org role sync for jwt (#61647 ) * Add new config option * Add frontend control * Condition new auth broker with config option * Condition old auth broker with config option Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Jo	ecafb4dd15	Auth forwarding: Pass tokens without refresh (#61634 ) * return only tokens from oauth * feedback	2 years ago
Karl Persson	412d80b498	AuthN: Add post auth hook for oauth token refresh (#61608 ) * AuthN: rename package to sync * AuthN: rename sync files * Ouath: Add mock for OauthTokenService * AuthN: Implement access token refresh hook * AuthN: remove feature check from hook * AuthN: register post auth hook for oauth token refresh	2 years ago
Karl Persson	766fa4e7d5	AuthN: Add last seen sync hooks for user and api keys (#61571 ) * AUthN: Add last seen sync hooks for user / service account and move api key last seen to own hook * ContextHandler: only run sync for last seen if auth.Service is not enabled	2 years ago
Karl Persson	b44b6fc5c6	AuthN: Add auth proxy client (#61555 ) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down	2 years ago
Karl Persson	2324597d8d	AuthN: Perform login with authn.Service (#61466 ) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors	2 years ago
Jo	6fec8fda39	AuthN: Clean errors in user/org sync (#61560 ) * clean errors in user/org sync * lower logging level for non 5xx errors	2 years ago
Jo	be3b81fecd	AuthN: Readd user protection service to user sync (#61534 ) * add user protection service to user sync * fix tests	2 years ago
Jo	dcfeab2c73	AuthN: User Quota (#61540 ) * remove reqContext from quota checks in login * add guards for nil ScopeParams	2 years ago
Misi	b8b08ea292	Auth: Add sub claim check to JWT Auth pre-checks (#61417 ) * Auth: Add sub claim check to JWT Auth pre-checks * Add #nosec annotation to the test tokens	2 years ago
Karl Persson	0d572ff2ce	AuthN: Add check for disabled identities (#61382 ) * AuthN: return error if identity is disabled * AuthN: Remove isDisabled check in client * AuthN: Format imports	2 years ago
Karl Persson	3e8857acb8	AuthN: Post login hooks (#61287 ) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata	2 years ago
Jo	0c8ad80575	Authn: JWT client (#61157 ) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>	2 years ago
Karl Persson	2de72c1c39	AuthN: Login (#61225 ) * AuthN: Add function to login auth request	2 years ago
Karl Persson	a49892c9ac	AuthN: Refactor basic auth client to support multiple password auth (#61153 ) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests	2 years ago
idafurjes	7dcb502b33	Chore: Remove org model duplicates (#61025 ) Remove org model duplicates	2 years ago
Jo	c2ad447f8c	AuthN: Document identity and add missing fields (#61094 ) * add missing fields in identity * add description of Identity fields	2 years ago
Karl Persson	cdd7392f68	AuthN: Make client params part of the identity (#61050 ) * AuthN: Change client params to be a return value of authenticate * AuthN: move client params to be part of the identity	2 years ago
Karl Persson	d572ccdb2a	AuthN: tune logging (#60917 ) * AuthN: remove comment * AuthN: Only start trace if valid authentication client is used	2 years ago
idafurjes	bb35f37b66	Chore: Delete org model duplicates (#60940 ) * Delete org model duplicates * Fix lint * Move OrgDetailsDTO to org pkg	2 years ago
Jo	a226903ec6	AuthN: Add session client (#60894 ) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor	2 years ago
Karl Persson	da24a9d74e	AuthN: Add render auth client (#60914 ) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled	2 years ago
Karl Persson	9fbb29c588	AuthN: Add client to perform basic authentication (#60877 ) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies	2 years ago
Karl Persson	c4b4baea2a	AuthN: set org id for authentication request in service (#60528 ) * AuthN: Replicate functionallity to get org id for request * Authn: parse org id for the request and populate the auth request with it * AuthN: add simple mock for client to use in test * AuthN: add tests to verify that authentication is called with correct org id * AuthN: Add ClientParams to mock * AuthN: Fix flaky org id selection	2 years ago
Jo	a553040441	Authn: Refactor user sync and org sync as post auth hooks (#60504 ) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards	2 years ago
Karl Persson	2e53a58bc3	Authn: Add client for api keys (#60339 ) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint	2 years ago
Karl Persson	22be025284	Auth: Add anonymous authn client (#59637 ) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client	3 years ago
Karl Persson	17ec4089dc	Features: Add aplha feature toggle for authn service (#59469 ) * Features: Add aplha feature toggle for authn service * AuthN: Add service boilerplate * Set authnz-team as codeowners of authn service	3 years ago

38 Commits (2f2046eff794f306aaad8b16658a3a35cfdb3d4c)