grafana

Commit Graph

Author	SHA1	Message	Date
Carl Bergquist	b7aa6fed1d	Instrumentation: Add examplars for request histograms (#29357 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	5 years ago
taciomcosta	10ff4eecef	Backend: fix IPv6 address parsing erroneous (#28585 ) * Backend: Fix parsing of client IP address Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Torkel Ödegaard	1076f47509	Dashboard: Fixes kiosk state after being redirected to login page and back (#29273 ) * Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	5 years ago
Arve Knudsen	9593d57914	Chore: Enable errorlint linter (#29227 ) * Enable errorlint linter * Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	4dd7b7a82d	Chore: Remove unused Go code (#28852 ) * Chore: Remove more unused Go code Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	2bf964c61e	Chore: Fix linting issues caught by ruleguard (#28799 ) * Chore: Fix linting issues caught by ruleguard Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Improve error check Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Carl Bergquist	db637a3630	Tracing: log traceID in request logger (#28952 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	5 years ago
Arve Knudsen	3d3a7cbba8	Chore: Fix staticcheck issues (#28860 ) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	494c20db5f	gtime: Add ParseDuration function (#28525 ) * gtime: Make calculations independent of current time Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Introduce gtime.ParseDuration function Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * gtime: Fix ParseDuration Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Marcus Efraimsson	3be82ecd4e	Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158 ) If anonymous access is enabled for an org and there are multiple orgs. When requesting a page that requires user to be logged in and orgId query string is set in the request url to an org not equal the anonymous org, if the user is not logged in should be redirected to the login page. Fixes #26120 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	5 years ago
Carl Bergquist	edbaa9d681	Instrumentation: Add histogram for request duration (#28364 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	5 years ago
Arve Knudsen	a078e40238	Settings: Rename constants/variables to follow Go naming standards (#28002 ) * settings: Rename constants/variables to follow Go naming standards Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	a5d9196a53	Chore/fix lint issues (#27704 ) * Chore: Fix linting issues Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Hansuuuuuuuuuu	8d971ab2f2	Auth: Replace maximum inactive/lifetime settings of days to duration (#27150 ) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Arve Knudsen	4b1eb6e5c7	Chore: Enable gocyclo linter (#26395 ) * Chore: Enable gocyclo linter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * API: Fix linting issue Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * API: Refactor to reduce complexity Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix type assertion Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Agnès Toulet	a9daaadd50	API: send Login actions (#27249 ) * API: first version to send events about login actions * API: improve login actions events * Login: update auth test with new behavior * Login: update auth test for auth module * Login OAuth: improve functions structure * API: make struct public to use for saml * API: add send login log tests for grafana and ldap login * API: remove log from tests * Login API: fix test linting * Update pkg/api/login_oauth.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Login API: refactor using defer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	4c56eb3991	Chore: Enable goprintffuncname and nakedret linters (#26376 ) * Chore: Enable goprintffuncname linter * Chore: Enable nakedret linter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	d4e4cb4c71	Chore: Enable Go linter gocritic (#26224 ) * Chore: Enable gocritic linter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	41d432b5ae	Chore: Enable whitespace linter (#25903 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Sofia Papagiannaki	44dff6fdd0	Auth: Fix POST request failures with anonymous access (#26049 ) Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"	6 years ago
Arve Knudsen	dcd5752086	Chore: Upgrade macaron (#25869 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	5070f7a75b	Chore: Start harmonizing linting with plugin SDK (#25854 ) * Chore: Harmonize linting with plugin SDK Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix linting issues Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	ea2bb7036c	Auth proxy: Ignore stale cache entries (#23979 ) * Auth proxy: Retry without cache if failing to get user	6 years ago
Torkel Ödegaard	d6ed8c522c	Dashboard: Redirects for old edit & view panel urls (#25653 )	6 years ago
Sofia Papagiannaki	fefbbc65a8	Auth: Add support for forcing authentication in anonymous mode and modify SignIn to use it instead of redirect (#25567 ) * Forbid additional redirect urls * Optionally force login in anonymous mode * Update LoginCtrl page to ignore redirect parameter * Modify SignIn to set forceLogin query instead of redirect * Pass appUrl to frontend and use URL API for updating url query * Apply suggestions from code review Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix SignIn test Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	07582a8e85	Chore: Fix various spelling errors in back-end code (#25241 ) * Chore: Fix various spelling errors in back-end code Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>>	6 years ago
Erik Sundell	d94796a022	Auth: Remove trailing / in cookies' path (#22265 ) (#22265 ) According to the stackoverflow answer below, it is recommended to not include a trailing / in cookies' path. By removing the trailing / for our cookies path value, people's browsers visiting grafana will pass the cookie not only to /grafana/ sub paths but also to /grafana sub paths. This commit avoids the situation where a user would visit http://localhost/grafana, get redirected to http://localhost/grafana/login, and following login get redirected back to http://localhost/grafana, but since the grafana_session cookie isn't passed along get redirected back once more to http://localhost/grafana/login. ref: https://stackoverflow.com/questions/36131023/setting-a-slash-on-cookie-path/53784228#53784228 ref: https://tools.ietf.org/html/rfc6265#section-5.1.4	6 years ago
Jon McKenzie	6c9d833602	AuthProxy: Fixes bug where long username could not be cached (#22926 )	6 years ago
Sofia Papagiannaki	be022d4239	API: Fix redirect issues (#22285 ) * Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671) This reverts commit `0e2d874ecf`. * Fix redirect validation (#22675) * Chore: Add test for parse of app url and app sub url Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Fix redirect: prepend subpath only if it's missing (#22676) * Validate redirect in login oauth (#22677) * Fix invalid redirect for authenticated user (#22678) * Login: Use correct path for OAuth logos Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Marcus Efraimsson	4ff613a432	Backend Plugins: Support handling of streaming resource response (#22580 ) Use v0.19.0 of SDK. Support handling of streaming resource response. Disable gzip/compression middleware for resources to allow chunked/streaming response to clients the gzip middleware had to be disabled since it buffers the full response before sending it to the client. Closes #22569 Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Carl Bergquist	f2f2722bb1	chore: avoid aliasing models in middleware (#22484 )	6 years ago
Marcus Efraimsson	d0a80c59f3	Rendering: Store render key in remote cache (#22031 ) By storing render key in remote cache it will enable image renderer to use public facing url or load balancer url to render images and thereby remove the requirement of image renderer having to use the url of the originating Grafana instance when running HA setup (multiple Grafana instances). Fixes #17704 Ref grafana/grafana-image-renderer#91	6 years ago
Carl Bergquist	b0b46991ec	Metrics: Add gauge for requests currently in flight (#22168 ) Add gauge for requests currently in flight. Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Marcus Efraimsson	fd52570b7f	API: Improve recovery middleware when response already been written (#22256 ) Suppresses stacktrace in recovery middleware if error is http.ErrAbortHandler. Skips writing response error in recovery middleware if resoonse have already been written. Skips try rotate of auth token if response have already been written. Skips adding default response headers if response have already been written. Fixes #15728 Ref #18082 Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Carl Bergquist	fe16028e02	Auth: Don't rotate auth token when requests are cancelled by client (#22106 ) if the client closes the connection we should not rotate token since the client will never receive the new token. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Brian Gann	0e2d874ecf	API: Fix redirect issue when configured to use a subpath (#21652 ) * request uri will contain the subpath	6 years ago
Anthony Woods	f56f54b1a3	Auth: Rotate auth tokens at the end of requests (#21347 ) By rotating the auth tokens at the end of the request we ensure that there is minimum delay between a new token being generated and the client receiving it. Adds auth token slow load test which uses random latency for all tsdb queries.. Cleans up datasource proxy response handling. DefaultHandler in middleware tests should write a response, the responseWriter BeforeFuncs wont get executed unless a response is written. Fixes #18644 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Marcus Efraimsson	a1579283a6	Add disabled option for cookie samesite attribute (#21472 ) Breaking change: If disabled the cookie samesite cookie attribute will not be set, but if none the attribute will be set and is a breaking change compared to before where none did not render the attribute. This was due to a known issue in Safari. Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Fixes #19847	6 years ago
Jeffrey Descan	c5f906f472	Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787 ) * Refactor redirect_to cookie with secure flag in middleware * Refactor redirect_to cookie with secure flag in api/login * Refactor redirect_to cookie with secure flag in api/login_oauth * Removed the deletion of 'Set-Cookie' header to prevent logout * Removed the deletion of 'Set-Cookie' at top of api/login.go * Add HttpOnly flag on redirect_to cookies where missing * Refactor duplicated code * Add tests * Refactor cookie options * Replace local function for deleting cookie * Delete redundant calls Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	6 years ago
Torkel Ödegaard	be2bf1a297	AuthProxy: Can now login with auth proxy and get a login token (#20175 ) * AuthProxy: Can now login with auth proxy and get a login token * added unit tests * renamed setting and updated docs * AuthProxy: minor tweak * Fixed tests and namings * spellfix * fix * remove unused setting, probably from merge conflict * fix	6 years ago
Jon Gyllenswärd	53f8088316	Auth Proxy: replace ini setting ldap_sync_ttl with sync_ttl (#20191 ) * Renamed ttl config in code to be more consistent with behaviour * Introduced new setting `sync_ttl` in .ini file * Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.	6 years ago
Arve Knudsen	35e0e078b7	pkg/util: Check errors (#19832 ) * pkg/util: Check errors * pkg/services: DRY up code	6 years ago
Arve Knudsen	6e7c18fc1c	pkg/middleware: Check errors (#19749 ) * pkg/middleware: Check errors * pkg/middleware: Log when gzip middleware handler fails	6 years ago
gotjosh	0cbbb43222	LDAP: Add API endpoint to debug user mapping from LDAP (#18833 ) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.	6 years ago
Marcus Efraimsson	964c2e722f	Snapshot: Fix http api (#18830 ) (cherry picked from commit `be2e2330f5`)	6 years ago
Oleg Gaidarenko	6ca1a6c8da	Auth: change the error HTTP status codes (#18584 ) * Auth: change the error HTTP status codes * Use 407 HTTP status code for incorrect credentials error * Improve proxy auth logs * Remove no longer needed TODO comment Fixes #18439	6 years ago
kay delaney	fb0cec5591	Backend: Adds support for HTTP/2 (#18358 ) * Backend: Adds support for HTTP/2 * Adds mozilla recommended ciphers * Updates sample.ini and config documentation	6 years ago
Sofia Papagiannaki	4e29357d15	Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462 ) * Do not set SameSite login_error cookie attribute if cookie_samesite is none * Do not set SameSite grafana_session cookie attribute if cookie_samesite is none * Update middleware tests	7 years ago
Oleg Gaidarenko	d88fdc86fc	Auth: Do not search for the user twice (#18366 ) * Auth: Do not search for the user twice Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing `GetUserByLoginQuery` only i.e. looking user in DB only, things changed when this function started to check LDAP provider via `LoginUserQuery` (#6940), however, this request was placed after `GetUserByLoginQuery`, so we first looking in DB then in the LDAP - if LDAP user hasn't logged in we will not find it in DB, so `LoginUserQuery` will never be reached. `LoginUserQuery` request already performs `GetUserByLoginQuery` request in correct sequence. So we can just remove redundant request. * Correct sequence execution during authentification & introduce tests for it * Move basic auth tests to separate test file, since main test file already pretty large * Introduce `testing.go` for the middleware module * Remove redundant test helper function * Make handler names more explicit Ref `5777f65d05` Fixes #18329 * Auth: address review comment	7 years ago
Oleg Gaidarenko	7e89a93b5f	Auth: introduce more tests for middleware module (#18365 ) * Add tests for errors basic auth cases and moves tests to separate test-case. Also names test cases consistently * Add additional test helper Ref `82661b9f69`	7 years ago

1 2 3 4 5 ...

308 Commits (38caa80acdbb3f18d2ade47f66ced9ab514b8fe5)