grafana

Commit Graph

Author	SHA1	Message	Date
Arve Knudsen	dd2d206d99	Backend: Remove more globals (#29644 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
taciomcosta	10ff4eecef	Backend: fix IPv6 address parsing erroneous (#28585 ) * Backend: Fix parsing of client IP address Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Torkel Ödegaard	763e958d9d	Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299 )	5 years ago
Arve Knudsen	294770f411	Chore: Handle wrapped errors (#29223 ) * Chore: Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	cb62e69997	Chore: Convert API tests to standard Go lib (#29009 ) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Agnès Toulet	2c246276fd	API: replace SendLoginLogCommand with LoginHook (#28777 ) * API: replace SendLoginLogCommand with LoginHook * LoginInfo: Query -> LoginUsername	5 years ago
Agnès Toulet	65b5086a59	API: add login username in SendLoginLogCommand (#28544 ) * API: add login username in Login actions * LoginUser -> LoginUsername * fix test	5 years ago
Alexander Zobnin	d13c6b4c5a	OAuth: Able to skip auto login (#28357 ) * OAuth: able to skip auto login * OAuth: tests for internal login param * OAuth: rename internal -> disableAutoLogin * OAuth: update log message * OAuth: fix tests	5 years ago
Alexander Zobnin	b55a51e270	SAML Single Logout (#27995 ) * SAML: single logout WIP * SAML: sign SAML requests * SAML: remove unnecessary logs * fix go mod file * Docs: Single Logout * SAML: use api endpoint for single logout * Apply suggestions from code review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * SAML: save context for single logout * Chore: add SAML dependencies Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Arve Knudsen	a5d9196a53	Chore/fix lint issues (#27704 ) * Chore: Fix linting issues Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Hansuuuuuuuuuu	8d971ab2f2	Auth: Replace maximum inactive/lifetime settings of days to duration (#27150 ) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Agnès Toulet	a9daaadd50	API: send Login actions (#27249 ) * API: first version to send events about login actions * API: improve login actions events * Login: update auth test with new behavior * Login: update auth test for auth module * Login OAuth: improve functions structure * API: make struct public to use for saml * API: add send login log tests for grafana and ldap login * API: remove log from tests * Login API: fix test linting * Update pkg/api/login_oauth.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Login API: refactor using defer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	4c56eb3991	Chore: Enable goprintffuncname and nakedret linters (#26376 ) * Chore: Enable goprintffuncname linter * Chore: Enable nakedret linter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Sofia Papagiannaki	fefbbc65a8	Auth: Add support for forcing authentication in anonymous mode and modify SignIn to use it instead of redirect (#25567 ) * Forbid additional redirect urls * Optionally force login in anonymous mode * Update LoginCtrl page to ignore redirect parameter * Modify SignIn to set forceLogin query instead of redirect * Pass appUrl to frontend and use URL API for updating url query * Apply suggestions from code review Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix SignIn test Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Alexander Zobnin	f023e7a399	SAML Role and Team sync (open source part) (#23391 ) * SAML: add default params for role and team sync * SAML: add org_mapping option * SAML: support allowed_organizations option * Chore: expose RedirectWithError from HTTPServer * Chore: return RedirectResponse (fix superfluous response.writeheader message) * HTTPServer: expose ValidateRedirectTo() and CookieOptionsFromCfg() * Config: move SAML section to the enterprise	6 years ago
Erik Sundell	d94796a022	Auth: Remove trailing / in cookies' path (#22265 ) (#22265 ) According to the stackoverflow answer below, it is recommended to not include a trailing / in cookies' path. By removing the trailing / for our cookies path value, people's browsers visiting grafana will pass the cookie not only to /grafana/ sub paths but also to /grafana sub paths. This commit avoids the situation where a user would visit http://localhost/grafana, get redirected to http://localhost/grafana/login, and following login get redirected back to http://localhost/grafana, but since the grafana_session cookie isn't passed along get redirected back once more to http://localhost/grafana/login. ref: https://stackoverflow.com/questions/36131023/setting-a-slash-on-cookie-path/53784228#53784228 ref: https://tools.ietf.org/html/rfc6265#section-5.1.4	6 years ago
Carl Bergquist	3798ac903d	Upgrade golangci-lint and fixes some linting errors. (#22909 ) Example: https://play.golang.org/p/cfPIPG3BwjJ	6 years ago
Sofia Papagiannaki	be022d4239	API: Fix redirect issues (#22285 ) * Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671) This reverts commit `0e2d874ecf`. * Fix redirect validation (#22675) * Chore: Add test for parse of app url and app sub url Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Fix redirect: prepend subpath only if it's missing (#22676) * Validate redirect in login oauth (#22677) * Fix invalid redirect for authenticated user (#22678) * Login: Use correct path for OAuth logos Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Brian Gann	0e2d874ecf	API: Fix redirect issue when configured to use a subpath (#21652 ) * request uri will contain the subpath	6 years ago
Marcus Efraimsson	a1579283a6	Add disabled option for cookie samesite attribute (#21472 ) Breaking change: If disabled the cookie samesite cookie attribute will not be set, but if none the attribute will be set and is a breaking change compared to before where none did not render the attribute. This was due to a known issue in Safari. Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Fixes #19847	6 years ago
Jeffrey Descan	c5f906f472	Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787 ) * Refactor redirect_to cookie with secure flag in middleware * Refactor redirect_to cookie with secure flag in api/login * Refactor redirect_to cookie with secure flag in api/login_oauth * Removed the deletion of 'Set-Cookie' header to prevent logout * Removed the deletion of 'Set-Cookie' at top of api/login.go * Add HttpOnly flag on redirect_to cookies where missing * Refactor duplicated code * Add tests * Refactor cookie options * Replace local function for deleting cookie * Delete redundant calls Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	6 years ago
Sofia Papagiannaki	b12dc890b8	API: Validate redirect_to cookie has valid (Grafana) url (#21057 ) * Restrict redirect_to to valid relative paths * Add tests	6 years ago
Torkel Ödegaard	be2bf1a297	AuthProxy: Can now login with auth proxy and get a login token (#20175 ) * AuthProxy: Can now login with auth proxy and get a login token * added unit tests * renamed setting and updated docs * AuthProxy: minor tweak * Fixed tests and namings * spellfix * fix * remove unused setting, probably from merge conflict * fix	6 years ago
Leonard Gram	992b4b8adf	Licensing service (#19903 ) * Licensing: supplies a service to handle licensing information * Licensing: uses the license service further Uses the license service instead of settings.isEnterprise: - external team members - saml - usage stats * Licensing: fixes broken tests due to new Licensing service dependency * Licensing: fixes linting errors * Licensing: exposes license expiry information to the frontend	6 years ago
Dominik Prokop	44a2a648c6	Login: fix login page failing when navigating from reset password views (#19124 )	6 years ago
Sofia Papagiannaki	4e29357d15	Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462 ) * Do not set SameSite login_error cookie attribute if cookie_samesite is none * Do not set SameSite grafana_session cookie attribute if cookie_samesite is none * Update middleware tests	6 years ago
gotjosh	2f240a11ce	SAML: Only show SAML login button on Enterprise version (#18270 ) SAML Authentication is an Enterprise only feature. This change enables the SAML login button to only be shown on enterprise.	6 years ago
Oleg Gaidarenko	d16fd58bdb	Auth: do not expose disabled user disabled status (#18229 ) Fixes #17947	6 years ago
Oleg Gaidarenko	75fa1f0207	Metrics: use consistent naming for exported variables (#18134 ) * Metrics: remove unused metrics Metric `M_Grafana_Version` is not used anywhere, nor the mentioned `M_Grafana_Build_Version`. Seems to be an artefact? * Metrics: make the naming consistent * Metrics: add comments to exported vars * Metrics: use proper naming Fixes #18110	7 years ago
Sofia Papagiannaki	78ca55f3d7	Fix: Break redirect loop if oauth_auto_login = true and OAuth login fails (#17974 ) * Add tests for login view * Fix OAuth auto login redirect loop login_error cookie is only set when the OAuth login fails for some reason. Therefore, the login view should return immediately if a login_error cookie exists before trying to login the user using OAuth again. * Fix test Use 'index-template' instead of 'index' for testing * Add some comments	7 years ago
Leonard Gram	b67905a963	Auth: saml enabled check. (#17960 )	7 years ago
Leonard Gram	e574147b1e	Auth: SAML login button. (#17932 ) * Auth: SAML login button. * Fixed ts issue	7 years ago
Anthony Templeton	0d2be0a7ed	Logging: Login and Logout logging actions (#17760 ) (#17883 )	7 years ago
Alexander Zobnin	2d03815770	Users: Disable users removed from LDAP (#16820 ) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring	7 years ago
zhulongcheng	2fff8f77dc	move log package to /infra (#17023 ) ref #14679 Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>	7 years ago
Carl Bergquist	9660356638	Auth: Enable retries and transaction for some db calls for auth tokens (#16785 ) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it.	7 years ago
Carl Bergquist	490515aec6	build: partially replace gometalinter with golangci-lint (#16610 ) we still use gometalinter for goconst since it doesn't report errors for duplicated in test files	7 years ago
Woodward, Joshua	946e542412	Make password hint configurable from settings/defaults.ini	7 years ago
bergquist	8a3a3cccc3	moves metric package to /infra ref #14679	7 years ago
Marcus Efraimsson	8678620730	move UserToken and UserTokenService to models package	7 years ago
Marcus Efraimsson	a60124a88c	change UserToken from interface to struct	7 years ago
Marcus Efraimsson	871c84d195	changes needed for api/middleware due to configuration settings	7 years ago
Marcus Efraimsson	d53e64a32c	move auth token middleware/hooks to middleware package fix/adds auth token middleware tests	7 years ago
Marcus Efraimsson	cfd8eb5167	now /api/login/ping returns Response	7 years ago
Marcus Efraimsson	dd5a8275f1	must return json response from /api/login/ping Even though http error 401 was returned, the result was still a http 200	7 years ago
bergquist	88ca54eba9	renames signout function	7 years ago
bergquist	d6edaa1328	moves cookie https setting to [security]	7 years ago
bergquist	9153b6ed96	improves readability of loginping handler	7 years ago
bergquist	4626f083bb	store oauth login error messages in an encrypted cookie	7 years ago

1 2 3

101 Commits (4ed901e1f9d4ed3ede6a1e379b711b5d6de08850)