grafana

Commit Graph

Author	SHA1	Message	Date
Serge Zaitsev	57fcfd578d	Chore: replace macaron with web package (#40136 ) * replace macaron with web package * add web.go	4 years ago
Andres Martinez Gotor	64c8d32fe7	Use sdk pkg for gtime (#39354 )	4 years ago
Arve Knudsen	78596a6756	Migrate to Wire for dependency injection (#32289 ) Fixes #30144 Co-authored-by: dsotirakis <sotirakis.dim@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com> Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Leon Sorokin <leeoniya@gmail.com> Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com> Co-authored-by: spinillos <selenepinillos@gmail.com> Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com>	4 years ago
Serge Zaitsev	707d3536f0	Macaron: Strip down renderer middleware (#37627 ) * strip down macaron renderer * inline renderHTML * remove IndentJSON parameter * replace renderer with a html/template set * fix failing test * fix renderer paths in tests * make template reloading even simpler * unify ignored gzip path lookup * fix csp middleware usage	4 years ago
Serge Zaitsev	0dfac9c3aa	Macaron: convert CSP middleware (#37672 )	4 years ago
yuwaMSFT2	ad1f792b8b	Auth: Pass user role to Grafana using auth proxy (#36729 ) * Pass role to Grafana using auth proxy By default, the role will be applied to the default org of the user. If the request uses the standard header "X-Grafana-Org-Id", the role will be applied to the specified org Tested in both unit test and manually E2E * Address comment: only allow the user role to be applied to the default org Co-authored-by: Leonard Gram <leo@xlson.com>	4 years ago
Carl Bergquist	4710566514	bus: add ctx for all signed in user queries (#33970 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	4 years ago
Vladimir Kochnev	39a3b0d0b0	Auth: support JWT Authentication (#29995 )	4 years ago
Arve Knudsen	50b649a869	Middleware: Add CSP support (#29740 ) * Middleware: Add support for CSP Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored by @iOrcohen	5 years ago
Arve Knudsen	25048ebdf8	Chore: Add CloudWatch HTTP API tests (#29691 ) * CloudWatch: Add HTTP API tests Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	dd2d206d99	Backend: Remove more globals (#29644 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	c2cad26ca9	Chore: Disable default golangci-lint filter (#29751 ) * Disable default golangci-lint filter Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix linter warnings Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Arve Knudsen	4e0ad50102	middleware: Make scenario test functions take a testing.T argument (#29564 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	58dbf96a12	Middleware: Rewrite tests to use standard library (#29535 ) * middleware: Rewrite tests to use standard library Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	8d5b0084f1	Middleware: Simplifications (#29491 ) * Middleware: Simplify Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * middleware: Rename auth_proxy directory to authproxy Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
taciomcosta	10ff4eecef	Backend: fix IPv6 address parsing erroneous (#28585 ) * Backend: Fix parsing of client IP address Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	4dd7b7a82d	Chore: Remove unused Go code (#28852 ) * Chore: Remove more unused Go code Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	494c20db5f	gtime: Add ParseDuration function (#28525 ) * gtime: Make calculations independent of current time Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Introduce gtime.ParseDuration function Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * gtime: Fix ParseDuration Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	a078e40238	Settings: Rename constants/variables to follow Go naming standards (#28002 ) * settings: Rename constants/variables to follow Go naming standards Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Hansuuuuuuuuuu	8d971ab2f2	Auth: Replace maximum inactive/lifetime settings of days to duration (#27150 ) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Arve Knudsen	41d432b5ae	Chore: Enable whitespace linter (#25903 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	dcd5752086	Chore: Upgrade macaron (#25869 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	5070f7a75b	Chore: Start harmonizing linting with plugin SDK (#25854 ) * Chore: Harmonize linting with plugin SDK Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix linting issues Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Erik Sundell	d94796a022	Auth: Remove trailing / in cookies' path (#22265 ) (#22265 ) According to the stackoverflow answer below, it is recommended to not include a trailing / in cookies' path. By removing the trailing / for our cookies path value, people's browsers visiting grafana will pass the cookie not only to /grafana/ sub paths but also to /grafana sub paths. This commit avoids the situation where a user would visit http://localhost/grafana, get redirected to http://localhost/grafana/login, and following login get redirected back to http://localhost/grafana, but since the grafana_session cookie isn't passed along get redirected back once more to http://localhost/grafana/login. ref: https://stackoverflow.com/questions/36131023/setting-a-slash-on-cookie-path/53784228#53784228 ref: https://tools.ietf.org/html/rfc6265#section-5.1.4	5 years ago
Jon McKenzie	6c9d833602	AuthProxy: Fixes bug where long username could not be cached (#22926 )	5 years ago
Marcus Efraimsson	d0a80c59f3	Rendering: Store render key in remote cache (#22031 ) By storing render key in remote cache it will enable image renderer to use public facing url or load balancer url to render images and thereby remove the requirement of image renderer having to use the url of the originating Grafana instance when running HA setup (multiple Grafana instances). Fixes #17704 Ref grafana/grafana-image-renderer#91	5 years ago
Carl Bergquist	fe16028e02	Auth: Don't rotate auth token when requests are cancelled by client (#22106 ) if the client closes the connection we should not rotate token since the client will never receive the new token. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Anthony Woods	f56f54b1a3	Auth: Rotate auth tokens at the end of requests (#21347 ) By rotating the auth tokens at the end of the request we ensure that there is minimum delay between a new token being generated and the client receiving it. Adds auth token slow load test which uses random latency for all tsdb queries.. Cleans up datasource proxy response handling. DefaultHandler in middleware tests should write a response, the responseWriter BeforeFuncs wont get executed unless a response is written. Fixes #18644 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Marcus Efraimsson	a1579283a6	Add disabled option for cookie samesite attribute (#21472 ) Breaking change: If disabled the cookie samesite cookie attribute will not be set, but if none the attribute will be set and is a breaking change compared to before where none did not render the attribute. This was due to a known issue in Safari. Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Fixes #19847	6 years ago
Torkel Ödegaard	be2bf1a297	AuthProxy: Can now login with auth proxy and get a login token (#20175 ) * AuthProxy: Can now login with auth proxy and get a login token * added unit tests * renamed setting and updated docs * AuthProxy: minor tweak * Fixed tests and namings * spellfix * fix * remove unused setting, probably from merge conflict * fix	6 years ago
Arve Knudsen	35e0e078b7	pkg/util: Check errors (#19832 ) * pkg/util: Check errors * pkg/services: DRY up code	6 years ago
Arve Knudsen	6e7c18fc1c	pkg/middleware: Check errors (#19749 ) * pkg/middleware: Check errors * pkg/middleware: Log when gzip middleware handler fails	6 years ago
Oleg Gaidarenko	6ca1a6c8da	Auth: change the error HTTP status codes (#18584 ) * Auth: change the error HTTP status codes * Use 407 HTTP status code for incorrect credentials error * Improve proxy auth logs * Remove no longer needed TODO comment Fixes #18439	6 years ago
Sofia Papagiannaki	4e29357d15	Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462 ) * Do not set SameSite login_error cookie attribute if cookie_samesite is none * Do not set SameSite grafana_session cookie attribute if cookie_samesite is none * Update middleware tests	6 years ago
Oleg Gaidarenko	d88fdc86fc	Auth: Do not search for the user twice (#18366 ) * Auth: Do not search for the user twice Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing `GetUserByLoginQuery` only i.e. looking user in DB only, things changed when this function started to check LDAP provider via `LoginUserQuery` (#6940), however, this request was placed after `GetUserByLoginQuery`, so we first looking in DB then in the LDAP - if LDAP user hasn't logged in we will not find it in DB, so `LoginUserQuery` will never be reached. `LoginUserQuery` request already performs `GetUserByLoginQuery` request in correct sequence. So we can just remove redundant request. * Correct sequence execution during authentification & introduce tests for it * Move basic auth tests to separate test file, since main test file already pretty large * Introduce `testing.go` for the middleware module * Remove redundant test helper function * Make handler names more explicit Ref `5777f65d05` Fixes #18329 * Auth: address review comment	6 years ago
Oleg Gaidarenko	7e89a93b5f	Auth: introduce more tests for middleware module (#18365 ) * Add tests for errors basic auth cases and moves tests to separate test-case. Also names test cases consistently * Add additional test helper Ref `82661b9f69`	6 years ago
Oleg Gaidarenko	82661b9f69	Auth: consistently return same basic auth errors (#18310 ) * Auth: consistently return same basic auth errors * Put repeated errors in consts and return only those consts as error strings * Add tests for errors basic auth cases and moves tests to separate test-case. Also names test cases consistently * Add more error logs and makes their messages consistent * A bit of code style * Add additional test helper * Auth: do not expose even incorrect password * Auth: address review comments Use `Debug` for the cases when it's an user error	6 years ago
gotjosh	ed8aeb2999	Auth Proxy: Include additional headers as part of the cache key (#18298 ) * Auth Proxy: Include additional headers as part of the cache key Auth proxy has support to send additional user attributes as part of the authentication flow. These attributes (e.g. Groups) need to be monitored as part of the process in case of change. This commit changes the way we compute the cache key to include all of the attributes sent as part of the authentication request. That way, if we change any user attributes we'll upsert the user information.	6 years ago
Oleg Gaidarenko	caa1314f44	Build: use golangci-lint as a make command (#17739 ) * Build: use golangci-lint as a make command * Since gometalinter was deprecated in favor of golangci-lint so it was replaced by it. Responsibilities held by the gometalinter was moved to golangci-lint * There was some changes in implementation (that was also mentioned in the code comment) between the tools, which uncovered couple errors in the code. Those issues were either solved or disabled by the inline comments * Introduce the golangci-lint config, to make their configuration more manageable * Build: replace backend-lint.sh script with make	6 years ago
Sofia Papagiannaki	f3f03ceb6a	Auth Proxy: Respect auto_sign_up setting (#17843 ) * Add test for disabled auth proxy auto signup option * Set correctly auth proxy auto signup	6 years ago
Sofia Papagiannaki	dc9ec7dc91	Auth: Allow expiration of API keys (#17678 ) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire.	6 years ago
Kyle Brandt	bd08d8ce8e	middleware: fix Strict-Transport-Security header (#17644 ) fixes #17641	6 years ago
Oleg Gaidarenko	9b7f9dd9be	LDAP: consistently name the LDAP entities (#17203 )	6 years ago
Marcus Efraimsson	1c1427520d	Security: Add new setting allow_embedding (#16853 ) When allow_embedding is false (default) the Grafana backend will set the http header `X-Frame-Options: deny` in all responses to non-static content which will instruct browser to not allow Grafana to be embedded in `<frame>`, `<iframe>`, `<embed>` or `<object>`. Closes #14189	6 years ago
Marcus Efraimsson	f778c1d971	Security: Responses from backend should not be cached (#16848 ) Currently all API requests set Cache-control: no-cache to avoid browsers caching sensitive data. This fixes so that all responses returned from backend not are cached using http headers. The exception is the data proxy where we don't add these http headers in case datasource backend needs to control whether data can be cached or not. Fixes #16845	6 years ago
Carl Bergquist	9660356638	Auth: Enable retries and transaction for some db calls for auth tokens (#16785 ) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it.	6 years ago
Oleg Gaidarenko	db584b3d28	Chore: remove session storage references (#16445 ) * Chore: remove session storage references * Small refactoring of the settings module * Update docs - remove references for the session storage * Update config files (sample and default configs) * Add tests for warning during the config load on defined storage cache * Remove all references to session storage * Remove macaron session dependency * Remove leftovers * Fix: address review comments * Fix: remove old deps * Fix: add skipStaticRootValidation = true to tests * Fix: improve the docs and warning message As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255 * Chore: make linter happy Fixes #16148 Ref #16114	6 years ago
Oleg Gaidarenko	318182ccc9	Chore: refactor auth proxy (#16504 ) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy	6 years ago
Oleg Gaidarenko	67cbc7d4cf	Chore: use remote cache instead of session storage (#16114 ) Replaces session storage in auth_proxy middleware with remote cache Fixes #15161	6 years ago

1 2

95 Commits (57fcfd578dd43fae2b2df335fec7536fef7dd1e3)