grafana

Commit Graph

Author	SHA1	Message	Date
Jack Westbrook	207b2993b2	Plugins Catalog: Only allow admins to access plugins catalog (#57101 ) * feat(plugins-catalog): only allow admins to access plugins catalog routes * add backend check * fix(plugins-catalog): update route role access to include server admins Co-authored-by: Will Browne <will.browne@grafana.com>	3 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Kristina	5d7d54d076	Auth: Write the redirect cookie if denied - do not write a blank redirect (#57381 ) * Write the redirect cookie if denied - do not write a blank redirect * Remove redundant code, reverse polarity	3 years ago
Kristin Laemmert	05709ce411	chore: remove sqlstore & mockstore dependencies from (most) packages (#57087 ) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible	3 years ago
Serge Zaitsev	305d494902	Chore: Switch over to team.Service instead of sqlstore (#55497 ) * switch to using team service * trying to fix tests * more tests to fix * add missing teamtest package	3 years ago
idafurjes	a14621fff6	Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343 ) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
Ieva	75873d05d7	Access Control: Allow dashboard admins to query org users (#51652 ) * allow dashboard admins to query org users * rename one more variable	3 years ago
Kristin Laemmert	2edfbb7767	sqlstore split: dashboard permissions (#49962 ) * backend/sqlstore split: remove unused GetDashboardPermissionsForUser from sqlstore * remove debugging line * backend/sqlstore: move dashboard permission related functions to dashboard service	3 years ago
Kat Yang	68478e908a	Chore: Remove x from team (#47905 ) * Chore: Remove x from team * Update pkg/services/sqlstore/team.go Co-authored-by: ying-jeanne <74549700+ying-jeanne@users.noreply.github.com> * Update pkg/services/sqlstore/team.go Co-authored-by: ying-jeanne <74549700+ying-jeanne@users.noreply.github.com> * Refactor dialects and add ISAdminOfTeams to Store * Add IsAdminOfTeams to mockstore Co-authored-by: ying-jeanne <74549700+ying-jeanne@users.noreply.github.com>	3 years ago
Kat Yang	d3ae8939af	Chore: Remove x from health, alert notification, dashboard, stats, user (#45265 ) * Chore: Remove x from health * Chore: Remove x from dashboard and user * Chore: Remove x from alert notification * Chore: Remove x from stats * Fix: Update func signature in stats test * Refactor: Remove x from GetDashboardTags * Chore: Remove x from dashboard * Chore: Remove x from Stats * Fix: Update refs of HasAdminPermissionInFolders * Fix: Adjust funcs in tests to be sqlStore methods * Fix: Fix database folder test sqlstore methods	3 years ago
Dimitris Sotirakis	605d056136	Security: Sync security changes on main (#45083 ) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>	3 years ago
idafurjes	5a087d2708	Chore: Add context to team (#40504 ) * Add ctx to team * Remove convey from team	4 years ago
Serge Zaitsev	57fcfd578d	Chore: replace macaron with web package (#40136 ) * replace macaron with web package * add web.go	4 years ago
idafurjes	2759b16ef5	Chore: Add context for dashboards (#39844 ) * Add context for dashboards * Remove GetDashboardCtx * Remove ctx.TODO	4 years ago
Gabriel MABILLE	4be9ec8f72	AccessControl: Protect org users lookup (#38981 ) * Move legacy accesscontrol to middleware layer * Remove bus usage for this endpoint * Add tests for legacy accesscontrol * Fix tests for org user and remove one more bus usage * Added test for FolderAdmin as suggested in the review	4 years ago
Serge Zaitsev	e1e385b318	Chore: Remove untyped data map from macaron context (#39077 )	4 years ago
Tobias Skarhed	7f882eea05	Login: Require user to not be signed in to get request password email (#35421 )	4 years ago
Joan López de la Franca Beltran	610999cfa2	Auth: Allow soft token revocation (#31601 ) * Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>	4 years ago
Marcus Efraimsson	a97637a133	Snapshots: Fix usage of sign in link from the snapshot page (#31986 ) Fix redirect to login page from snapshot page when not authenticated. Fixes #28547	4 years ago
Torkel Ödegaard	7428668835	Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516 ) * Profile: Fixes profile preferences page being available when anonymous access was enabled * Minor change * Renamed property	4 years ago
Marcus Efraimsson	8f20b13f1c	Snapshots: Disallow anonymous user to create snapshots (#31263 )	4 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Arve Knudsen	8d5b0084f1	Middleware: Simplifications (#29491 ) * Middleware: Simplify Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * middleware: Rename auth_proxy directory to authproxy Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Torkel Ödegaard	1076f47509	Dashboard: Fixes kiosk state after being redirected to login page and back (#29273 ) * Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	5 years ago
Marcus Efraimsson	3be82ecd4e	Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158 ) If anonymous access is enabled for an org and there are multiple orgs. When requesting a page that requires user to be logged in and orgId query string is set in the request url to an org not equal the anonymous org, if the user is not logged in should be redirected to the login page. Fixes #26120 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	5 years ago
Sofia Papagiannaki	44dff6fdd0	Auth: Fix POST request failures with anonymous access (#26049 ) Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"	5 years ago
Sofia Papagiannaki	fefbbc65a8	Auth: Add support for forcing authentication in anonymous mode and modify SignIn to use it instead of redirect (#25567 ) * Forbid additional redirect urls * Optionally force login in anonymous mode * Update LoginCtrl page to ignore redirect parameter * Modify SignIn to set forceLogin query instead of redirect * Pass appUrl to frontend and use URL API for updating url query * Apply suggestions from code review Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix SignIn test Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Sofia Papagiannaki	be022d4239	API: Fix redirect issues (#22285 ) * Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671) This reverts commit `0e2d874ecf`. * Fix redirect validation (#22675) * Chore: Add test for parse of app url and app sub url Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Fix redirect: prepend subpath only if it's missing (#22676) * Validate redirect in login oauth (#22677) * Fix invalid redirect for authenticated user (#22678) * Login: Use correct path for OAuth logos Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Carl Bergquist	f2f2722bb1	chore: avoid aliasing models in middleware (#22484 )	5 years ago
Brian Gann	0e2d874ecf	API: Fix redirect issue when configured to use a subpath (#21652 ) * request uri will contain the subpath	5 years ago
Jeffrey Descan	c5f906f472	Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787 ) * Refactor redirect_to cookie with secure flag in middleware * Refactor redirect_to cookie with secure flag in api/login * Refactor redirect_to cookie with secure flag in api/login_oauth * Removed the deletion of 'Set-Cookie' header to prevent logout * Removed the deletion of 'Set-Cookie' at top of api/login.go * Add HttpOnly flag on redirect_to cookies where missing * Refactor duplicated code * Add tests * Refactor cookie options * Replace local function for deleting cookie * Delete redundant calls Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	6 years ago
Marcus Efraimsson	964c2e722f	Snapshot: Fix http api (#18830 ) (cherry picked from commit `be2e2330f5`)	6 years ago
Leonard Gram	6589a4e55f	teams: better names for api permissions.	6 years ago
Hugo Häggmark	782b5b6a3a	teams: viewers and editors can view teams	6 years ago
Leonard Gram	22e098b830	teams: editors can work with teams.	6 years ago
Johannes Schill	a81d5486b0	Viewers with viewers_can_edit should be able to access /explore (#15787 ) * fix: Viewers with viewers_can_edit should be able to access /explore #15773 * refactoring initial PR a bit to simplify function and reduce duplication	6 years ago
bergquist	5998646da5	restrict session usage to auth_proxy	7 years ago
Dan Cech	3056d9a80e	support passing api token in Basic auth password (#12416 )	7 years ago
Julian Kornberger	7aab6a8887	Make golint happier	7 years ago
Dan Cech	c0ecdee375	rename Context to ReqContext	7 years ago
Dan Cech	338655dd37	move Context and session out of middleware	7 years ago
bergquist	0ab0343995	mark redirect_to cookie as http only closes #10829	7 years ago
Alexander Zobnin	f97be541af	redirect "permission denied" requests to "/" (#10773 )	8 years ago
bergquist	4fe72ebf69	feat(macaron): upgrades macaron version	10 years ago
Torkel Ödegaard	fdcb4473af	fix(api auth): return 401 for authentication errors and 403 for access denied errors, fixes #2693	10 years ago
Torkel Ödegaard	1f330d7753	Basic auth: Fixed issue when using basic auth proxy infront of Grafana, Fixes #1673	10 years ago
Torkel Ödegaard	b83367063e	Small improvement to dashboard loading error handling	10 years ago
Anthony Woods	7010df0fe8	fixes #1619 Secure PhantomJS Png rendering removes auth hack to allow phantomjs to query pages as a user without auth. Instead we pass phantomjs the session cookie, which it then includes in the request.	10 years ago
Torkel Ödegaard	477e035f2e	Fixed anonymous access mode, Closes #1586	10 years ago

1 2

73 Commits (672b1711b097e38701a9ab8bb2b4631cd37b8ec5)