grafana

Commit Graph

Author	SHA1	Message	Date
Christian Segundo	707198227c	Auth: Log a more useful msg if no OAuth provider configured (#56722 ) Log a useful msg if no oauth provider configured When a user doesn't configure an OAuth provider and uses auto login, Grafana logs a misleading message indicating that he has multiple providers configured.	3 years ago
Dan Cech	fe3ae49cce	Backend: Consistently use context RemoteAddr function to determine remote address. (#60201 ) consistently use context RemoteAddr function to determine remote address	3 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Karl Persson	98dbc637cc	Auth: Always include oauth and saml settings for frontend (#58705 ) * Auth: Always include oauth and saml settings	3 years ago
Karl Persson	052d1426f9	Oauth: Display friendly error message when role_attribute_strict=true and no valid role found (#57818 ) * Oauth: change error type to a struct that unwraps into a social error * Oauth: Handle empty role in error and fix unwrap * Oauth: provide more informatio in error * Oauth: return InvalidBasicRoleError * Oauth: Fix tests * Login: Remove casing * Oath: Change to warning logs	3 years ago
Misi	9c954d06ab	Auth: Refresh OAuth access_token automatically using the refresh_token (#56076 ) * Verify OAuth token expiration for oauth users in the ctx handler middleware * Use refresh token to get a new access token * Refactor oauth_token.go * Add tests for the middleware changes * Align other tests * Add tests, wip * Add more tests * Add InvalidateOAuthTokens method * Fix ExpiryDate update to default * Invalidate OAuth tokens during logout * Improve logout * Add more comments * Cleanup * Fix import order * Add error to HasOAuthEntry return values * add dev debug logs * Fix tests Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Alex	94ed744454	Auth: Make built-in login configurable (#46978 )	3 years ago
idafurjes	a14621fff6	Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343 ) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields	3 years ago
Jo	1f8b1eef75	SAML: Do not SAML SLO if user is not SAML authenticated (#53418 ) * Only SLO user if the user is using SAML * only one source of truth for auth module info * ensure SAML is also enabled and not only SLO * move auth module naming to auth module login package * use constants in other previously unused spots	3 years ago
idafurjes	d3d8fdd878	Chore: Move user errors to user service (#52460 ) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model	3 years ago
Jguer	b79b53cbdb	JWT: Add JWT proxy setup devenv (#51731 ) * JWT: Add JWT Auth devenv * Auth: JWT allow retrieving login token Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * JWT: Add JWT Auth Proxy devenv * JWT: Add instructions to readme * JWT: Add JWT users * JWT: Remove oauth users * revert session changes, unnecessary Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	3 years ago
idafurjes	6c43eb0b4d	Split Create User (#50502 ) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2	4 years ago
Kat Yang	3c3039f5b3	Chore: Remove Wrap (#50048 ) * Chore: Remove Wrap and Wrapf * Fix: Add error check	4 years ago
ying-jeanne	7ddae870e7	fix status code 200 (#47818 )	4 years ago
Serge Zaitsev	33006436cc	Chore: Remove bus.Dispatch from some login packages (#47248 ) * Chore: Remove bus.Dispatch from some login packages * remove debug log Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * remove login.Init() * remove unused reset function * remove AuthenticateUserFunc global * swap conditional branches Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * fix formatting Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Dan Cech	51cd6f3cc5	Configuration: Add ability to customize okta login button name and icon (#44079 ) * add ability to customize okta login button name and icon * update configs, add basic frontend test * add icon to oauth settings type * trigger tests * fix typecheck	4 years ago
ying-jeanne	78eb06ec02	remove bus from login (#44995 ) * remove bus from login * remove comments and format correctly * remove the downcast	4 years ago
Dan Cech	34f757ba5a	switch to using featureEnabled for enterprise features (#41559 ) * switch to using featureEnabled for enterprise features	4 years ago
idafurjes	8e6d6af744	Rename DispatchCtx to Dispatch (#43563 )	4 years ago
ying-jeanne	54de1078c8	remove the global log error/warn etc functions (#41404 ) * remove the global log error/warn etc functions and use request context logger whenever possible	4 years ago
Katarina Yang	c4306f9b3e	Chore: add context to login (#41316 ) * Chore: add context to login attempt file and tests * Chore: add context * Chore: add context to login and login tests * Chore: continue adding context to login * Chore: add context to login query	4 years ago
Tania B	5652bde447	Encryption: Use secrets service (#40251 ) * Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit `498eb19859`. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>	4 years ago
ying-jeanne	681218275e	remove crit and trace (#40320 )	4 years ago
Serge Zaitsev	57fcfd578d	Chore: replace macaron with web package (#40136 ) * replace macaron with web package * add web.go	4 years ago
Joan López de la Franca Beltran	722c414fef	Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865 ) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Serge Zaitsev	3131388084	Chore: Imperative request data binding (#39837 ) * rename Bind to BindMiddleware * make things private * removed unused part of data bindings * provide json and form binding helpers * add example of binding migration in login api * implement validation * fix tests * remove debug output * put new bind api into macaron pacakge * revert bind api breaking change	4 years ago
Guilherme Caulada	706a665240	Auth: add name parameter to auth.saml (#39883 ) * add name parameter to auth.saml * Create constant to store default SAML name	4 years ago
Tania B	a0108a1e5b	Encryption: Extract encryption into service (#38442 ) * Add encryption service * Add tests for encryption service * Inject encryption service into http server * Replace encryption global function usage in login tests * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Migrate to Wire * Undo non-desired changes * Move Encryption bindings to OSS Wire set Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
idafurjes	60ac54d969	Chore: Refactor OAuth/social package to service (#35403 ) * Creating SocialService * Add GetOAuthProviders as socialService method * Add OAuthTokenService * Add GetOAuthHttpClient method to SocialService * Rename services, access socialMap from GetConnector * Fix tests by mocking oauthtoken methods * Move NewAuthService into Init * Move OAuthService to social pkg * Refactor OAuthService to OAuthProvider * Fix nil map error, rename file, simplify tests * Fix bug for Forward OAuth Identify * Remove file after rebase	5 years ago
Joan López de la Franca Beltran	c41b08bd59	Settings: Encapsulate settings within an extensible provider (#32219 ) * Encapsulate settings with a provider with support for runtime reloads * SettingsProvider: reload is controlled by the services * naive impl of reload handlers for settings * working naive detection on new changes * Trigger settings reload from API endpoint * validation step added * validation of settings * Fix linting errors * Replace DB_Varchar by DB_NVarchar * Reduce settings columns (section, key) lenghts * wip db update logic * Db Settings: separate updates and removals * Fix: removes incorrectly added code * Minor code improvements * Runtime settings: moved oss -> ee * Remove no longer used setting.Cfg SAML-related fields * Rename file setting/settings.go => setting/provider.go * Apply suggestions from code review Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com> * Minor code improvements on OSS settings provider * Fix some login API tests * Correct some GoDoc comments * Apply suggestions from code review Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com> Co-authored-by: Leonard Gram <leo@xlson.com> Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>	5 years ago
Joan López de la Franca Beltran	610999cfa2	Auth: Allow soft token revocation (#31601 ) * Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>	5 years ago
Arve Knudsen	47f13abf7a	Backend: Migrate to using non-global configuration (#31856 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Agnès Toulet	663d44fe82	Login: handle custom token creation error messages (#31283 ) * Login: handle custom token creation errors * Login: handle external error for OAuth responses	5 years ago
Leonard Gram	fe74c51d68	SAML: single logout only enabled in enterprise (#31325 )	5 years ago
Agnès Toulet	2a70c73025	Auth: add expired token error and update CreateToken function (#30203 ) * Auth: add error for expired token * Auth: save token error into context data * Auth: send full user and req context to CreateToken * Auth: add token ID in context * add TokenExpiredError struct * update auth tests * remove most of the changes to CreateToken func * clean up * Login: add requestURI in CreateToken ctx * update RequestURIKey comment	5 years ago
Hugo Häggmark	3d41267fc4	Chore: Moves common and response into separate packages (#30298 ) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	50b649a869	Middleware: Add CSP support (#29740 ) * Middleware: Add support for CSP Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored by @iOrcohen	5 years ago
Arve Knudsen	dd2d206d99	Backend: Remove more globals (#29644 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
taciomcosta	10ff4eecef	Backend: fix IPv6 address parsing erroneous (#28585 ) * Backend: Fix parsing of client IP address Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Torkel Ödegaard	763e958d9d	Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299 )	5 years ago
Arve Knudsen	294770f411	Chore: Handle wrapped errors (#29223 ) * Chore: Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	cb62e69997	Chore: Convert API tests to standard Go lib (#29009 ) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Agnès Toulet	2c246276fd	API: replace SendLoginLogCommand with LoginHook (#28777 ) * API: replace SendLoginLogCommand with LoginHook * LoginInfo: Query -> LoginUsername	5 years ago
Agnès Toulet	65b5086a59	API: add login username in SendLoginLogCommand (#28544 ) * API: add login username in Login actions * LoginUser -> LoginUsername * fix test	5 years ago
Alexander Zobnin	d13c6b4c5a	OAuth: Able to skip auto login (#28357 ) * OAuth: able to skip auto login * OAuth: tests for internal login param * OAuth: rename internal -> disableAutoLogin * OAuth: update log message * OAuth: fix tests	5 years ago
Alexander Zobnin	b55a51e270	SAML Single Logout (#27995 ) * SAML: single logout WIP * SAML: sign SAML requests * SAML: remove unnecessary logs * fix go mod file * Docs: Single Logout * SAML: use api endpoint for single logout * Apply suggestions from code review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * SAML: save context for single logout * Chore: add SAML dependencies Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Arve Knudsen	a5d9196a53	Chore/fix lint issues (#27704 ) * Chore: Fix linting issues Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Hansuuuuuuuuuu	8d971ab2f2	Auth: Replace maximum inactive/lifetime settings of days to duration (#27150 ) Allows login_maximum_inactive_lifetime_duration and login_maximum_lifetime_duration to be configured using time.Duration-compatible values while retaining backward compatibility. Fixes #17554 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	5 years ago
Agnès Toulet	a9daaadd50	API: send Login actions (#27249 ) * API: first version to send events about login actions * API: improve login actions events * Login: update auth test with new behavior * Login: update auth test for auth module * Login OAuth: improve functions structure * API: make struct public to use for saml * API: add send login log tests for grafana and ldap login * API: remove log from tests * Login API: fix test linting * Update pkg/api/login_oauth.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Login API: refactor using defer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago

1 2 3

138 Commits (707198227c30c48c936be26ee01e3bddd99f8d18)