grafana

Commit Graph

Author	SHA1	Message	Date
Karl Persson	8520892923	User: Fix GetByID (#86282 ) * Auth: Remove unused lookup param * Remove case sensitive lookup for GetByID	1 year ago
linoman	51da96d94e	Auth: Add `IsClientEnabled` and `IsEnabled` for the `authn.Service` and `authn.Client` interfaces (#86034 ) * Add `Service. IsClientEnabled` and `Client.IsEnabled` functions * Implement `IsEnabled` function for authn clients * Implement `IsClientEnabled` function for authn services	1 year ago
Karl Persson	73fecc8d80	Authn: Identity resolvers (#85930 ) * AuthN: Add NamespaceID struct. We should replace the usage of encoded namespaceID with this one * AuthN: Add optional interface that clients can implement to be able to resolve identity for a namespace * Authn: Implement IdentityResolverClient for api keys * AuthN: use idenity resolvers Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>	1 year ago
Karl Persson	895222725c	Session: set authID and authenticatedBy (#85806 ) * Authn: Resolve authenticate by and auth id when fethcing signed in user * Change logout client interface to only take Requester interface * Session: Fetch external auth info when authenticating sessions * Use authenticated by from identity * Move call to get auth-info into session client and use GetAuthenticatedBy in various places	1 year ago
Karl Persson	ebb4bb859e	Authn: allow ResolveIdentity to authenticate in "global" scope (#85835 ) * Authn: allow ResolveIdentity to authenticate in "global" scope * Use constant	1 year ago
Jo	5340a6e548	Auth: Extended JWT client for OBO and Service Authentication (#83814 ) * reenable ext-jwt-client * fixup settings struct * add user and service auth * lint up * add user auth to grafana ext * fixes * Populate token permissions Co-authored-by: jguer <joao.guerreiro@grafana.com> * fix tests * fix lint * small prealloc * small prealloc * use special namespace for access policies * fix access policy auth * fix tests * fix uncalled settings expander * add feature toggle * small feedback fixes * rename entitlements to permissions * add authlibn * allow viewing the signed in user info for non user namespace * fix invalid namespacedID * use authlib as verifier for tokens * Update pkg/services/authn/clients/ext_jwt.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/authn/clients/ext_jwt_test.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * fix parameter names * change asserts to normal package * add rule for assert * fix ownerships * Local diff * test and lint * Fix test * Fix ac test * Fix pluginproxy test * Revert testdata changes * Force revert on test data --------- Co-authored-by: gamab <gabriel.mabille@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	1 year ago
linoman	e4250a72db	JWT: Find login and email claims with JMESPATH (#85305 ) * add function to static function to static service * find email and login claims with jmespath * rename configuration files * Replace JWTClaims struct for map * check for subclaims error	1 year ago
Karl Persson	2f3a01f79f	OAuth: Make sub claim required for generic oauth behind feature toggle (#85065 ) * Add feature toggle for sub claims requirement * OAuth: require valid auth id * Fix feature toggle description	1 year ago
Eric Leijonmarck	bb792ff540	Auth: Remove oauth skip org role sync (#84972 ) * remove oauth wide skip org role sync * we are warning from config * set it to false * removed from config ini files and updated docs	1 year ago
Karl Persson	d4e802dd47	Authn: Add function to resolve identity from org and namespace id (#84555 ) * Add function to get the namespaced id * Add function to resolve an identity through authn.Service from org and namespace id * Switch to resolve identity for re-authenticate in another org	1 year ago
Karl Persson	6ea9f0c447	AuthN: Use fetch user sync hook for render keys connected to a user (#84080 ) * Use fetch user sync hook for render keys connected to a user	1 year ago
Karl Persson	9c292d2c3f	AuthN: Use sync hook to fetch service account (#84078 ) * Use sync hook to fetch service account	1 year ago
Jo	36a19bfa83	AuthProxy: Allow disabling Auth Proxy cache (#83755 ) * extract auth proxy settings * simplify auth proxy methods * add doc mentions	1 year ago
Jo	2182cc47ac	LDAP: Fix LDAP users authenticated via auth proxy not being able to use LDAP active sync (#83715 ) * fix LDAP users authenticated via auth proxy not being able to use ldap sync * simplify id resolution at the cost of no fallthrough * remove unused services * remove unused cache key	1 year ago
Gabriel MABILLE	80d6bf6da0	AuthN: Remove embedded oauth server (#83146 ) * AuthN: Remove embedded oauth server * Restore main * go mod tidy * Fix problem * Remove permission intersection * Fix test and lint * Fix TestData test * Revert to origin/main * Update go.mod * Update go.mod * Update go.sum	1 year ago
Klesh Wong	9282c7a7a4	AuthProxy: Invalidate previous cached item for user when changes are made to any header (#81445 ) * fix: sign in using auth_proxy with role a -> b -> a would end up with role b * Update pkg/services/authn/clients/proxy.go Co-authored-by: Karl Persson <kalle.persson92@gmail.com> * Update pkg/services/authn/clients/proxy.go Co-authored-by: Karl Persson <kalle.persson92@gmail.com>	1 year ago
Karl Persson	9e04fd0fb7	AuthToken: Remove client token rotation feature toggle (#82886 ) * Remove usage of client token rotation flag * Remove client token rotation feature toggle	1 year ago
Misi	bb9d5799cf	Auth: Load `oauth_allow_insecure_email_lookup` using the SettingsProvider (#82460 ) * wip * Introduce fixed:server.config:writer role * Fix tests * Update name	1 year ago
linoman	ac84069071	Password policy (#82268 ) * add password service interface * add password service implementation * add tests for password service * add password service wiring * add feature toggle * Rework from service interface to static function * Replace previous password validations * Add codeowners to password service * add error logs * update config files --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>	1 year ago
Jo	6f62d970e3	JWT Authentication: Add support for specifying groups in auth.jwt for teamsync (#82175 ) * merge JSON search logic * document public methods * improve test coverage * use separate JWT setting struct * correct use of cfg.JWTAuth * add group tests * fix DynMap typing * add settings to default ini * add groups option to devenv path * fix test * lint * revert jwt-proxy change * remove redundant check * fix parallel test	1 year ago
Jo	f3f36e37fa	AuthInfo: No mandatory auth_id in Auth Info service (#81335 ) * fix auth info update not having mandatory auth_id * remove uneeded newline	1 year ago
Misi	20bb0a3ab1	AuthN: Support reloading SSO config after the sso settings have changed (#80734 ) * Add AuthNSvc reload handling * Working, need to add test * Remove commented out code * Add Reload implementation to connectors * Align and add tests, refactor * Add more tests, linting * Add extra checks + tests to oauth client * Clean up based on reviews * Move config instantiation into newSocialBase * Use specific error	1 year ago
arukiidou	bffb28c177	refactor: use golang.org/x/oauth2 pkce option (#80511 ) Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>	1 year ago
Ryan McKinley	1caaa56de0	FeatureFlags: Use interface rather than manager (#80000 )	1 year ago
Vardan Torosyan	63cd5a5625	Chore: Cleanup namespace and ID resolution (#79360 ) * Chore: Cleanup namespace ID resolution * Check for negative userID when relevant * Reuse existing function for parsing ID as int * Fix imports	1 year ago
Karl Persson	8cb351e54a	Authn: Handle logout logic in auth broker (#79635 ) * AuthN: Add new client extension interface that allows for custom logout logic * AuthN: Add tests for oauth client logout * Call authn.Logout Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	1 year ago
Vardan Torosyan	a35146f7ed	Service account: Update last used timestamp when token is used (#79254 )	1 year ago
Misi	50f4e78a39	Auth: Use SSO settings service to load social connectors + refactor (#79005 ) * Refactor to prevent cyclic dependencies * Move list authorization to the API layer * Init connectors using the SSO settings service in case the ssoSettingsApi feature toggle is enabled * wip, need to handle the cyclic dep * Remove cyclic dependency * Align tests + refactor * Move back OAuthInfo to social * Delete pkg/login/social/constants * Move reloadable registration to the social providers * Rename connectors.Error to connectors.SocialError	1 year ago
Gabriel MABILLE	059ba25973	AuthN: Check API Key is not trying to access another organization (#78749 ) * AuthN: Check API Key is not trying to access another organization * Revert local change * Add test * Discussed with Kalle we should set r.OrgID * Syntax sugar * Suggestion org-mismatch	2 years ago
Jo	7d559bc69a	AuthProxy: Do not allow sessions to be assigned with other methods (#78602 ) do not allow login token with other methods	2 years ago
Kevin Wang	8bdfb7e1cf	chore(authn.service): fix typo in log statement (#76205 )	2 years ago
Karl Persson	1eb19befaa	Login: refactor auth info package (#78459 ) * Remove unused stats and metrics * No longer collect metrics * Remove unused dependency * Move database from sub package	2 years ago
Ryan McKinley	f69fd3726b	FeatureToggles: Add context and and an explicit global check (#78081 )	2 years ago
Ryan McKinley	5d5f8dfc52	Chore: Upgrade Go to 1.21.3 (#77304 )	2 years ago
Gabriel MABILLE	83e9088314	AuthN: Set oauth client grant_types based on plugin state (#77248 ) * Disable plugin service account * Fix bug seen by linoman 💯 Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Account for PR feedback Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> * Fix test data * Enable datasource plugins by default Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> * Update pkg/services/extsvcauth/oauthserver/oasimpl/service.go * Handle error differently * Fix service reg --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>	2 years ago
Karl Persson	ed1c50233f	Revert "AuthN: move oauth token hook into session client" (#76882 ) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit `455cede699`.	2 years ago
Karl Persson	455cede699	AuthN: move oauth token hook into session client (#76688 ) * Move rotate logic into its own function * Move oauth token sync to session client * Add user to the local cache if refresh tokens are not enabled for the provider so we can skip the check in other requests	2 years ago
Karl Persson	ea741dda6b	Signingkeys: Add local cache (#76234 ) * IDForwarding: change audience to be prefixed by org and remove JTI * IDForwarding: Construct new signer each time we want to sign a token. * SigningKeys: Simplify storage layer and move logic to service * SigningKeys: Add private key to local cache	2 years ago
Gabriel MABILLE	193ec8de2b	AuthN: Move oauthserver to extsvcauth (#75972 ) * AuthN: Move oauthserver to extsvcauth * Codeowners	2 years ago
Jo	44fa0697ce	Auth: Signing Key persistence (#75487 ) * signing key wip use db keyset storage add signing_key table add testing for key storage add ES256 key tests Remove caching and implement UpdateOrCreate Stabilize interfaces * Encrypt private keys * Fixup signer * Fixup ext_jwt * Add GetOrCreatePrivate with automatic key rotation * use GetOrCreate for ext_jwt * use GetOrCreate in id * catch invalid block type * fix broken test * remove key generator * reduce public interface of signing service	2 years ago
Karl Persson	7a38090bc0	AuthN: Fix namespaces for anonymous and render (#75661 ) * AuthN: remove IsAnonymous from identity struct and set correct namespace for anonymous and render * Don't parse user id for render namespace	2 years ago
Gabriel MABILLE	0ed649b108	AuthN: Change EnableDisabledUserHook to EnableUserHook (#75248 ) * Replace the enable disable user hook by a hook that systematically enable users * Fix tests * Remove the skip test	2 years ago
Jo	40a1f8434d	Anon: Scaffold anon service (#74744 ) * remove API tagging method and authed tagging * add anonstore move debug to after cache change test order fix issue where mysql trims to second * add old device cleanup lint utc-ize everything trim whitespace * remove dangling setting * Add delete devices * Move anonymous authnclient to anonimpl * Add simple post login hook * move registration of Background Service cleanup * add updated_at index * do not untag device if login err * add delete device integration test	2 years ago
Gabriel MABILLE	c8149d50f9	LDAP: FIX Enable users on successfull login (#75073 ) * LDAP: Enable users on successfull login * Force enable ldap users on successful login * Fix tests * Fix tests	2 years ago
Serge Zaitsev	8187d8cb66	Chore: capitalise log message for auth packages (#74332 )	2 years ago
Ryan McKinley	025b2f3011	Chore: use any rather than interface{} (#74066 )	2 years ago
Gabriel MABILLE	f900098cc9	[LDAP] Disable removed users on login (#74016 ) * [LDAP] Disable removed users on login * Fix tests * Add test for user disabling * Add tests for disabling user behind auth proxy * Linting. * Rename setup func * Account for reviews comments Co-authored-by: Kalle Persson <kalle.persson@grafana.com> --------- Co-authored-by: Kalle Persson <kalle.persson@grafana.com>	2 years ago
Karl Persson	37ceffb74c	Authn: Standardize errors (#74012 )	2 years ago
Karl Persson	5d14b6ba19	AuthProxy: Fix user retrieval through cache (#73802 ) * AuthProxy: Change auth proxy sync cache key	2 years ago
Marcus Efraimsson	040b7d2571	Chore: Add errutils helpers (#73577 ) Add helpers for the errutil package in favor of errutil.NewBase.	2 years ago

1 2 3

113 Commits (852089292325895c24f0bfdb11af9e11f525b638)