grafana

Commit Graph

Author	SHA1	Message	Date
Karl Persson	bb217f7e5d	AuthN: Only mark IsSignedIn if user is not anonymous (#63833 ) Contexthandler: Only mark IsSignedIn if user is not anonymous	2 years ago
Jo	3b22955ebb	Orgs: Remove auto assign globals (#63754 ) * remove auto assign globals * add missing gitignore entries	2 years ago
Jo	635a456fa4	Authn: Add separate context for session tagging (#63561 ) add context	2 years ago
Jo	ff78103a24	Authn: Anon session service (#63052 ) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used	2 years ago
Jo	d4cfbd9fd3	LDAP: Move LDAP globals to Config (#63255 ) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go	2 years ago
Carl Bergquist	b88206d98f	Cache: Refactor cache clients to use byte array (#62930 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	2 years ago
Jo	6322fce725	LDAP: Move to single package cluster (#63035 ) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint	2 years ago
Carl Bergquist	9d66b18b9c	Instrumentation: removes option to return uname as header (#62929 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	2 years ago
idafurjes	982939111b	Rename Id to ID for annotation models (#62886 ) * Rename Id to ID for annotation models * Add xorm tags * Rename Id to ID for API key models * Add xorm tags	2 years ago
Karl Persson	ce5e067d28	ContextHandler: add all configured auth header to context (#62775 ) * ContextHandler: Always store list of possible auth headers in context and remove individual calls	2 years ago
Misi	7c1d9769ca	Auth: Rotate token patch (#62676 ) * Use singleflight.Group * Align tests * Cleanup	2 years ago
Serge Zaitsev	bc2813ef06	Chore: Fix goimports grouping in pkg/services (#62420 ) * fix goimports * fix goimports order	2 years ago
Kristin Laemmert	9256a520a4	chore: move user_auth models to (mostly) login service (#62269 ) * chore: move user_auth models to (mostly) login service	2 years ago
Eric Leijonmarck	5531e22f46	Auth: Add disable of team sync for JWT Authentication (#62191 ) * fix: disable team sync for JWT Authentication * add: comment to test * change test to conform to new expected behavior * fix: spelling * formatting	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Eric Leijonmarck	c5cb5be3cc	Auth: Fix catch both both ErrInvalidAPIKey for context with APIKey (#62193 ) * fix: capture both ErrInvalidAPIKey * rename of variable	2 years ago
Karl Persson	95ea4bad6f	AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705 ) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Kristin Laemmert	cd08f2575a	chore: move jwt models into auth/jwt (#61862 ) * chore: move jwt models into auth/jwt	2 years ago
Karl Persson	1454b1b40a	Reqcontext: Add methods to write responses bases on errutil.Error (#60889 ) * ReqContext: Add methods to reqcontext used to handle errutil.Error * ReqContext: Pass all public field in response from errutil.Error	2 years ago
linoman	4d095547f8	Auth: Implement skip org role sync for jwt (#61647 ) * Add new config option * Add frontend control * Condition new auth broker with config option * Condition old auth broker with config option Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Karl Persson	766fa4e7d5	AuthN: Add last seen sync hooks for user and api keys (#61571 ) * AUthN: Add last seen sync hooks for user / service account and move api key last seen to own hook * ContextHandler: only run sync for last seen if auth.Service is not enabled	2 years ago
Karl Persson	b44b6fc5c6	AuthN: Add auth proxy client (#61555 ) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down	2 years ago
Eric Leijonmarck	07bbc0716c	Auth: Fix correct error for updateapikey in context handler (#61544 ) * fix: correct error for updateapikey * refactor: send the correct err forward * update: based on review	2 years ago
Misi	b8b08ea292	Auth: Add sub claim check to JWT Auth pre-checks (#61417 ) * Auth: Add sub claim check to JWT Auth pre-checks * Add #nosec annotation to the test tokens	2 years ago
Denis Limarev	90badc8729	Performance: Add preallocation for some slices (#59593 )	2 years ago
Jo	0c8ad80575	Authn: JWT client (#61157 ) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>	2 years ago
Karl Persson	c5f77b6a46	AuthN: Set LookupTokenErr and fall through in case of error (#61217 ) ContextHandler: Set LookupTokenErr and fall through in case of error during authentication	2 years ago
Jo	a226903ec6	AuthN: Add session client (#60894 ) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor	2 years ago
Karl Persson	da24a9d74e	AuthN: Add render auth client (#60914 ) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled	2 years ago
idafurjes	325f7a789e	Chore: Delete duplicate models for user (#60906 ) * Delete duplicate models for user * Use new models in some tests * Add auth model conversion back	2 years ago
Karl Persson	9fbb29c588	AuthN: Add client to perform basic authentication (#60877 ) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies	2 years ago
Karl Persson	1b1a14b6f6	ContextHandler: Get token from req context when performing rotation (#60533 ) ContextHandler: get token from req context when performing end of request rotation	2 years ago
Karl Persson	2e53a58bc3	Authn: Add client for api keys (#60339 ) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint	2 years ago
Carl Bergquist	1b676d0d49	Contexthandler: Add uname as response header (#59930 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	3 years ago
Serge Zaitsev	f1fb202284	Chore: Add encryption codec to the remote cache (#59871 ) * add encryption codec to the remote cache * change config files too * fix test constructor * pass codec into the test cache	3 years ago
Karl Persson	22be025284	Auth: Add anonymous authn client (#59637 ) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client	3 years ago
Jo	fee50be1bb	Sessions: Remove invalid session cookie if it's invalid/expired/missing (#59556 ) only remove invalid session cookie if it's invalid/expired/missing	3 years ago
Karl Persson	062c5b805c	Auth: Merge ActiveAuthTokenService into UserAuthTokenService (#59032 ) * Auth: Merge UserTokenService and ActiveAuthTokenService * Auth: Rename function	3 years ago
Misi	9c98314e9f	OAuth: Refactor OAuth parameters handling to support obtaining refresh tokens for Google OAuth (#58782 ) * Add ApprovalForce to AuthCodeOptions * Extract access token validity check to a function * Refactor * Oauth: set options internally instead of exposing new function * Align tests * Remove unused function Co-authored-by: Karl Persson <kalle.persson@grafana.com>	3 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Sofia Papagiannaki	ab36252c86	Quota: Fix failure when checking session limits (#58865 )	3 years ago
Misi	4915d21c25	OAuth: Feature toggle for access token expiration check and docs (#58179 ) * Add feature toggle for access token expiration check * Add docs for configuring refresh tokens * Update docs * Update docs based on review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Improve documentation * Change access_type default to Offline * Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update pkg/services/featuremgmt/registry.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Regenerate toggles * Update Generic OAuth docs Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>	3 years ago
Eric Leijonmarck	72d0c6b428	Auth: add IsServiceAccount to IsRealUser (#58015 ) * add: IsServiceAccount to SignedInUser and IsRealUser * fix: linting error * refactor: add function IsServiceAccountUser() By adding the function IsServiceAccountUser() we use it to identify for ServiceAccounts in the HasUniqueID() since caching is built up on having a uniqueID, see comment: https://github.com/grafana/grafana/pull/58015#discussion_r1011361880	3 years ago
Marcus Efraimsson	6f8fcae01b	[main] Plugin fixes (#57399 ) * Plugins: Remove support for V1 manifests * Plugins: Make proxy endpoints not leak sensitive HTTP headers * Security: Fix do not forward login cookie in outgoing requests (cherry picked from commit `4539c33fce`) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	3 years ago
Kristin Laemmert	05709ce411	chore: remove sqlstore & mockstore dependencies from (most) packages (#57087 ) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible	3 years ago
Misi	9c954d06ab	Auth: Refresh OAuth access_token automatically using the refresh_token (#56076 ) * Verify OAuth token expiration for oauth users in the ctx handler middleware * Use refresh token to get a new access token * Refactor oauth_token.go * Add tests for the middleware changes * Align other tests * Add tests, wip * Add more tests * Add InvalidateOAuthTokens method * Fix ExpiryDate update to default * Invalidate OAuth tokens during logout * Improve logout * Add more comments * Cleanup * Fix import order * Add error to HasOAuthEntry return values * add dev debug logs * Fix tests Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Kat Yang	7715672fb3	Chore: use org service methods (#55768 ) * Chore: use org service methods * fix tests * fix errors * adjust func signatures for getbyname * 💩 * Use the same fake service to get the user in AC and in HS * Fix middleware test * Fix more middleware test * Fix api tests Co-authored-by: gamab <gabi.mabs@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>	3 years ago
Kristin Laemmert	701f6d5436	UserService: use the UserService instead of calling sqlstore directly (#55745 ) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.	3 years ago
Nicholas Wiersma	faf8eb3afb	JWT: Allow conventional bearer token in Authorization header (#54821 ) * fix: allow JWT to accept standard bearer token * fix: linter issues * fix: linter gosec false positive * fix: refactor logic into JWT handler * fix: move bearer trimming earlier	3 years ago
Nicholas Wiersma	9e704fec3c	JWT: Add support for assigning org roles (#54277 ) * feat: allow jwt role to be set * chore: update documentation * fix: cr suggestions * fix: lint issues * respect org auto assign and default org ID * add server admin to devenv Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago

1 2 3

117 Commits (8aae7be4e594fc87a9fa5f0288489aafb2ac8e12)