grafana

Commit Graph

Author	SHA1	Message	Date
Erik Sundell	d94796a022	Auth: Remove trailing / in cookies' path (#22265 ) (#22265 ) According to the stackoverflow answer below, it is recommended to not include a trailing / in cookies' path. By removing the trailing / for our cookies path value, people's browsers visiting grafana will pass the cookie not only to /grafana/ sub paths but also to /grafana sub paths. This commit avoids the situation where a user would visit http://localhost/grafana, get redirected to http://localhost/grafana/login, and following login get redirected back to http://localhost/grafana, but since the grafana_session cookie isn't passed along get redirected back once more to http://localhost/grafana/login. ref: https://stackoverflow.com/questions/36131023/setting-a-slash-on-cookie-path/53784228#53784228 ref: https://tools.ietf.org/html/rfc6265#section-5.1.4	5 years ago
Jon McKenzie	6c9d833602	AuthProxy: Fixes bug where long username could not be cached (#22926 )	5 years ago
Marcus Efraimsson	d0a80c59f3	Rendering: Store render key in remote cache (#22031 ) By storing render key in remote cache it will enable image renderer to use public facing url or load balancer url to render images and thereby remove the requirement of image renderer having to use the url of the originating Grafana instance when running HA setup (multiple Grafana instances). Fixes #17704 Ref grafana/grafana-image-renderer#91	5 years ago
Carl Bergquist	fe16028e02	Auth: Don't rotate auth token when requests are cancelled by client (#22106 ) if the client closes the connection we should not rotate token since the client will never receive the new token. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Anthony Woods	f56f54b1a3	Auth: Rotate auth tokens at the end of requests (#21347 ) By rotating the auth tokens at the end of the request we ensure that there is minimum delay between a new token being generated and the client receiving it. Adds auth token slow load test which uses random latency for all tsdb queries.. Cleans up datasource proxy response handling. DefaultHandler in middleware tests should write a response, the responseWriter BeforeFuncs wont get executed unless a response is written. Fixes #18644 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Marcus Efraimsson	a1579283a6	Add disabled option for cookie samesite attribute (#21472 ) Breaking change: If disabled the cookie samesite cookie attribute will not be set, but if none the attribute will be set and is a breaking change compared to before where none did not render the attribute. This was due to a known issue in Safari. Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Fixes #19847	6 years ago
Torkel Ödegaard	be2bf1a297	AuthProxy: Can now login with auth proxy and get a login token (#20175 ) * AuthProxy: Can now login with auth proxy and get a login token * added unit tests * renamed setting and updated docs * AuthProxy: minor tweak * Fixed tests and namings * spellfix * fix * remove unused setting, probably from merge conflict * fix	6 years ago
Arve Knudsen	35e0e078b7	pkg/util: Check errors (#19832 ) * pkg/util: Check errors * pkg/services: DRY up code	6 years ago
Arve Knudsen	6e7c18fc1c	pkg/middleware: Check errors (#19749 ) * pkg/middleware: Check errors * pkg/middleware: Log when gzip middleware handler fails	6 years ago
Oleg Gaidarenko	6ca1a6c8da	Auth: change the error HTTP status codes (#18584 ) * Auth: change the error HTTP status codes * Use 407 HTTP status code for incorrect credentials error * Improve proxy auth logs * Remove no longer needed TODO comment Fixes #18439	6 years ago
Sofia Papagiannaki	4e29357d15	Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462 ) * Do not set SameSite login_error cookie attribute if cookie_samesite is none * Do not set SameSite grafana_session cookie attribute if cookie_samesite is none * Update middleware tests	6 years ago
Oleg Gaidarenko	d88fdc86fc	Auth: Do not search for the user twice (#18366 ) * Auth: Do not search for the user twice Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing `GetUserByLoginQuery` only i.e. looking user in DB only, things changed when this function started to check LDAP provider via `LoginUserQuery` (#6940), however, this request was placed after `GetUserByLoginQuery`, so we first looking in DB then in the LDAP - if LDAP user hasn't logged in we will not find it in DB, so `LoginUserQuery` will never be reached. `LoginUserQuery` request already performs `GetUserByLoginQuery` request in correct sequence. So we can just remove redundant request. * Correct sequence execution during authentification & introduce tests for it * Move basic auth tests to separate test file, since main test file already pretty large * Introduce `testing.go` for the middleware module * Remove redundant test helper function * Make handler names more explicit Ref `5777f65d05` Fixes #18329 * Auth: address review comment	6 years ago
Oleg Gaidarenko	7e89a93b5f	Auth: introduce more tests for middleware module (#18365 ) * Add tests for errors basic auth cases and moves tests to separate test-case. Also names test cases consistently * Add additional test helper Ref `82661b9f69`	6 years ago
Oleg Gaidarenko	82661b9f69	Auth: consistently return same basic auth errors (#18310 ) * Auth: consistently return same basic auth errors * Put repeated errors in consts and return only those consts as error strings * Add tests for errors basic auth cases and moves tests to separate test-case. Also names test cases consistently * Add more error logs and makes their messages consistent * A bit of code style * Add additional test helper * Auth: do not expose even incorrect password * Auth: address review comments Use `Debug` for the cases when it's an user error	6 years ago
gotjosh	ed8aeb2999	Auth Proxy: Include additional headers as part of the cache key (#18298 ) * Auth Proxy: Include additional headers as part of the cache key Auth proxy has support to send additional user attributes as part of the authentication flow. These attributes (e.g. Groups) need to be monitored as part of the process in case of change. This commit changes the way we compute the cache key to include all of the attributes sent as part of the authentication request. That way, if we change any user attributes we'll upsert the user information.	6 years ago
Oleg Gaidarenko	caa1314f44	Build: use golangci-lint as a make command (#17739 ) * Build: use golangci-lint as a make command * Since gometalinter was deprecated in favor of golangci-lint so it was replaced by it. Responsibilities held by the gometalinter was moved to golangci-lint * There was some changes in implementation (that was also mentioned in the code comment) between the tools, which uncovered couple errors in the code. Those issues were either solved or disabled by the inline comments * Introduce the golangci-lint config, to make their configuration more manageable * Build: replace backend-lint.sh script with make	6 years ago
Sofia Papagiannaki	f3f03ceb6a	Auth Proxy: Respect auto_sign_up setting (#17843 ) * Add test for disabled auth proxy auto signup option * Set correctly auth proxy auto signup	6 years ago
Sofia Papagiannaki	dc9ec7dc91	Auth: Allow expiration of API keys (#17678 ) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire.	6 years ago
Kyle Brandt	bd08d8ce8e	middleware: fix Strict-Transport-Security header (#17644 ) fixes #17641	6 years ago
Oleg Gaidarenko	9b7f9dd9be	LDAP: consistently name the LDAP entities (#17203 )	6 years ago
Marcus Efraimsson	1c1427520d	Security: Add new setting allow_embedding (#16853 ) When allow_embedding is false (default) the Grafana backend will set the http header `X-Frame-Options: deny` in all responses to non-static content which will instruct browser to not allow Grafana to be embedded in `<frame>`, `<iframe>`, `<embed>` or `<object>`. Closes #14189	6 years ago
Marcus Efraimsson	f778c1d971	Security: Responses from backend should not be cached (#16848 ) Currently all API requests set Cache-control: no-cache to avoid browsers caching sensitive data. This fixes so that all responses returned from backend not are cached using http headers. The exception is the data proxy where we don't add these http headers in case datasource backend needs to control whether data can be cached or not. Fixes #16845	6 years ago
Carl Bergquist	9660356638	Auth: Enable retries and transaction for some db calls for auth tokens (#16785 ) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it.	6 years ago
Oleg Gaidarenko	db584b3d28	Chore: remove session storage references (#16445 ) * Chore: remove session storage references * Small refactoring of the settings module * Update docs - remove references for the session storage * Update config files (sample and default configs) * Add tests for warning during the config load on defined storage cache * Remove all references to session storage * Remove macaron session dependency * Remove leftovers * Fix: address review comments * Fix: remove old deps * Fix: add skipStaticRootValidation = true to tests * Fix: improve the docs and warning message As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255 * Chore: make linter happy Fixes #16148 Ref #16114	6 years ago
Oleg Gaidarenko	318182ccc9	Chore: refactor auth proxy (#16504 ) * Chore: refactor auth proxy Introduced the helper struct for auth_proxy middleware. Added couple unit-tests, but it seems "integration" tests already cover most of the code paths. Although it might be good idea to test every bit of it, hm. Haven't refactored the extraction of the header logic that much Fixes #16147 * Fix: make linters happy	6 years ago
Oleg Gaidarenko	67cbc7d4cf	Chore: use remote cache instead of session storage (#16114 ) Replaces session storage in auth_proxy middleware with remote cache Fixes #15161	6 years ago
Marcus Efraimsson	8029e48588	support get user tokens/revoke all user tokens in UserTokenService	6 years ago
bergquist	e163aadfe4	use authtoken for session quota restrictions closes #15360	6 years ago
Marcus Efraimsson	836501186f	fix	6 years ago
Marcus Efraimsson	8678620730	move UserToken and UserTokenService to models package	6 years ago
Marcus Efraimsson	a60124a88c	change UserToken from interface to struct	6 years ago
Marcus Efraimsson	871c84d195	changes needed for api/middleware due to configuration settings	6 years ago
Marcus Efraimsson	d53e64a32c	move auth token middleware/hooks to middleware package fix/adds auth token middleware tests	6 years ago
bergquist	88ca54eba9	renames signout function	6 years ago
bergquist	43ac79685a	delete auth token on signout	6 years ago
bergquist	5998646da5	restrict session usage to auth_proxy	7 years ago
Marcus Efraimsson	59d0c19ba8	passing middleware tests	7 years ago
Marcus Efraimsson	81879f0162	fix broken code	7 years ago
Jacob Richard	34d3086ec8	Adding tests for auth proxy CIDR support	7 years ago
Torkel Ödegaard	b415d82611	fixed to template PR issues, #13938	7 years ago
Mario Trangoni	dde650905d	Fix megacheck issue unused code. I removed some code, and commented out other one. See, $ gometalinter --vendor --disable-all --disable=gotype --enable=megacheck --deadline 6m ./... \| grep unused pkg/api/avatar/avatar.go💯26⚠️ func (CacheServer).mustInt is unused (U1000) (megacheck) pkg/api/folder_test.go:136:6⚠️ func callGetFolderByUID is unused (U1000) (megacheck) pkg/api/folder_test.go:141:6⚠️ func callDeleteFolder is unused (U1000) (megacheck) pkg/api/live/hub.go:40:15⚠️ func (hub).removeConnection is unused (U1000) (megacheck) pkg/components/imguploader/azureblobuploader.go:130:5⚠️ var client is unused (U1000) (megacheck) pkg/middleware/middleware_test.go:438:28⚠️ func (scenarioContext).withInvalidApiKey is unused (U1000) (megacheck) pkg/services/alerting/ticker.go:40:18⚠️ func (Ticker).updateOffset is unused (U1000) (megacheck) pkg/services/notifications/notifications_test.go:12:6⚠️ type testTriggeredAlert is unused (U1000) (megacheck) pkg/services/sqlstore/dashboard_service_integration_test.go:935:6⚠️ type scenarioContext is unused (U1000) (megacheck) pkg/services/sqlstore/dashboard_service_integration_test.go:939:6⚠️ type scenarioFunc is unused (U1000) (megacheck) pkg/services/sqlstore/dashboard_service_integration_test.go:941:6⚠️ func dashboardGuardianScenario is unused (U1000) (megacheck) pkg/services/sqlstore/transactions_test.go:13:6⚠️ type testQuery is unused (U1000) (megacheck)	7 years ago
Marcus Efraimsson	8af5da7383	Revert "auth proxy: use real ip when validating white listed ip's"	7 years ago
Dan Cech	3056d9a80e	support passing api token in Basic auth password (#12416 )	7 years ago
Marcus Efraimsson	b418e14bd9	make sure to use real ip when validating white listed ip's	7 years ago
Karsten Weiss	de8696d5d3	Outdent code after if block that ends with return (golint) This commit fixes the following golint warnings: pkg/bus/bus.go:64:9: if block ends with a return statement, so drop this else and outdent its block pkg/bus/bus.go:84:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:137:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:177:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:183:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:199:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:208:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/components/dynmap/dynmap.go:236:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:242:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:257:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:263:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:278:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:284:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:299:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:331:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:350:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:356:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:366:12: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:390:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:396:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:405:12: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:427:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:433:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:442:12: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:459:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:465:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:474:12: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:491:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:497:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:506:12: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:523:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:529:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:538:12: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:555:9: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:561:10: if block ends with a return statement, so drop this else and outdent its block pkg/components/dynmap/dynmap.go:570:12: if block ends with a return statement, so drop this else and outdent its block pkg/login/ldap.go:55:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/login/ldap_test.go:372:10: if block ends with a return statement, so drop this else and outdent its block pkg/middleware/middleware_test.go:213:12: if block ends with a return statement, so drop this else and outdent its block pkg/plugins/dashboard_importer.go:153:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/plugins/dashboards_updater.go:39:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/plugins/dashboards_updater.go:121:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/plugins/plugins.go:210:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/plugins/plugins.go:235:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/eval_context.go:111:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/notifier.go:92:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/notifier.go:98:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/notifier.go:122:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/rule.go:108:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/rule.go:118:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/rule.go:121:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/alerting/notifiers/telegram.go:94:10: if block ends with a return statement, so drop this else and outdent its block pkg/services/sqlstore/annotation.go:34:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/sqlstore/annotation.go:99:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/sqlstore/dashboard_test.go:107:13: if block ends with a return statement, so drop this else and outdent its block pkg/services/sqlstore/plugin_setting.go:78:10: if block ends with a return statement, so drop this else and outdent its block pkg/services/sqlstore/preferences.go:91:10: if block ends with a return statement, so drop this else and outdent its block pkg/services/sqlstore/user.go:50:10: if block ends with a return statement, so drop this else and outdent its block pkg/services/sqlstore/migrator/migrator.go:106:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/services/sqlstore/migrator/postgres_dialect.go:48:10: if block ends with a return statement, so drop this else and outdent its block pkg/tsdb/time_range.go:59:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/tsdb/time_range.go:67:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) pkg/tsdb/cloudwatch/metric_find_query.go:225:9: if block ends with a return statement, so drop this else and outdent its block pkg/util/filepath.go:68:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)	7 years ago
Dan Cech	52503d9cb5	refactor authproxy & ldap integration, address comments	7 years ago
Dan Cech	d837be91ec	switch to passing ReqContext as a property	7 years ago
Dan Cech	a1b1d2fe80	switch to Result	7 years ago
Dan Cech	d5dd1c9bca	update auth proxy	7 years ago
Dan Cech	1c5afa731f	shared library for managing external user accounts	7 years ago

1 2

71 Commits (942a14b4ce2591b254e77d9cb02b3c02cd0014a2)