grafana

Commit Graph

Author	SHA1	Message	Date
gotjosh	332920954e	SAML: Show SAML login button even if OAuth is disabled (#17993 ) * Move the SAML button outside of the oauth div * Don't attempt to search cookies with an empty name	7 years ago
Sofia Papagiannaki	dc9ec7dc91	Auth: Allow expiration of API keys (#17678 ) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire.	7 years ago
Kyle Brandt	bd08d8ce8e	middleware: fix Strict-Transport-Security header (#17644 ) fixes #17641	7 years ago
Yann Verry	ed613194ac	HTTPServer: Fix X-XSS-Protection header formatting (#17620 ) Fixes #17619	7 years ago
Oleg Gaidarenko	1b1d951495	LDAP: refactoring (#17479 ) * LDAP: use only one struct * Use only models.ExternalUserInfo * Add additional helper method :/ * Move all the helpers to one module * LDAP: refactoring * Rename some of the public methods and change their behaviour * Remove outdated methods * Simplify logic * More tests There is no and never were tests for settings.go, added tests for helper methods (cover is now about 100% for them). Added tests for the main LDAP logic, but there is some stuff to add. Dial() is not tested and not decoupled. It might be a challenge to do it properly * Restructure tests: * they wouldn't depend on external modules * more consistent naming * logical division * More guards for erroneous paths * Login: make login service an explicit dependency * LDAP: remove no longer needed test helper fns * LDAP: remove useless import * LDAP: Use new interface in multildap module * LDAP: corrections for the groups of multiple users * In case there is several users their groups weren't detected correctly * Simplify helpers module	7 years ago
Kyle Brandt	599514ad68	middleware: add security related HTTP(S) response headers (#17522 ) * x_xss_protection * strict_transport_security (HSTS) * x_content_type_options these are currently defaulted to false (off) until the next minor release. fixes #17509	7 years ago
Oleg Gaidarenko	35f227de11	Feature: LDAP refactoring (#16950 ) * incapsulates multipleldap logic under one module * abstracts users upsert and get logic * changes some of the text error messages and import sort sequence * heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour * integrates affected auth_proxy module and their tests * refactoring of the auth_proxy logic	7 years ago
zhulongcheng	2fff8f77dc	move log package to /infra (#17023 ) ref #14679 Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>	7 years ago
Marcus Efraimsson	1c1427520d	Security: Add new setting allow_embedding (#16853 ) When allow_embedding is false (default) the Grafana backend will set the http header `X-Frame-Options: deny` in all responses to non-static content which will instruct browser to not allow Grafana to be embedded in `<frame>`, `<iframe>`, `<embed>` or `<object>`. Closes #14189	7 years ago
Marcus Efraimsson	f778c1d971	Security: Responses from backend should not be cached (#16848 ) Currently all API requests set Cache-control: no-cache to avoid browsers caching sensitive data. This fixes so that all responses returned from backend not are cached using http headers. The exception is the data proxy where we don't add these http headers in case datasource backend needs to control whether data can be cached or not. Fixes #16845	7 years ago
Carl Bergquist	9660356638	Auth: Enable retries and transaction for some db calls for auth tokens (#16785 ) the WithSession wrapper handles retries and connection management so the caller dont have to worry about it.	7 years ago
Oleg Gaidarenko	67cbc7d4cf	Chore: use remote cache instead of session storage (#16114 ) Replaces session storage in auth_proxy middleware with remote cache Fixes #15161	7 years ago
Marcus Efraimsson	8678620730	move UserToken and UserTokenService to models package	7 years ago
Marcus Efraimsson	a60124a88c	change UserToken from interface to struct	7 years ago
Marcus Efraimsson	44275d9660	middleware fix	7 years ago
Marcus Efraimsson	871c84d195	changes needed for api/middleware due to configuration settings	7 years ago
Marcus Efraimsson	d53e64a32c	move auth token middleware/hooks to middleware package fix/adds auth token middleware tests	7 years ago
bergquist	f257101c41	removes unused/commented code	7 years ago
bergquist	5998646da5	restrict session usage to auth_proxy	7 years ago
Marcus Efraimsson	4096449aec	extract auth token interface and remove auth token from context	7 years ago
bergquist	55b3013eb3	moves initWithToken to auth package	7 years ago
Marcus Efraimsson	734a7d38b2	set cookie name from configuration	7 years ago
Marcus Efraimsson	0d1e3759eb	mixor fixes	7 years ago
Marcus Efraimsson	f3125b447b	dead code	7 years ago
bergquist	47a7d93fd9	moves rotation into auth since both happens before c.Next()	7 years ago
bergquist	fd937e3d95	remove maxage from session token	7 years ago
Marcus Efraimsson	97c7963f17	fix cannot set cookie when response is written	7 years ago
bergquist	c2accfa4c0	inital code for rotate	7 years ago
bergquist	aba6148c43	login users based on token cookie	7 years ago
Marcus Efraimsson	cfb061ddab	refactor datasource caching	7 years ago
Mario Trangoni	e673337cb9	pkg/middleware/middleware.go: Fix empty branch warning. See, $ gometalinter --vendor --deadline 10m --disable-all --enable=megacheck ./... pkg/middleware/middleware.go:46:3⚠️ empty branch (SA9003) (megacheck)	7 years ago
Torkel Ödegaard	abef94b0da	made it possible to have frontend code in symlinked folders that can add routes	7 years ago
Torkel Ödegaard	80d694d205	Backend image rendering as plugin (#11966 ) * rendering: headless chrome progress * renderer: minor change * grpc: version hell * updated grpc libs * wip: minor progess * rendering: new image rendering plugin is starting to work * feat: now phantomjs works as well and updated alerting to use new rendering service * refactor: renamed renderer package and service to rendering to make renderer name less confusing (rendering is internal service that handles the renderer plugin now) * rendering: now render key is passed and render auth is working in plugin mode * removed unneeded lines from gitignore * rendering: now plugin mode supports waiting for all panels to complete rendering * fix: LastSeenAt fix for render calls, was not set which causes a lot of updates to Last Seen at during rendering, this should fix sqlite db locked issues in seen in previous releases * change: changed render tz url parameter to use proper timezone name as chrome does not handle UTC offset TZ values * fix: another update to tz param generation * renderer: added http mode to renderer service, new ini setting [rendering] server_url	8 years ago
Dan Cech	1c5afa731f	shared library for managing external user accounts	8 years ago
Dan Cech	c0ecdee375	rename Context to ReqContext	8 years ago
Dan Cech	338655dd37	move Context and session out of middleware	8 years ago
Torkel Ödegaard	0e61a670bb	fix: error handling now displays page correctly, fixes #10777	8 years ago
Torkel Ödegaard	a8a5f8181b	fix: viewers can edit now works correctly	8 years ago
bergquist	2de94d6548	convert old metrics to prom metrics	8 years ago
Torkel Ödegaard	e8a20643d6	feat: store last seen date for users and present in stats and user lists, closes #9007	8 years ago
Daniel Lee	e6f9546a7c	api: add no cache headers for IE11 Adds pragma and expires headers for API calls so that IE11 does not cache GET calls. Ref #5356	9 years ago
Daniel Lee	74093c700f	api: adds no-cache header for GET requests Fixes #5356. Internet Explorer aggressively caches GET requests which means that all API calls fetching data are cached. This fix adds a Cache-Control header with the value no-cache to all GET requests to the API.	9 years ago
Dan Cech	f490c5f12c	use X-Grafana-Org-Id header to ensure backend uses correct org (#8122 )	9 years ago
Utkarsh Bhatnagar	5777f65d05	Basic Auth now supports LDAP username and password (#6940 )	9 years ago
Torkel Ödegaard	05772b30d7	feat(ux): completed work on getting started panel, #6466	9 years ago
Torkel Ödegaard	18e965c775	fix(error handling): fixed server side error handling page	9 years ago
Torkel Ödegaard	175c651e65	fix(server side rendering): Fixed issues with server side rendering for alerting & for auth proxy scenarios, fixes #6115 , fixes #5906	9 years ago
bergquist	e7b56c6389	tech(metrics): move all request counters into one middleware	9 years ago
Torkel Ödegaard	bf1ea560e9	feat(logging): error logging improvements	10 years ago
Torkel Ödegaard	65aad44464	feat(logging): added uname to context logger	10 years ago

1 2 3

102 Commits (c675449aa2e39dfe29d6e63daf7c1c9c9d3f9b91)