grafana

Commit Graph

Author	SHA1	Message	Date
idafurjes	e6123bc3ef	Replace AddHandler with AddHandlerCtx in tests (#42585 )	4 years ago
Serge Zaitsev	d9cdcb550e	Chore: Refactor api handlers to use web.Bind (#42199 ) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments	4 years ago
Tania B	5652bde447	Encryption: Use secrets service (#40251 ) * Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit `498eb19859`. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>	4 years ago
Joan López de la Franca Beltran	722c414fef	Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865 ) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Serge Zaitsev	3131388084	Chore: Imperative request data binding (#39837 ) * rename Bind to BindMiddleware * make things private * removed unused part of data bindings * provide json and form binding helpers * add example of binding migration in login api * implement validation * fix tests * remove debug output * put new bind api into macaron pacakge * revert bind api breaking change	4 years ago
Tania B	bfde29d107	Chore: Remove global encryption calls from authinfoservice (#38591 ) * Add encryption service * Add tests for encryption service * Inject encryption service into http server * Replace encryption global function usage in login tests * Migrate to Wire * Refactor authinfoservice to use encryption service Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
Tania B	a0108a1e5b	Encryption: Extract encryption into service (#38442 ) * Add encryption service * Add tests for encryption service * Inject encryption service into http server * Replace encryption global function usage in login tests * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Migrate to Wire * Undo non-desired changes * Move Encryption bindings to OSS Wire set Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	4 years ago
idafurjes	60ac54d969	Chore: Refactor OAuth/social package to service (#35403 ) * Creating SocialService * Add GetOAuthProviders as socialService method * Add OAuthTokenService * Add GetOAuthHttpClient method to SocialService * Rename services, access socialMap from GetConnector * Fix tests by mocking oauthtoken methods * Move NewAuthService into Init * Move OAuthService to social pkg * Refactor OAuthService to OAuthProvider * Fix nil map error, rename file, simplify tests * Fix bug for Forward OAuth Identify * Remove file after rebase	5 years ago
Joan López de la Franca Beltran	c41b08bd59	Settings: Encapsulate settings within an extensible provider (#32219 ) * Encapsulate settings with a provider with support for runtime reloads * SettingsProvider: reload is controlled by the services * naive impl of reload handlers for settings * working naive detection on new changes * Trigger settings reload from API endpoint * validation step added * validation of settings * Fix linting errors * Replace DB_Varchar by DB_NVarchar * Reduce settings columns (section, key) lenghts * wip db update logic * Db Settings: separate updates and removals * Fix: removes incorrectly added code * Minor code improvements * Runtime settings: moved oss -> ee * Remove no longer used setting.Cfg SAML-related fields * Rename file setting/settings.go => setting/provider.go * Apply suggestions from code review Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com> * Minor code improvements on OSS settings provider * Fix some login API tests * Correct some GoDoc comments * Apply suggestions from code review Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com> Co-authored-by: Leonard Gram <leo@xlson.com> Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com>	5 years ago
Hugo Häggmark	3d41267fc4	Chore: Moves common and response into separate packages (#30298 ) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	50b649a869	Middleware: Add CSP support (#29740 ) * Middleware: Add support for CSP Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored by @iOrcohen	5 years ago
Arve Knudsen	dd2d206d99	Backend: Remove more globals (#29644 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	12661e8a9d	Move middleware context handler logic to service (#29605 ) * middleware: Move context handler to own service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
taciomcosta	10ff4eecef	Backend: fix IPv6 address parsing erroneous (#28585 ) * Backend: Fix parsing of client IP address Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	5 years ago
Arve Knudsen	cb62e69997	Chore: Convert API tests to standard Go lib (#29009 ) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	5 years ago
Agnès Toulet	2c246276fd	API: replace SendLoginLogCommand with LoginHook (#28777 ) * API: replace SendLoginLogCommand with LoginHook * LoginInfo: Query -> LoginUsername	5 years ago
Agnès Toulet	65b5086a59	API: add login username in SendLoginLogCommand (#28544 ) * API: add login username in Login actions * LoginUser -> LoginUsername * fix test	5 years ago
Alexander Zobnin	d13c6b4c5a	OAuth: Able to skip auto login (#28357 ) * OAuth: able to skip auto login * OAuth: tests for internal login param * OAuth: rename internal -> disableAutoLogin * OAuth: update log message * OAuth: fix tests	5 years ago
Agnès Toulet	a9daaadd50	API: send Login actions (#27249 ) * API: first version to send events about login actions * API: improve login actions events * Login: update auth test with new behavior * Login: update auth test for auth module * Login OAuth: improve functions structure * API: make struct public to use for saml * API: add send login log tests for grafana and ldap login * API: remove log from tests * Login API: fix test linting * Update pkg/api/login_oauth.go Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Login API: refactor using defer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	5 years ago
Arve Knudsen	3651a8e976	Chore: Disable scopelint for tests (#25923 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Arve Knudsen	d1e6214a4a	Chore: Enable scopelint Go linter (#25896 ) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Sofia Papagiannaki	fefbbc65a8	Auth: Add support for forcing authentication in anonymous mode and modify SignIn to use it instead of redirect (#25567 ) * Forbid additional redirect urls * Optionally force login in anonymous mode * Update LoginCtrl page to ignore redirect parameter * Modify SignIn to set forceLogin query instead of redirect * Pass appUrl to frontend and use URL API for updating url query * Apply suggestions from code review Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix SignIn test Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>	6 years ago
Erik Sundell	d94796a022	Auth: Remove trailing / in cookies' path (#22265 ) (#22265 ) According to the stackoverflow answer below, it is recommended to not include a trailing / in cookies' path. By removing the trailing / for our cookies path value, people's browsers visiting grafana will pass the cookie not only to /grafana/ sub paths but also to /grafana sub paths. This commit avoids the situation where a user would visit http://localhost/grafana, get redirected to http://localhost/grafana/login, and following login get redirected back to http://localhost/grafana, but since the grafana_session cookie isn't passed along get redirected back once more to http://localhost/grafana/login. ref: https://stackoverflow.com/questions/36131023/setting-a-slash-on-cookie-path/53784228#53784228 ref: https://tools.ietf.org/html/rfc6265#section-5.1.4	6 years ago
Sofia Papagiannaki	be022d4239	API: Fix redirect issues (#22285 ) * Revert "API: Fix redirect issue when configured to use a subpath (#21652)" (#22671) This reverts commit `0e2d874ecf`. * Fix redirect validation (#22675) * Chore: Add test for parse of app url and app sub url Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Fix redirect: prepend subpath only if it's missing (#22676) * Validate redirect in login oauth (#22677) * Fix invalid redirect for authenticated user (#22678) * Login: Use correct path for OAuth logos Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>	6 years ago
Brian Gann	0e2d874ecf	API: Fix redirect issue when configured to use a subpath (#21652 ) * request uri will contain the subpath	6 years ago
Emil Tullstedt	29687903f8	Admin: Add promotional page for Grafana Enterprise (#21422 ) Co-authored-by: Torkel Ödegaard <torkel@grafana.com>	6 years ago
Marcus Efraimsson	a1579283a6	Add disabled option for cookie samesite attribute (#21472 ) Breaking change: If disabled the cookie samesite cookie attribute will not be set, but if none the attribute will be set and is a breaking change compared to before where none did not render the attribute. This was due to a known issue in Safari. Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Fixes #19847	6 years ago
Jeffrey Descan	c5f906f472	Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787 ) * Refactor redirect_to cookie with secure flag in middleware * Refactor redirect_to cookie with secure flag in api/login * Refactor redirect_to cookie with secure flag in api/login_oauth * Removed the deletion of 'Set-Cookie' header to prevent logout * Removed the deletion of 'Set-Cookie' at top of api/login.go * Add HttpOnly flag on redirect_to cookies where missing * Refactor duplicated code * Add tests * Refactor cookie options * Replace local function for deleting cookie * Delete redundant calls Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>	6 years ago
Sofia Papagiannaki	b12dc890b8	API: Validate redirect_to cookie has valid (Grafana) url (#21057 ) * Restrict redirect_to to valid relative paths * Add tests	6 years ago
Torkel Ödegaard	be2bf1a297	AuthProxy: Can now login with auth proxy and get a login token (#20175 ) * AuthProxy: Can now login with auth proxy and get a login token * added unit tests * renamed setting and updated docs * AuthProxy: minor tweak * Fixed tests and namings * spellfix * fix * remove unused setting, probably from merge conflict * fix	6 years ago
Leonard Gram	992b4b8adf	Licensing service (#19903 ) * Licensing: supplies a service to handle licensing information * Licensing: uses the license service further Uses the license service instead of settings.isEnterprise: - external team members - saml - usage stats * Licensing: fixes broken tests due to new Licensing service dependency * Licensing: fixes linting errors * Licensing: exposes license expiry information to the frontend	6 years ago
gotjosh	7b7b95341e	LDAP: Allow an user to be synchronised against LDAP (#18976 ) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.	6 years ago
gotjosh	0cbbb43222	LDAP: Add API endpoint to debug user mapping from LDAP (#18833 ) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.	6 years ago
Sofia Papagiannaki	78ca55f3d7	Fix: Break redirect loop if oauth_auto_login = true and OAuth login fails (#17974 ) * Add tests for login view * Fix OAuth auto login redirect loop login_error cookie is only set when the OAuth login fails for some reason. Therefore, the login view should return immediately if a login_error cookie exists before trying to login the user using OAuth again. * Fix test Use 'index-template' instead of 'index' for testing * Add some comments	7 years ago

34 Commits (e6123bc3ef5d23760069962d28f37de67ef6a55d)