grafana

Commit Graph

Author	SHA1	Message	Date
Karl Persson	bb217f7e5d	AuthN: Only mark IsSignedIn if user is not anonymous (#63833 ) Contexthandler: Only mark IsSignedIn if user is not anonymous	2 years ago
Jo	635a456fa4	Authn: Add separate context for session tagging (#63561 ) add context	2 years ago
Jo	ff78103a24	Authn: Anon session service (#63052 ) * add anon sessions package * add usage stat fn * implement count for cache * add anonservice to authn broker * lint * add tests for remote cache count * move anon service to services * wrap tagging in goroutine * make func used	2 years ago
Carl Bergquist	9d66b18b9c	Instrumentation: removes option to return uname as header (#62929 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	2 years ago
idafurjes	982939111b	Rename Id to ID for annotation models (#62886 ) * Rename Id to ID for annotation models * Add xorm tags * Rename Id to ID for API key models * Add xorm tags	2 years ago
Karl Persson	ce5e067d28	ContextHandler: add all configured auth header to context (#62775 ) * ContextHandler: Always store list of possible auth headers in context and remove individual calls	2 years ago
Misi	7c1d9769ca	Auth: Rotate token patch (#62676 ) * Use singleflight.Group * Align tests * Cleanup	2 years ago
Kristin Laemmert	9256a520a4	chore: move user_auth models to (mostly) login service (#62269 ) * chore: move user_auth models to (mostly) login service	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Eric Leijonmarck	c5cb5be3cc	Auth: Fix catch both both ErrInvalidAPIKey for context with APIKey (#62193 ) * fix: capture both ErrInvalidAPIKey * rename of variable	2 years ago
Karl Persson	95ea4bad6f	AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705 ) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Kristin Laemmert	cd08f2575a	chore: move jwt models into auth/jwt (#61862 ) * chore: move jwt models into auth/jwt	2 years ago
Karl Persson	1454b1b40a	Reqcontext: Add methods to write responses bases on errutil.Error (#60889 ) * ReqContext: Add methods to reqcontext used to handle errutil.Error * ReqContext: Pass all public field in response from errutil.Error	2 years ago
Karl Persson	766fa4e7d5	AuthN: Add last seen sync hooks for user and api keys (#61571 ) * AUthN: Add last seen sync hooks for user / service account and move api key last seen to own hook * ContextHandler: only run sync for last seen if auth.Service is not enabled	2 years ago
Karl Persson	b44b6fc5c6	AuthN: Add auth proxy client (#61555 ) * AuthN: set up boilerplate for proxy client * AuthN: Implement Test for proxy client * AuthN: parse accept list in constructor * AuthN: add proxy client interface * AuthN: handle error * AuthN: Implement the proxy client interface for ldap * AuthN: change reciever name * AuthN: add grafana as a proxy client * AuthN: for error returned * AuthN: add tests for grafana proxy auth * AuthN: swap order of grafan and ldap auth * AuthN: Parse additional proxy headers in proxy client and pass down	2 years ago
Eric Leijonmarck	07bbc0716c	Auth: Fix correct error for updateapikey in context handler (#61544 ) * fix: correct error for updateapikey * refactor: send the correct err forward * update: based on review	2 years ago
Jo	0c8ad80575	Authn: JWT client (#61157 ) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>	2 years ago
Karl Persson	c5f77b6a46	AuthN: Set LookupTokenErr and fall through in case of error (#61217 ) ContextHandler: Set LookupTokenErr and fall through in case of error during authentication	2 years ago
Jo	a226903ec6	AuthN: Add session client (#60894 ) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor	2 years ago
Karl Persson	da24a9d74e	AuthN: Add render auth client (#60914 ) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled	2 years ago
Karl Persson	9fbb29c588	AuthN: Add client to perform basic authentication (#60877 ) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies	2 years ago
Karl Persson	1b1a14b6f6	ContextHandler: Get token from req context when performing rotation (#60533 ) ContextHandler: get token from req context when performing end of request rotation	2 years ago
Karl Persson	2e53a58bc3	Authn: Add client for api keys (#60339 ) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint	2 years ago
Carl Bergquist	1b676d0d49	Contexthandler: Add uname as response header (#59930 ) Signed-off-by: bergquist <carl.bergquist@gmail.com>	2 years ago
Karl Persson	22be025284	Auth: Add anonymous authn client (#59637 ) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client	3 years ago
Jo	fee50be1bb	Sessions: Remove invalid session cookie if it's invalid/expired/missing (#59556 ) only remove invalid session cookie if it's invalid/expired/missing	3 years ago
Karl Persson	062c5b805c	Auth: Merge ActiveAuthTokenService into UserAuthTokenService (#59032 ) * Auth: Merge UserTokenService and ActiveAuthTokenService * Auth: Rename function	3 years ago
Misi	9c98314e9f	OAuth: Refactor OAuth parameters handling to support obtaining refresh tokens for Google OAuth (#58782 ) * Add ApprovalForce to AuthCodeOptions * Extract access token validity check to a function * Refactor * Oauth: set options internally instead of exposing new function * Align tests * Remove unused function Co-authored-by: Karl Persson <kalle.persson@grafana.com>	3 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Sofia Papagiannaki	ab36252c86	Quota: Fix failure when checking session limits (#58865 )	3 years ago
Misi	4915d21c25	OAuth: Feature toggle for access token expiration check and docs (#58179 ) * Add feature toggle for access token expiration check * Add docs for configuring refresh tokens * Update docs * Update docs based on review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Improve documentation * Change access_type default to Offline * Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update pkg/services/featuremgmt/registry.go Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com> * Regenerate toggles * Update Generic OAuth docs Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>	3 years ago
Eric Leijonmarck	72d0c6b428	Auth: add IsServiceAccount to IsRealUser (#58015 ) * add: IsServiceAccount to SignedInUser and IsRealUser * fix: linting error * refactor: add function IsServiceAccountUser() By adding the function IsServiceAccountUser() we use it to identify for ServiceAccounts in the HasUniqueID() since caching is built up on having a uniqueID, see comment: https://github.com/grafana/grafana/pull/58015#discussion_r1011361880	3 years ago
Marcus Efraimsson	6f8fcae01b	[main] Plugin fixes (#57399 ) * Plugins: Remove support for V1 manifests * Plugins: Make proxy endpoints not leak sensitive HTTP headers * Security: Fix do not forward login cookie in outgoing requests (cherry picked from commit `4539c33fce`) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>	3 years ago
Kristin Laemmert	05709ce411	chore: remove sqlstore & mockstore dependencies from (most) packages (#57087 ) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible	3 years ago
Misi	9c954d06ab	Auth: Refresh OAuth access_token automatically using the refresh_token (#56076 ) * Verify OAuth token expiration for oauth users in the ctx handler middleware * Use refresh token to get a new access token * Refactor oauth_token.go * Add tests for the middleware changes * Align other tests * Add tests, wip * Add more tests * Add InvalidateOAuthTokens method * Fix ExpiryDate update to default * Invalidate OAuth tokens during logout * Improve logout * Add more comments * Cleanup * Fix import order * Add error to HasOAuthEntry return values * add dev debug logs * Fix tests Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Kat Yang	7715672fb3	Chore: use org service methods (#55768 ) * Chore: use org service methods * fix tests * fix errors * adjust func signatures for getbyname * 💩 * Use the same fake service to get the user in AC and in HS * Fix middleware test * Fix more middleware test * Fix api tests Co-authored-by: gamab <gabi.mabs@gmail.com> Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>	3 years ago
Nicholas Wiersma	faf8eb3afb	JWT: Allow conventional bearer token in Authorization header (#54821 ) * fix: allow JWT to accept standard bearer token * fix: linter issues * fix: linter gosec false positive * fix: refactor logic into JWT handler * fix: move bearer trimming earlier	3 years ago
Emil Tullstedt	0ffbf901d7	ContextHandler: Use stdlib format for middleware (#54219 )	3 years ago
Jo	4a9137ac40	API Keys: Add revocation for SATs (#53896 ) * add apikey is_revoked field * add token store tests * Apply suggestions from code review * remove unused fields	3 years ago
Jo	10e6eac632	Auth: Reduce lookup cookie error to warning and invalidate cookie (#53881 ) * Reduce lookup cookie error to warning. Delete invalid cookie to avoid continuous refresh * debug log branch	3 years ago
idafurjes	fa2e74cd6e	Chore: Remove GetSignedInUserWithCacheCtx from store interface (#53734 ) * Remove delete suer from store interface * Remove get signed in user with cache ctx from store interface * Support options when setting up access control tests * Fix broken tests * Fix lint * Add user fake to middleware * Fix middleware tests, remove usertest being initialised twice Co-authored-by: Karl Persson <kalle.persson@grafana.com>	3 years ago
idafurjes	a14621fff6	Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343 ) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields	3 years ago
idafurjes	6afad51761	Move SignedInUser to user service and RoleType and Roles to org (#53445 ) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2	3 years ago
idafurjes	0c5b71694f	Chore: Add user service method UpdateLastSeenAt (#53309 ) * Chore: Add user service method UpdateLastSeenAt * Fix lint	3 years ago
Serge Zaitsev	191ab3bb01	Chore: Move api key models into apikey service package (#53241 ) * Chore: move api key models into apikey service package * force table name for api key	3 years ago
Serge Zaitsev	64488f6b90	Chore: split APIKey store (#52781 ) * move apikey store into a separate service * add apikey service to wire graph * fix linter * switch api to use apikey service * fix provideservice in tests * add apikey service test double * try different sql syntax * rolling back the dialect * trigger drone * trigger drone	3 years ago
idafurjes	d3d8fdd878	Chore: Move user errors to user service (#52460 ) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model	3 years ago
Agnès Toulet	ca80865bf1	Rendering: Fix user information when using render key (#50879 ) * Rendering: Fix user information when using render key * fix when render user ID is 0 * update fix * improve fix * add comment	3 years ago
Jguer	6d0261263c	ServiceAccounts: Add Service Account Token last used at date (#51446 ) * ServiceAccounts Add api key last used at * ServiceAccounts: LastUpdateAt tests	3 years ago
idafurjes	6c43eb0b4d	Split Create User (#50502 ) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2	3 years ago

1 2

90 Commits (ed11c32c1dbeb7da9f9d525ebe2f7a0501dd9899)