grafana

Commit Graph

Author	SHA1	Message	Date
Karl Persson	152cb47692	AuthN: Add IsAuthenticatedBy to identity interface and replace checks (#85262 ) Add IsAuthenticatedBy to identity interface and replace checks	1 year ago
Jo	7649d93d17	AuthProxy: Fix missing session for ldap auth proxy users (#85090 ) fix missing session for ldap auth proxy users	1 year ago
linoman	fc205db466	samlsettings: api integration (#84300 ) * add strategy and tests * use settings provider service and remove multiple providers strategy * Move SAML strategy to ssosettings service * Update codeowners file * reload from settings provider * add saml as configurable provider * Add new SAML strategy * rename old saml settings interface * update saml string references * use OSS license * validate saml provider depends on license for List * add tests for list rendering including saml * change the licensing validation to service init * replace service struct for provider	1 year ago
Jo	0aebb9ee39	Misc: Remove unused params and impossible logic (#83756 ) * remove unused params and impossible logic * remove unused param	1 year ago
Jo	36a19bfa83	AuthProxy: Allow disabling Auth Proxy cache (#83755 ) * extract auth proxy settings * simplify auth proxy methods * add doc mentions	1 year ago
김은빈	96dfb385ca	Grafana: Replace magic number with a constant variable in response status (#80132 ) * Chore: Replace response status with const var * Apply suggestions from code review Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Add net/http import --------- Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>	1 year ago
Karl Persson	9e04fd0fb7	AuthToken: Remove client token rotation feature toggle (#82886 ) * Remove usage of client token rotation flag * Remove client token rotation feature toggle	1 year ago
Karl Persson	8cb351e54a	Authn: Handle logout logic in auth broker (#79635 ) * AuthN: Add new client extension interface that allows for custom logout logic * AuthN: Add tests for oauth client logout * Call authn.Logout Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2 years ago
Mihai Doarna	bff2ac3627	Auth: check that oauthProvider is not nil in Logout() func (#79271 ) check that oauthProvider is not nil	2 years ago
venkatbvc	e152323a33	Auth: Split signout_redirect_url into per provider settings (#75269 ) * Split signout_redirect_url into per provider settings * Split signout_redirect_url into per provider settings * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Split signout_redirect_url into per provider settings * Split signout_redirect_url into per provider settings * Split signout_redirect_url into per provider settings * Split signout_redirect_url into per provider settings * Split signout_redirect_url into per provider settings * Split signout_redirect_url into per provider settings * update docs * update devenvs * add missing struct tag --------- Co-authored-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: jguer <me@jguer.space>	2 years ago
Jo	7d559bc69a	AuthProxy: Do not allow sessions to be assigned with other methods (#78602 ) do not allow login token with other methods	2 years ago
Ryan McKinley	f69fd3726b	FeatureToggles: Add context and and an explicit global check (#78081 )	2 years ago
Jo	8919cafcb4	Identity: Unfurl UserID and Email in pkg/api to user identity.Requester (#76112 ) * Unfurl OrgRole in pkg/api to allow using identity.Requester interface * Unfurl Email in pkg/api to allow using identity.Requester interface * Update UserID in pkg/api to allow using identity.Requester interface * fix authed test * fix datasource tests * guard login * fix preferences anon testing * fix anonymous index rendering * do not error with user id 0	2 years ago
Jo	729dafaff9	Auth: Unfurl OrgID in pkg/api to allow using identity.Requester interface (#76108 ) Unfurl OrgID in pkg/api to allow using identity.Requester interface	2 years ago
Ryan McKinley	025b2f3011	Chore: use any rather than interface{} (#74066 )	2 years ago
venkatbvc	7c98678188	Auth: Add support for OIDC RP-Initiated Logout (#70357 ) * Fix signout redirect_uri issue * Fix signout redirect_uri issue * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * remove signout url global * style alignment * remove legacy handlers for devenv * Update pkg/api/login.go --------- Co-authored-by: Rao B V Chalapathi <b_v_chalapathi.rao@nokia.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: jguer <me@jguer.space>	2 years ago
Karl Persson	43aab615c3	Auth: Remove unused Authenticator service (#73143 ) Auth: remove unused Authenticator service	2 years ago
Karl Persson	2c57bca176	Auth: Remove auth broker flag and clean up login handlers (#73109 ) * Auth: Remove auth broker flag and clean up login handlers	2 years ago
Maksym Revutskyi	d9c232b331	Auth: prevent auto_login redirect if user is already authenticated (#72477 ) * Auth: prevent auto_login redirect if user is already authenticated Before attempting an auto-login for OAuth, verifies if current context has already been authenticated. Fixes: #72476 Co-authored-by: Karl Persson <kalle.persson92@gmail.com>	2 years ago
Jo	914e0bf87e	Auth: Surface organization membership error (#71750 ) surface organization membership error	2 years ago
Jo	aee5c6dea0	Auth: Use auth broker by default (#69620 ) remove authnservice toggle	2 years ago
Serge Zaitsev	a38f230d37	Chore: Remove result fields from login (#65136 ) * remove result fields from login * fix tests * fix tests * another shadowing	2 years ago
Karl Persson	382b24742a	Auth: Add feature flag to move token rotation to client (#65060 ) * FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2 years ago
Karl Persson	872d2d1e1c	AuthN: Login error handling (#64239 ) * Social: Fix type so it appears in error responses * AuthN: construct errutil.Error from social.Error * login: Check for errutil.Error and use public message * Login: redirectURLWithErrorCookie for authn errors Co-authored-by: Jo <joao.guerreiro@grafana.com>	2 years ago
Karl Persson	f258adadbf	AuthN: add utility functions for different type of login responses (#64133 ) * AuthN: add utility functions to handle response and redirect after successful login * API: Reuse utility functions for logins if authnService flag is enabled	2 years ago
Torkel Ödegaard	27070c252d	ErrorHandling: Fixes issues with bad error messages (#63775 )	2 years ago
Karl Persson	8484d0c4ef	Settings: Remove global variables for auth settings (#63795 ) * Setting: Remove global DisableLoginForm and add it to cfg * Setting: Remove unused BasicAuthEnabled global * Setting: Remove global OAuthAutoLogin and use from cfg * Setting: Remove global AnonymousEnabled * Setting: Remove global values for AuthProxy settings	2 years ago
Emil Tullstedt	0caacb3333	Cookies: Provide a mechanism for per user control over cookies (#61566 )	2 years ago
Josh Hunt	138575cbe9	Config: Refactor frontend settings to struct (#61990 ) * Config: Make frontend settings a struct rather than map remove frontend settings to setting package remove frontend settings struct to dtos package rearrange structs to avoid cycles rename getFrontendSettings fn omitempty fix login test fix middleware test * wip some enterprise types * cleanup, moved structs from enterprise * ci	2 years ago
Kristin Laemmert	9256a520a4	chore: move user_auth models to (mostly) login service (#62269 ) * chore: move user_auth models to (mostly) login service	2 years ago
idafurjes	6c5a573772	Chore: Move ReqContext to contexthandler service (#62102 ) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports	2 years ago
Alexander Zobnin	60ef88c918	SAML: Support auto login (#61685 ) * SAML: Support auto login * Add individual auto_login option for each OAuth provider * Docs: Describe new auto_login option * Minor refactor	2 years ago
Karl Persson	2324597d8d	AuthN: Perform login with authn.Service (#61466 ) * AuthN: Create password client wrapper and use that on in basic auth client * AuthN: fix basic auth client test * AuthN: Add tests for form authentication * API: Inject authn service * Login: If authnService feature flag is enabled use authn login * Login: Handle token creation errors	2 years ago
Christian Segundo	707198227c	Auth: Log a more useful msg if no OAuth provider configured (#56722 ) Log a useful msg if no oauth provider configured When a user doesn't configure an OAuth provider and uses auto login, Grafana logs a misleading message indicating that he has multiple providers configured.	3 years ago
Dan Cech	fe3ae49cce	Backend: Consistently use context RemoteAddr function to determine remote address. (#60201 ) consistently use context RemoteAddr function to determine remote address	3 years ago
Karl Persson	fef1e1d5bc	Auth: Refactor auth package (#58920 ) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency	3 years ago
Karl Persson	98dbc637cc	Auth: Always include oauth and saml settings for frontend (#58705 ) * Auth: Always include oauth and saml settings	3 years ago
Karl Persson	052d1426f9	Oauth: Display friendly error message when role_attribute_strict=true and no valid role found (#57818 ) * Oauth: change error type to a struct that unwraps into a social error * Oauth: Handle empty role in error and fix unwrap * Oauth: provide more informatio in error * Oauth: return InvalidBasicRoleError * Oauth: Fix tests * Login: Remove casing * Oath: Change to warning logs	3 years ago
Misi	9c954d06ab	Auth: Refresh OAuth access_token automatically using the refresh_token (#56076 ) * Verify OAuth token expiration for oauth users in the ctx handler middleware * Use refresh token to get a new access token * Refactor oauth_token.go * Add tests for the middleware changes * Align other tests * Add tests, wip * Add more tests * Add InvalidateOAuthTokens method * Fix ExpiryDate update to default * Invalidate OAuth tokens during logout * Improve logout * Add more comments * Cleanup * Fix import order * Add error to HasOAuthEntry return values * add dev debug logs * Fix tests Co-authored-by: jguer <joao.guerreiro@grafana.com>	3 years ago
Alex	94ed744454	Auth: Make built-in login configurable (#46978 )	3 years ago
idafurjes	a14621fff6	Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343 ) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields	3 years ago
Jo	1f8b1eef75	SAML: Do not SAML SLO if user is not SAML authenticated (#53418 ) * Only SLO user if the user is using SAML * only one source of truth for auth module info * ensure SAML is also enabled and not only SLO * move auth module naming to auth module login package * use constants in other previously unused spots	3 years ago
idafurjes	d3d8fdd878	Chore: Move user errors to user service (#52460 ) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model	3 years ago
Jguer	b79b53cbdb	JWT: Add JWT proxy setup devenv (#51731 ) * JWT: Add JWT Auth devenv * Auth: JWT allow retrieving login token Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * JWT: Add JWT Auth Proxy devenv * JWT: Add instructions to readme * JWT: Add JWT users * JWT: Remove oauth users * revert session changes, unnecessary Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	3 years ago
idafurjes	6c43eb0b4d	Split Create User (#50502 ) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2	3 years ago
Kat Yang	3c3039f5b3	Chore: Remove Wrap (#50048 ) * Chore: Remove Wrap and Wrapf * Fix: Add error check	3 years ago
ying-jeanne	7ddae870e7	fix status code 200 (#47818 )	3 years ago
Serge Zaitsev	33006436cc	Chore: Remove bus.Dispatch from some login packages (#47248 ) * Chore: Remove bus.Dispatch from some login packages * remove debug log Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * remove login.Init() * remove unused reset function * remove AuthenticateUserFunc global * swap conditional branches Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * fix formatting Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>	3 years ago
Dan Cech	51cd6f3cc5	Configuration: Add ability to customize okta login button name and icon (#44079 ) * add ability to customize okta login button name and icon * update configs, add basic frontend test * add icon to oauth settings type * trigger tests * fix typecheck	3 years ago
ying-jeanne	78eb06ec02	remove bus from login (#44995 ) * remove bus from login * remove comments and format correctly * remove the downcast	3 years ago

1 2 3 4

171 Commits (f375af793f1bb1af116c08127001a6585c52a91f)