IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5255ebfdfebb2307f9e558890a227d81fe540b9
grafana/pkg/services/authn/authnimpl/service.go

224 lines
6.6 KiB
Go
Raw Normal View History

Features: Add aplha feature toggle for authn service (#59469) * Features: Add aplha feature toggle for authn service * AuthN: Add service boilerplate * Set authnz-team as codeowners of authn service
2022-11-29 10:57:47 +01:00
package authnimpl
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
import (
"context"
AuthN: set org id for authentication request in service (#60528) * AuthN: Replicate functionallity to get org id for request * Authn: parse org id for the request and populate the auth request with it * AuthN: add simple mock for client to use in test * AuthN: add tests to verify that authentication is called with correct org id * AuthN: Add ClientParams to mock * AuthN: Fix flaky org id selection
2022-12-20 21:18:48 +01:00
"net/http"
"strconv"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
"go.opentelemetry.io/otel/attribute"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
"github.com/grafana/grafana/pkg/infra/log"
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
"github.com/grafana/grafana/pkg/infra/network"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
"github.com/grafana/grafana/pkg/infra/tracing"
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
"github.com/grafana/grafana/pkg/services/accesscontrol"
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
"github.com/grafana/grafana/pkg/services/apikey"
AuthN: Add session client (#60894) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor
2023-01-04 15:10:43 +00:00
"github.com/grafana/grafana/pkg/services/auth"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
"github.com/grafana/grafana/pkg/services/authn"
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
sync "github.com/grafana/grafana/pkg/services/authn/authnimpl/usersync"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
"github.com/grafana/grafana/pkg/services/authn/clients"
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/loginattempt"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
"github.com/grafana/grafana/pkg/services/org"
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
"github.com/grafana/grafana/pkg/services/quota"
AuthN: Add render auth client (#60914) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled
2023-01-04 13:48:00 +01:00
"github.com/grafana/grafana/pkg/services/rendering"
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
"github.com/grafana/grafana/pkg/services/user"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
"github.com/grafana/grafana/pkg/setting"
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
"github.com/grafana/grafana/pkg/web"
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
)
Features: Add aplha feature toggle for authn service (#59469) * Features: Add aplha feature toggle for authn service * AuthN: Add service boilerplate * Set authnz-team as codeowners of authn service
2022-11-29 10:57:47 +01:00
AuthN: set org id for authentication request in service (#60528) * AuthN: Replicate functionallity to get org id for request * Authn: parse org id for the request and populate the auth request with it * AuthN: add simple mock for client to use in test * AuthN: add tests to verify that authentication is called with correct org id * AuthN: Add ClientParams to mock * AuthN: Fix flaky org id selection
2022-12-20 21:18:48 +01:00
// make sure service implements authn.Service interface
Features: Add aplha feature toggle for authn service (#59469) * Features: Add aplha feature toggle for authn service * AuthN: Add service boilerplate * Set authnz-team as codeowners of authn service
2022-11-29 10:57:47 +01:00
var _ authn.Service = new(Service)
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
func ProvideService(
AuthN: Add session client (#60894) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor
2023-01-04 15:10:43 +00:00
cfg *setting.Cfg, tracer tracing.Tracer,
orgService org.Service, sessionService auth.UserTokenService,
accessControlService accesscontrol.Service,
apikeyService apikey.Service, userService user.Service,
Authn: JWT client (#61157) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
2023-01-10 14:08:52 +00:00
jwtService auth.JWTVerifierService,
AuthN: Add session client (#60894) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor
2023-01-04 15:10:43 +00:00
loginAttempts loginattempt.Service, quotaService quota.Service,
AuthN: Add render auth client (#60914) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled
2023-01-04 13:48:00 +01:00
authInfoService login.AuthInfoService, renderService rendering.Service,
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
) *Service {
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
s := &Service{
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
log: log.New("authn.service"),
cfg: cfg,
clients: make(map[string]authn.Client),
tracer: tracer,
sessionService: sessionService,
postAuthHooks: []authn.PostAuthHookFn{},
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
}
AuthN: Add render auth client (#60914) * AuthN: Add boilderplate for render auth client * AuthN: Implement test function for render auth client * AuthN: Implement Authenticate for render arender auth client * ContextHandler: Perform render auth if flag is enabled
2023-01-04 13:48:00 +01:00
s.clients[authn.ClientRender] = clients.ProvideRender(userService, renderService)
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
s.clients[authn.ClientAPIKey] = clients.ProvideAPIKey(apikeyService, userService)
AuthN: Add session client (#60894) * add basic session client * populate UserToken in ReqContext * token rotation as a post auth hook * fixed in context handler * add session token rotation * add session token tests * use namespacedID constructor
2023-01-04 15:10:43 +00:00
sessionClient := clients.ProvideSession(sessionService, userService, cfg.LoginCookieName, cfg.LoginMaxLifetime)
s.clients[authn.ClientSession] = sessionClient
s.RegisterPostAuthHook(sessionClient.RefreshTokenHook)
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
if s.cfg.AnonymousEnabled {
s.clients[authn.ClientAnonymous] = clients.ProvideAnonymous(cfg, orgService)
}
AuthN: Refactor basic auth client to support multiple password auth (#61153) * AuthN: add interface for password clients * AuthN: Extract grafana password client * AuthN: Rewrite basic client tests * AuthN: Add Ldap client and rename method of PasswordClient * AuthN: Configure multiple password clients * AuthN: create ldap service and add tests
2023-01-09 16:40:29 +01:00
var passwordClients []authn.PasswordClient
if !s.cfg.DisableLogin {
passwordClients = append(passwordClients, clients.ProvideGrafana(userService))
}
if s.cfg.LDAPEnabled {
passwordClients = append(passwordClients, clients.ProvideLDAP(cfg))
}
// only configure basic auth client if it is enabled, and we have at least one password client enabled
if s.cfg.BasicAuthEnabled && len(passwordClients) > 0 {
s.clients[authn.ClientBasic] = clients.ProvideBasic(loginAttempts, passwordClients...)
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
}
Authn: JWT client (#61157) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
2023-01-10 14:08:52 +00:00
if s.cfg.JWTAuthEnabled {
s.clients[authn.ClientJWT] = clients.ProvideJWT(jwtService, cfg)
}
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
// FIXME (jguer): move to User package
AuthN: Add client to perform basic authentication (#60877) * AuthN: Add basic auth client boilerplate * AuthN: Implement test function for basic auth client * AuthN: Implement the authentication method for basic auth * AuthN: Add tests for basic auth authentication * ContextHandler: perform basic auth authentication through authn service if feature toggle is enabled * AuthN: Add providers for sync services and pass required dependencies
2023-01-03 10:23:38 +01:00
userSyncService := sync.ProvideUserSync(userService, authInfoService, quotaService)
orgUserSyncService := sync.ProvideOrgSync(userService, orgService, accessControlService)
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
s.RegisterPostAuthHook(userSyncService.SyncUser)
s.RegisterPostAuthHook(orgUserSyncService.SyncOrgUser)
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
return s
}
Features: Add aplha feature toggle for authn service (#59469) * Features: Add aplha feature toggle for authn service * AuthN: Add service boilerplate * Set authnz-team as codeowners of authn service
2022-11-29 10:57:47 +01:00
type Service struct {
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
log log.Logger
cfg *setting.Cfg
clients map[string]authn.Client
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
tracer tracing.Tracer
sessionService auth.UserTokenService
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
// postAuthHooks are called after a successful authentication. They can modify the identity.
postAuthHooks []authn.PostAuthHookFn
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
2023-01-12 15:02:04 +01:00
// postLoginHooks are called after a login request is performed, both for failing and successful requests.
postLoginHooks []authn.PostLoginHookFn
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
}
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Request) (*authn.Identity, bool, error) {
c, ok := s.clients[client]
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
if !ok {
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
return nil, false, nil
}
if !c.Test(ctx, r) {
return nil, false, nil
}
AuthN: tune logging (#60917) * AuthN: remove comment * AuthN: Only start trace if valid authentication client is used
2023-01-04 16:25:42 +01:00
ctx, span := s.tracer.Start(ctx, "authn.Authenticate")
defer span.End()
span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client))
AuthN: set org id for authentication request in service (#60528) * AuthN: Replicate functionallity to get org id for request * Authn: parse org id for the request and populate the auth request with it * AuthN: add simple mock for client to use in test * AuthN: add tests to verify that authentication is called with correct org id * AuthN: Add ClientParams to mock * AuthN: Fix flaky org id selection
2022-12-20 21:18:48 +01:00
r.OrgID = orgIDFromRequest(r)
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
identity, err := c.Authenticate(ctx, r)
if err != nil {
AuthN: tune logging (#60917) * AuthN: remove comment * AuthN: Only start trace if valid authentication client is used
2023-01-04 16:25:42 +01:00
s.log.FromContext(ctx).Warn("auth client could not authenticate request", "client", client, "error", err)
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client could not authenticate request"}})
return nil, true, err
Auth: Add anonymous authn client (#59637) * Authn: Add Client interface and Reqeust and Identity structures * Authn: Implement Authenticate method in service * Authn: Add tracing * Authn: Add logger * AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
}
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
for _, hook := range s.postAuthHooks {
AuthN: Make client params part of the identity (#61050) * AuthN: Change client params to be a return value of authenticate * AuthN: move client params to be part of the identity
2023-01-05 20:17:41 +01:00
if err := hook(ctx, identity, r); err != nil {
Authn: JWT client (#61157) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
2023-01-10 14:08:52 +00:00
s.log.FromContext(ctx).Warn("post auth hook failed", "error", err, "id", identity)
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
return nil, false, err
}
}
Authn: Add client for api keys (#60339) * AuthN: Add functionallity to test if auth client should be used * AuthN: Add bolierplate client for api keys and register it * AuthN: Add tests for api key client * Inject service * AuthN: Update client names * ContextHandler: Set authn service * AuthN: Implement authentication for api key client * ContextHandler: Use authn service for api keys if flag is enabled * AuthN: refactor authentication method to return additional value to indicate if client could perform authentication * update prefixes * Add namespaced id to identity * AuthN: Expand the Identity struct to include required fields from signed in user * Add error for disabled service account * Add function to write error response based on errutil.Error * Add error to log * Return errors based on errutil.Error * pass error * update log message * Fix namespaced ids * Add tests * Lint
2022-12-19 09:22:11 +01:00
return identity, true, nil
Features: Add aplha feature toggle for authn service (#59469) * Features: Add aplha feature toggle for authn service * AuthN: Add service boilerplate * Set authnz-team as codeowners of authn service
2022-11-29 10:57:47 +01:00
}
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
2023-01-12 15:02:04 +01:00
func (s *Service) RegisterPostAuthHook(hook authn.PostAuthHookFn) {
s.postAuthHooks = append(s.postAuthHooks, hook)
}
func (s *Service) Login(ctx context.Context, client string, r *authn.Request) (identity *authn.Identity, err error) {
var ok bool
identity, ok, err = s.Authenticate(ctx, client, r)
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
if !ok {
return nil, authn.ErrClientNotConfigured.Errorf("client not configured: %s", client)
}
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
2023-01-12 15:02:04 +01:00
defer func() {
for _, hook := range s.postLoginHooks {
hook(ctx, identity, r, err)
}
}()
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
if err != nil {
return nil, err
}
namespace, id := identity.NamespacedID()
// Login is only supported for users
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
2023-01-12 15:02:04 +01:00
if namespace != authn.NamespaceUser || id <= 0 {
AuthN: Login (#61225) * AuthN: Add function to login auth request
2023-01-10 14:55:27 +01:00
return nil, authn.ErrUnsupportedIdentity.Errorf("expected identity of type user but got: %s", namespace)
}
addr := web.RemoteAddr(r.HTTPRequest)
ip, err := network.GetIPFromAddress(addr)
if err != nil {
s.log.Debug("failed to parse ip from address", "addr", addr)
}
sessionToken, err := s.sessionService.CreateToken(ctx, &user.User{ID: id}, ip, r.HTTPRequest.UserAgent())
if err != nil {
return nil, err
}
identity.SessionToken = sessionToken
return identity, nil
}
AuthN: Post login hooks (#61287) * AuthN: add the ability to register post login hooks * AuthN: add a guard for the user id * AuthN: Add helper to create external user info from identity * AuthN: Pass auth request to password clients * AuthN: set auth module and username in metadata
2023-01-12 15:02:04 +01:00
func (s *Service) RegisterPostLoginHook(hook authn.PostLoginHookFn) {
s.postLoginHooks = append(s.postLoginHooks, hook)
Authn: Refactor user sync and org sync as post auth hooks (#60504) * add user sync * add org user sync * add client params * merge remaining conflicts * remove change to report.go * update comments * add basic tests for user ID population * add tests for auth ID find * add tests for user sync create and update * add tests for orgsync * satisfy lint * add userID guards
2022-12-20 13:59:05 +00:00
}
AuthN: set org id for authentication request in service (#60528) * AuthN: Replicate functionallity to get org id for request * Authn: parse org id for the request and populate the auth request with it * AuthN: add simple mock for client to use in test * AuthN: add tests to verify that authentication is called with correct org id * AuthN: Add ClientParams to mock * AuthN: Fix flaky org id selection
2022-12-20 21:18:48 +01:00
func orgIDFromRequest(r *authn.Request) int64 {
if r.HTTPRequest == nil {
return 0
}
orgID := orgIDFromQuery(r.HTTPRequest)
if orgID > 0 {
return orgID
}
return orgIDFromHeader(r.HTTPRequest)
}
// name of query string used to target specific org for request
const orgIDTargetQuery = "targetOrgId"
func orgIDFromQuery(req *http.Request) int64 {
params := req.URL.Query()
if !params.Has(orgIDTargetQuery) {
return 0
}
id, err := strconv.ParseInt(params.Get(orgIDTargetQuery), 10, 64)
if err != nil {
return 0
}
return id
}
// name of header containing org id for request
const orgIDHeaderName = "X-Grafana-Org-Id"
func orgIDFromHeader(req *http.Request) int64 {
header := req.Header.Get(orgIDHeaderName)
if header == "" {
return 0
}
id, err := strconv.ParseInt(header, 10, 64)
if err != nil {
return 0
}
return id
}
Reference in New Issue Copy Permalink