2015-01-15 05:16:54 -06:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2015-02-10 08:36:51 -06:00
|
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
2019-02-23 16:35:26 -06:00
|
|
|
"github.com/grafana/grafana/pkg/infra/metrics"
|
2019-05-21 06:52:49 -05:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
2015-02-23 04:24:22 -06:00
|
|
|
"github.com/grafana/grafana/pkg/util"
|
2015-01-15 05:16:54 -06:00
|
|
|
)
|
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
func AdminCreateUser(c *models.ReqContext, form dtos.AdminCreateUserForm) {
|
|
|
|
cmd := models.CreateUserCommand{
|
2015-02-10 08:36:51 -06:00
|
|
|
Login: form.Login,
|
|
|
|
Email: form.Email,
|
|
|
|
Password: form.Password,
|
|
|
|
Name: form.Name,
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cmd.Login) == 0 {
|
|
|
|
cmd.Login = cmd.Email
|
|
|
|
if len(cmd.Login) == 0 {
|
|
|
|
c.JsonApiErr(400, "Validation error, need specify either username or email", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cmd.Password) < 4 {
|
|
|
|
c.JsonApiErr(400, "Password is missing or too short", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := bus.Dispatch(&cmd); err != nil {
|
|
|
|
c.JsonApiErr(500, "failed to create user", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-07-16 09:58:46 -05:00
|
|
|
metrics.MApiAdminUserCreate.Inc()
|
2015-03-22 14:14:00 -05:00
|
|
|
|
2015-11-16 09:28:38 -06:00
|
|
|
user := cmd.Result
|
2015-11-16 08:55:02 -06:00
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
result := models.UserIdDTO{
|
2015-11-16 09:28:38 -06:00
|
|
|
Message: "User created",
|
|
|
|
Id: user.Id,
|
|
|
|
}
|
2015-11-16 08:55:02 -06:00
|
|
|
|
2015-11-16 09:28:38 -06:00
|
|
|
c.JSON(200, result)
|
2015-02-10 08:36:51 -06:00
|
|
|
}
|
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
func AdminUpdateUserPassword(c *models.ReqContext, form dtos.AdminUpdateUserPasswordForm) {
|
2018-03-22 06:37:35 -05:00
|
|
|
userID := c.ParamsInt64(":id")
|
2015-02-23 04:24:22 -06:00
|
|
|
|
|
|
|
if len(form.Password) < 4 {
|
|
|
|
c.JsonApiErr(400, "New password too short", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
userQuery := models.GetUserByIdQuery{Id: userID}
|
2015-02-23 04:24:22 -06:00
|
|
|
|
|
|
|
if err := bus.Dispatch(&userQuery); err != nil {
|
|
|
|
c.JsonApiErr(500, "Could not read user from database", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-10-23 03:40:12 -05:00
|
|
|
passwordHashed, err := util.EncodePassword(form.Password, userQuery.Result.Salt)
|
|
|
|
if err != nil {
|
|
|
|
c.JsonApiErr(500, "Could not encode password", err)
|
|
|
|
return
|
|
|
|
}
|
2015-02-23 04:24:22 -06:00
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
cmd := models.ChangeUserPasswordCommand{
|
2018-03-22 06:37:35 -05:00
|
|
|
UserId: userID,
|
2015-02-23 04:24:22 -06:00
|
|
|
NewPassword: passwordHashed,
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := bus.Dispatch(&cmd); err != nil {
|
|
|
|
c.JsonApiErr(500, "Failed to update user password", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
c.JsonOK("User password updated")
|
|
|
|
}
|
|
|
|
|
2018-12-01 11:28:10 -06:00
|
|
|
// PUT /api/admin/users/:id/permissions
|
2019-05-21 06:52:49 -05:00
|
|
|
func AdminUpdateUserPermissions(c *models.ReqContext, form dtos.AdminUpdateUserPermissionsForm) {
|
2018-03-22 06:37:35 -05:00
|
|
|
userID := c.ParamsInt64(":id")
|
2015-02-26 08:43:48 -06:00
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
cmd := models.UpdateUserPermissionsCommand{
|
2018-03-22 06:37:35 -05:00
|
|
|
UserId: userID,
|
2015-02-26 08:43:48 -06:00
|
|
|
IsGrafanaAdmin: form.IsGrafanaAdmin,
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := bus.Dispatch(&cmd); err != nil {
|
2019-05-21 06:52:49 -05:00
|
|
|
if err == models.ErrLastGrafanaAdmin {
|
|
|
|
c.JsonApiErr(400, models.ErrLastGrafanaAdmin.Error(), nil)
|
2018-12-01 11:28:10 -06:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-02-26 08:43:48 -06:00
|
|
|
c.JsonApiErr(500, "Failed to update user permissions", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
c.JsonOK("User permissions updated")
|
|
|
|
}
|
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
func AdminDeleteUser(c *models.ReqContext) {
|
2018-03-22 06:37:35 -05:00
|
|
|
userID := c.ParamsInt64(":id")
|
2015-02-11 09:47:22 -06:00
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
cmd := models.DeleteUserCommand{UserId: userID}
|
2015-02-11 09:47:22 -06:00
|
|
|
|
|
|
|
if err := bus.Dispatch(&cmd); err != nil {
|
|
|
|
c.JsonApiErr(500, "Failed to delete user", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-11-16 09:28:38 -06:00
|
|
|
c.JsonOK("User deleted")
|
2015-02-11 09:47:22 -06:00
|
|
|
}
|
2019-03-08 08:15:38 -06:00
|
|
|
|
2019-05-21 06:52:49 -05:00
|
|
|
// POST /api/admin/users/:id/disable
|
2019-05-23 07:54:47 -05:00
|
|
|
func (server *HTTPServer) AdminDisableUser(c *models.ReqContext) Response {
|
2019-05-21 06:52:49 -05:00
|
|
|
userID := c.ParamsInt64(":id")
|
|
|
|
|
|
|
|
// External users shouldn't be disabled from API
|
|
|
|
authInfoQuery := &models.GetAuthInfoQuery{UserId: userID}
|
|
|
|
if err := bus.Dispatch(authInfoQuery); err != models.ErrUserNotFound {
|
2019-05-23 07:54:47 -05:00
|
|
|
return Error(500, "Could not disable external user", nil)
|
2019-05-21 06:52:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
disableCmd := models.DisableUserCommand{UserId: userID, IsDisabled: true}
|
|
|
|
if err := bus.Dispatch(&disableCmd); err != nil {
|
2019-05-23 07:54:47 -05:00
|
|
|
return Error(500, "Failed to disable user", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
err := server.AuthTokenService.RevokeAllUserTokens(c.Req.Context(), userID)
|
|
|
|
if err != nil {
|
|
|
|
return Error(500, "Failed to disable user", err)
|
2019-05-21 06:52:49 -05:00
|
|
|
}
|
|
|
|
|
2019-05-23 07:54:47 -05:00
|
|
|
return Success("User disabled")
|
2019-05-21 06:52:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// POST /api/admin/users/:id/enable
|
2019-05-23 07:54:47 -05:00
|
|
|
func AdminEnableUser(c *models.ReqContext) Response {
|
2019-05-21 06:52:49 -05:00
|
|
|
userID := c.ParamsInt64(":id")
|
|
|
|
|
|
|
|
// External users shouldn't be disabled from API
|
|
|
|
authInfoQuery := &models.GetAuthInfoQuery{UserId: userID}
|
|
|
|
if err := bus.Dispatch(authInfoQuery); err != models.ErrUserNotFound {
|
2019-05-23 07:54:47 -05:00
|
|
|
return Error(500, "Could not enable external user", nil)
|
2019-05-21 06:52:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
disableCmd := models.DisableUserCommand{UserId: userID, IsDisabled: false}
|
|
|
|
if err := bus.Dispatch(&disableCmd); err != nil {
|
2019-05-23 07:54:47 -05:00
|
|
|
return Error(500, "Failed to enable user", err)
|
2019-05-21 06:52:49 -05:00
|
|
|
}
|
|
|
|
|
2019-05-23 07:54:47 -05:00
|
|
|
return Success("User enabled")
|
2019-05-21 06:52:49 -05:00
|
|
|
}
|
|
|
|
|
2019-03-08 08:15:38 -06:00
|
|
|
// POST /api/admin/users/:id/logout
|
2019-05-21 06:52:49 -05:00
|
|
|
func (server *HTTPServer) AdminLogoutUser(c *models.ReqContext) Response {
|
2019-03-08 08:15:38 -06:00
|
|
|
userID := c.ParamsInt64(":id")
|
|
|
|
|
|
|
|
if c.UserId == userID {
|
|
|
|
return Error(400, "You cannot logout yourself", nil)
|
|
|
|
}
|
|
|
|
|
2019-04-30 07:42:01 -05:00
|
|
|
return server.logoutUserFromAllDevicesInternal(c.Req.Context(), userID)
|
2019-03-08 08:15:38 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
// GET /api/admin/users/:id/auth-tokens
|
2019-05-21 06:52:49 -05:00
|
|
|
func (server *HTTPServer) AdminGetUserAuthTokens(c *models.ReqContext) Response {
|
2019-03-08 08:15:38 -06:00
|
|
|
userID := c.ParamsInt64(":id")
|
|
|
|
return server.getUserAuthTokensInternal(c, userID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// POST /api/admin/users/:id/revoke-auth-token
|
2019-05-21 06:52:49 -05:00
|
|
|
func (server *HTTPServer) AdminRevokeUserAuthToken(c *models.ReqContext, cmd models.RevokeAuthTokenCmd) Response {
|
2019-03-08 08:15:38 -06:00
|
|
|
userID := c.ParamsInt64(":id")
|
|
|
|
return server.revokeUserAuthTokenInternal(c, userID, cmd)
|
|
|
|
}
|