Authn: Set requester in middleware (#89929)

identify in context

pkg/services/contexthandler/contexthandler.go

@@ -112,16 +112,16 @@ func (h *ContextHandler) Middleware(next http.Handler) http.Handler {
 			reqContext.Logger = reqContext.Logger.New("traceID", traceID)
 		}
 
-		identity, err := h.authnService.Authenticate(ctx, &authn.Request{HTTPRequest: reqContext.Req, Resp: reqContext.Resp})
+		id, err := h.authnService.Authenticate(ctx, &authn.Request{HTTPRequest: reqContext.Req, Resp: reqContext.Resp})
 		if err != nil {
 			// Hack: set all errors on LookupTokenErr, so we can check it in auth middlewares
 			reqContext.LookupTokenErr = err
 		} else {
-			reqContext.SignedInUser = identity.SignedInUser()
+			reqContext.SignedInUser = id.SignedInUser()
-			reqContext.UserToken = identity.SessionToken
+			reqContext.UserToken = id.SessionToken
 			reqContext.IsSignedIn = !reqContext.SignedInUser.IsAnonymous
 			reqContext.AllowAnonymous = reqContext.SignedInUser.IsAnonymous
-			reqContext.IsRenderCall = identity.IsAuthenticatedBy(login.RenderModule)
+			reqContext.IsRenderCall = id.IsAuthenticatedBy(login.RenderModule)
 		}
 
 		reqContext.Logger = reqContext.Logger.New("userId", reqContext.UserID, "orgId", reqContext.OrgID, "uname", reqContext.Login)
@@ -138,7 +138,7 @@ func (h *ContextHandler) Middleware(next http.Handler) http.Handler {
 		// End the span to make next handlers not wrapped within middleware span
 		span.End()
 
-		next.ServeHTTP(w, r)
+		next.ServeHTTP(w, r.WithContext(identity.WithRequester(ctx, id)))
 	})
 }
 

pkg/services/contexthandler/contexthandler_test.go

@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/grafana/grafana/pkg/api/routing"
+	"github.com/grafana/grafana/pkg/apimachinery/identity"
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/services/authn"
 	"github.com/grafana/grafana/pkg/services/authn/authntest"
@@ -44,20 +45,24 @@ func TestContextHandler(t *testing.T) {
 	})
 
 	t.Run("should set identity on successful authentication", func(t *testing.T) {
-		identity := &authn.Identity{ID: authn.NewNamespaceID(authn.NamespaceUser, 1), OrgID: 1}
+		id := &authn.Identity{ID: authn.NewNamespaceID(authn.NamespaceUser, 1), OrgID: 1}
 		handler := contexthandler.ProvideService(
 			setting.NewCfg(),
 			tracing.InitializeTracerForTest(),
 			featuremgmt.WithFeatures(),
-			&authntest.FakeService{ExpectedIdentity: identity},
+			&authntest.FakeService{ExpectedIdentity: id},
 		)
 
 		server := webtest.NewServer(t, routing.NewRouteRegister())
 		server.Mux.Use(handler.Middleware)
 		server.Mux.Get("/api/handler", func(c *contextmodel.ReqContext) {
 			require.True(t, c.IsSignedIn)
-			require.EqualValues(t, identity.SignedInUser(), c.SignedInUser)
+			require.EqualValues(t, id.SignedInUser(), c.SignedInUser)
 			require.NoError(t, c.LookupTokenErr)
+
+			requester, err := identity.GetRequester(c.Req.Context())
+			require.NoError(t, err)
+			require.Equal(t, id, requester)
 		})
 
 		res, err := server.Send(server.NewGetRequest("/api/handler"))