mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
oauth: provide more logging for failed oauth requests
This commit is contained in:
parent
23c610015f
commit
0848ba2e9c
@ -8,7 +8,6 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
||||||
@ -16,6 +15,7 @@ import (
|
|||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
"github.com/grafana/grafana/pkg/bus"
|
"github.com/grafana/grafana/pkg/bus"
|
||||||
|
"github.com/grafana/grafana/pkg/log"
|
||||||
"github.com/grafana/grafana/pkg/metrics"
|
"github.com/grafana/grafana/pkg/metrics"
|
||||||
"github.com/grafana/grafana/pkg/middleware"
|
"github.com/grafana/grafana/pkg/middleware"
|
||||||
m "github.com/grafana/grafana/pkg/models"
|
m "github.com/grafana/grafana/pkg/models"
|
||||||
@ -29,6 +29,7 @@ var (
|
|||||||
ErrSignUpNotAllowed = errors.New("Signup is not allowed for this adapter")
|
ErrSignUpNotAllowed = errors.New("Signup is not allowed for this adapter")
|
||||||
ErrUsersQuotaReached = errors.New("Users quota reached")
|
ErrUsersQuotaReached = errors.New("Users quota reached")
|
||||||
ErrNoEmail = errors.New("Login provider didn't return an email address")
|
ErrNoEmail = errors.New("Login provider didn't return an email address")
|
||||||
|
oauthLogger = log.New("oauth.login")
|
||||||
)
|
)
|
||||||
|
|
||||||
func GenStateString() string {
|
func GenStateString() string {
|
||||||
@ -50,10 +51,11 @@ func OAuthLogin(ctx *middleware.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
error := ctx.Query("error")
|
errorParam := ctx.Query("error")
|
||||||
if error != "" {
|
if errorParam != "" {
|
||||||
errorDesc := ctx.Query("error_description")
|
errorDesc := ctx.Query("error_description")
|
||||||
redirectWithError(ctx, ErrProviderDeniedRequest, "error", error, "errorDesc", errorDesc)
|
oauthLogger.Error("failed to login ", "error", errorParam, "errorDesc", errorDesc)
|
||||||
|
redirectWithError(ctx, ErrProviderDeniedRequest, "error", errorParam, "errorDesc", errorDesc)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,7 +92,7 @@ func OAuthLogin(ctx *middleware.Context) {
|
|||||||
if setting.OAuthService.OAuthInfos[name].TlsClientCert != "" || setting.OAuthService.OAuthInfos[name].TlsClientKey != "" {
|
if setting.OAuthService.OAuthInfos[name].TlsClientCert != "" || setting.OAuthService.OAuthInfos[name].TlsClientKey != "" {
|
||||||
cert, err := tls.LoadX509KeyPair(setting.OAuthService.OAuthInfos[name].TlsClientCert, setting.OAuthService.OAuthInfos[name].TlsClientKey)
|
cert, err := tls.LoadX509KeyPair(setting.OAuthService.OAuthInfos[name].TlsClientCert, setting.OAuthService.OAuthInfos[name].TlsClientKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(1, "Failed to setup TlsClientCert", "oauth provider", name, "error", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
tr.TLSClientConfig.Certificates = append(tr.TLSClientConfig.Certificates, cert)
|
tr.TLSClientConfig.Certificates = append(tr.TLSClientConfig.Certificates, cert)
|
||||||
@ -99,7 +101,7 @@ func OAuthLogin(ctx *middleware.Context) {
|
|||||||
if setting.OAuthService.OAuthInfos[name].TlsClientCa != "" {
|
if setting.OAuthService.OAuthInfos[name].TlsClientCa != "" {
|
||||||
caCert, err := ioutil.ReadFile(setting.OAuthService.OAuthInfos[name].TlsClientCa)
|
caCert, err := ioutil.ReadFile(setting.OAuthService.OAuthInfos[name].TlsClientCa)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(1, "Failed to setup TlsClientCa", "oauth provider", name, "error", err)
|
||||||
}
|
}
|
||||||
caCertPool := x509.NewCertPool()
|
caCertPool := x509.NewCertPool()
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
caCertPool.AppendCertsFromPEM(caCert)
|
||||||
|
Loading…
Reference in New Issue
Block a user