IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-26 02:40:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into dashboard_permissions

Browse Source
This commit is contained in:
Daniel Lee 2018-01-30 09:26:23 +01:00
commit 0fb05bcf59
45 changed files with 1404 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -10,8 +10,8 @@ awsconfig
/public_gen
/public/vendor/npm
/tmp
vendor/phantomjs/phantomjs
vendor/phantomjs/phantomjs.exe
tools/phantomjs/phantomjs
tools/phantomjs/phantomjs.exe
profile.out
coverage.txt

39
CHANGELOG.md
View File

@ -2,7 +2,7 @@
Grafana v5.0 is going to be the biggest and most foundational release Grafana has ever had, coming with a ton of UX improvements, a new dashboard grid engine, dashboard folders, user teams and permissions. Checkout out this [video preview](https://www.youtube.com/watch?v=BC_YRNpqj5k) of Grafana v5.
### New Features
### New Major Features
- **Dashboards** Dashboard folders, [#1611](https://github.com/grafana/grafana/issues/1611)
- **Teams** User groups (teams) implemented. Can be used in folder & dashboard permission list.
- **Dashboard grid**: Panels are now layed out in a two dimensional grid (with x, y, w, h). [#9093](https://github.com/grafana/grafana/issues/9093).
@ -10,31 +10,22 @@ Grafana v5.0 is going to be the biggest and most foundational release Grafana ha
- **UX**: Major update to page header and navigation
- **Dashboard settings**: Combine dashboard settings views into one with side menu, [#9750](https://github.com/grafana/grafana/issues/9750)
## Breaking changes
* **[dashboard.json]** have been replaced with [dashboard provisioning](http://docs.grafana.org/administration/provisioning/).
Config files for provisioning datasources as configuration have changed from `/conf/datasources` to `/conf/provisioning/datasources`.
From `/etc/grafana/datasources` to `/etc/grafana/provisioning/datasources` when installed with deb/rpm packages.
* **Pagerduty** The notifier now defaults to not auto resolve incidents. More details at [#10222](https://github.com/grafana/grafana/issues/10222)
## New Dashboard Grid
The new grid engine is major upgrade for how you can position and move panels. It enables new layouts and a much easier dashboard building experience. The change is backwards compatible. Grafana will automatically upgrade your dashboards to the new schema and position panels to match your existing layout. There might be minor differences in panel height.
The new grid engine is a major upgrade for how you can position and move panels. It enables new layouts and a much easier dashboard building experience. The change is backward compatible. So you can upgrade your current version to 5.0 without breaking dashboards, but you cannot downgrade from 5.0 to previous versions. Grafana will automatically upgrade your dashboards to the new schema and position panels to match your existing layout. There might be minor differences in panel height. If you upgrade to 5.0 and for some reason want to rollback to the previous version you can restore dashboards to previous versions using dashboard history. But that should only be seen as an emergency solution.
Dashboard panels and rows are positioned using a gridPos object `{x: 0, y: 0, w: 24, h: 5}`. Units are in grid dimensions (24 columns, 1 height unit 30px). Rows and Panels objects exist (together) in a flat array directly on the dashboard root object. Rows are not needed for layouts anymore and are mainly there for backward compatibility. Some panel plugins that do not respect their panel height might require an update.
## New Features
* **Alerting**: Add support for internal image store [#6922](https://github.com/grafana/grafana/issues/6922), thx [@FunkyM](https://github.com/FunkyM)
## Minor
* **Graph**: Don't hide graph display options (Lines/Points) when draw mode is unchecked [#9770](https://github.com/grafana/grafana/issues/9770), thx [@Jonnymcc](https://github.com/Jonnymcc)
* **Prometheus**: Show label name in paren after by/without/on/ignoring/group_left/group_right [#9664](https://github.com/grafana/grafana/pull/9664), thx [@mtanda](https://github.com/mtanda)
# 4.7.0 (unreleased / v4.7.x branch)
## Breaking changes
`[dashboard.json]` have been replaced with [dashboard provisioning](http://docs.grafana.org/administration/provisioning/).
Config files for provisioning datasources as configuration have changed from `/conf/datasources` to `/conf/provisioning/datasources`.
From `/etc/grafana/datasources` to `/etc/grafana/provisioning/datasources` when installed with deb/rpm packages.
The pagerduty notifier now defaults to not auto resolve incidents. More details at [#10222](https://github.com/grafana/grafana/issues/10222)
## New Features
* **Data Source Proxy**: Add support for whitelisting specified cookies that will be passed through to the data source when proxying data source requests [#5457](https://github.com/grafana/grafana/issues/5457), thanks [@robingustafsson](https://github.com/robingustafsson)
* **Postgres/MySQL**: add __timeGroup macro for mysql [#9596](https://github.com/grafana/grafana/pull/9596), thanks [@svenklemm](https://github.com/svenklemm)
* **Text**: Text panel are now edited in the ace editor. [#9698](https://github.com/grafana/grafana/pull/9698), thx [@mtanda](https://github.com/mtanda)
@ -45,8 +36,11 @@ The pagerduty notifier now defaults to not auto resolve incidents. More details
* **Dashboard as cfg**: Load dashboards from file into Grafana on startup/change [#9654](https://github.com/grafana/grafana/issues/9654) [#5269](https://github.com/grafana/grafana/issues/5269)
* **Prometheus**: Grafana can now send alerts to Prometheus Alertmanager while firing [#7481](https://github.com/grafana/grafana/issues/7481), thx [@Thib17](https://github.com/Thib17) and [@mtanda](https://github.com/mtanda)
* **Table**: Support multiple table formated queries in table panel [#9170](https://github.com/grafana/grafana/issues/9170), thx [@davkal](https://github.com/davkal)
* **Security**: Protect against brute force (frequent) login attempts [#7616](https://github.com/grafana/grafana/issues/7616)
## Minor
* **Graph**: Don't hide graph display options (Lines/Points) when draw mode is unchecked [#9770](https://github.com/grafana/grafana/issues/9770), thx [@Jonnymcc](https://github.com/Jonnymcc)
* **Prometheus**: Show label name in paren after by/without/on/ignoring/group_left/group_right [#9664](https://github.com/grafana/grafana/pull/9664), thx [@mtanda](https://github.com/mtanda)
* **Alert panel**: Adds placeholder text when no alerts are within the time range [#9624](https://github.com/grafana/grafana/issues/9624), thx [@straend](https://github.com/straend)
* **Mysql**: MySQL enable MaxOpenCon and MaxIdleCon regards how constring is configured. [#9784](https://github.com/grafana/grafana/issues/9784), thx [@dfredell](https://github.com/dfredell)
* **Cloudwatch**: Fixes broken query inspector for cloudwatch [#9661](https://github.com/grafana/grafana/issues/9661), thx [@mtanda](https://github.com/mtanda)
@ -59,16 +53,15 @@ The pagerduty notifier now defaults to not auto resolve incidents. More details
* **Azure**: Adds support for Azure blob storage as external image stor [#8955](https://github.com/grafana/grafana/issues/8955), thx [@saada](https://github.com/saada)
* **Telegram**: Add support for inline image uploads to telegram notifier plugin [#9967](https://github.com/grafana/grafana/pull/9967), thx [@rburchell](https://github.com/rburchell)
## Tech
* **RabbitMq**: Remove support for publishing events to RabbitMQ [#9645](https://github.com/grafana/grafana/issues/9645)
## Fixes
* **Sensu**: Send alert message to sensu output [#9551](https://github.com/grafana/grafana/issues/9551), thx [@cjchand](https://github.com/cjchand)
* **Singlestat**: suppress error when result contains no datapoints [#9636](https://github.com/grafana/grafana/issues/9636), thx [@utkarshcmu](https://github.com/utkarshcmu)
* **Postgres/MySQL**: Control quoting in SQL-queries when using template variables [#9030](https://github.com/grafana/grafana/issues/9030), thanks [@svenklemm](https://github.com/svenklemm)
* **Pagerduty**: Pagerduty dont auto resolve incidents by default anymore. [#10222](https://github.com/grafana/grafana/issues/10222)
## Tech
* **RabbitMq**: Remove support for publishing events to RabbitMQ [#9645](https://github.com/grafana/grafana/issues/9645)
# 4.6.3 (2017-12-14)
## Fixes

2
circle.yml
View File

@ -9,7 +9,7 @@ machine:
GOPATH: "/home/ubuntu/.go_workspace"
ORG_PATH: "github.com/grafana"
REPO_PATH: "${ORG_PATH}/grafana"
GODIST: "go1.9.2.linux-amd64.tar.gz"
GODIST: "go1.9.3.linux-amd64.tar.gz"
post:
- mkdir -p ~/download
- mkdir -p ~/docker

3
conf/defaults.ini
View File

@ -174,6 +174,9 @@ disable_gravatar = false
# data source proxy whitelist (ip_or_domain:port separated by spaces)
data_source_proxy_whitelist =
# disable protection against brute force login attempts
disable_brute_force_login_protection = false
#################################### Snapshots ###########################
[snapshots]
# snapshot sharing options

3
conf/sample.ini
View File

@ -162,6 +162,9 @@ log_queries =
# data source proxy whitelist (ip_or_domain:port separated by spaces)
;data_source_proxy_whitelist =
# disable protection against brute force login attempts
;disable_brute_force_login_protection = false
#################################### Snapshots ###########################
[snapshots]
# snapshot sharing options

2
docker/blocks/prometheus/Dockerfile
View File

@ -1,3 +1,3 @@
FROM prom/prometheus
FROM prom/prometheus:v1.8.2
ADD prometheus.yml /etc/prometheus/
ADD alert.rules /etc/prometheus/

2
docs/sources/reference/sharing.md
View File

@ -39,7 +39,7 @@ Click a panel title to open the panel menu, then click share in the panel menu t
### Direct Link Rendered Image
You also get a link to service side rendered PNG of the panel. Useful if you want to share an image of the panel. Please note that for OSX and Windows, you will need to ensure that a `phantomjs` binary is available under `vendor/phantomjs/phantomjs`. For Linux, a `phantomjs` binary is included - however, you should ensure that any requisite libraries (e.g. libfontconfig) are available.
You also get a link to service side rendered PNG of the panel. Useful if you want to share an image of the panel. Please note that for OSX and Windows, you will need to ensure that a `phantomjs` binary is available under `tools/phantomjs/phantomjs`. For Linux, a `phantomjs` binary is included - however, you should ensure that any requisite libraries (e.g. libfontconfig) are available.
Example of a link to a server-side rendered PNG:

7
pkg/api/login.go
View File

@ -102,12 +102,13 @@ func LoginPost(c *middleware.Context, cmd dtos.LoginCommand) Response {
}
authQuery := login.LoginUserQuery{
Username: cmd.User,
Password: cmd.Password,
Username: cmd.User,
Password: cmd.Password,
IpAddress: c.Req.RemoteAddr,
}
if err := bus.Dispatch(&authQuery); err != nil {
if err == login.ErrInvalidCredentials {
if err == login.ErrInvalidCredentials || err == login.ErrTooManyLoginAttempts {
return ApiError(401, "Invalid username or password", err)
}

63
pkg/login/auth.go
View File

@ -3,21 +3,20 @@ package login
import (
"errors"
"crypto/subtle"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
var (
ErrInvalidCredentials = errors.New("Invalid Username or Password")
ErrInvalidCredentials = errors.New("Invalid Username or Password")
ErrTooManyLoginAttempts = errors.New("Too many consecutive incorrect login attempts for user. Login for user temporarily blocked")
)
type LoginUserQuery struct {
Username string
Password string
User *m.User
Username string
Password string
User *m.User
IpAddress string
}
func Init() {
@ -26,41 +25,31 @@ func Init() {
}
func AuthenticateUser(query *LoginUserQuery) error {
err := loginUsingGrafanaDB(query)
if err == nil || err != ErrInvalidCredentials {
if err := validateLoginAttempts(query.Username); err != nil {
return err
}
if setting.LdapEnabled {
for _, server := range LdapCfg.Servers {
author := NewLdapAuthenticator(server)
err = author.Login(query)
if err == nil || err != ErrInvalidCredentials {
return err
}
err := loginUsingGrafanaDB(query)
if err == nil || (err != m.ErrUserNotFound && err != ErrInvalidCredentials) {
return err
}
ldapEnabled, ldapErr := loginUsingLdap(query)
if ldapEnabled {
if ldapErr == nil || ldapErr != ErrInvalidCredentials {
return ldapErr
}
err = ldapErr
}
if err == ErrInvalidCredentials {
saveInvalidLoginAttempt(query)
}
if err == m.ErrUserNotFound {
return ErrInvalidCredentials
}
return err
}
func loginUsingGrafanaDB(query *LoginUserQuery) error {
userQuery := m.GetUserByLoginQuery{LoginOrEmail: query.Username}
if err := bus.Dispatch(&userQuery); err != nil {
if err == m.ErrUserNotFound {
return ErrInvalidCredentials
}
return err
}
user := userQuery.Result
passwordHashed := util.EncodePassword(query.Password, user.Salt)
if subtle.ConstantTimeCompare([]byte(passwordHashed), []byte(user.Password)) != 1 {
return ErrInvalidCredentials
}
query.User = user
return nil
}

214
pkg/login/auth_test.go Normal file
View File

@ -0,0 +1,214 @@
package login
import (
"errors"
"testing"
m "github.com/grafana/grafana/pkg/models"
. "github.com/smartystreets/goconvey/convey"
)
func TestAuthenticateUser(t *testing.T) {
Convey("Authenticate user", t, func() {
authScenario("When a user authenticates having too many login attempts", func(sc *authScenarioContext) {
mockLoginAttemptValidation(ErrTooManyLoginAttempts, sc)
mockLoginUsingGrafanaDB(nil, sc)
mockLoginUsingLdap(true, nil, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, ErrTooManyLoginAttempts)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeFalse)
So(sc.ldapLoginWasCalled, ShouldBeFalse)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeFalse)
})
})
authScenario("When grafana user authenticate with valid credentials", func(sc *authScenarioContext) {
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(nil, sc)
mockLoginUsingLdap(true, ErrInvalidCredentials, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, nil)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeFalse)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeFalse)
})
})
authScenario("When grafana user authenticate and unexpected error occurs", func(sc *authScenarioContext) {
customErr := errors.New("custom")
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(customErr, sc)
mockLoginUsingLdap(true, ErrInvalidCredentials, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, customErr)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeFalse)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeFalse)
})
})
authScenario("When a non-existing grafana user authenticate and ldap disabled", func(sc *authScenarioContext) {
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(m.ErrUserNotFound, sc)
mockLoginUsingLdap(false, nil, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, ErrInvalidCredentials)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeTrue)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeFalse)
})
})
authScenario("When a non-existing grafana user authenticate and invalid ldap credentials", func(sc *authScenarioContext) {
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(m.ErrUserNotFound, sc)
mockLoginUsingLdap(true, ErrInvalidCredentials, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, ErrInvalidCredentials)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeTrue)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeTrue)
})
})
authScenario("When a non-existing grafana user authenticate and valid ldap credentials", func(sc *authScenarioContext) {
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(m.ErrUserNotFound, sc)
mockLoginUsingLdap(true, nil, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldBeNil)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeTrue)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeFalse)
})
})
authScenario("When a non-existing grafana user authenticate and ldap returns unexpected error", func(sc *authScenarioContext) {
customErr := errors.New("custom")
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(m.ErrUserNotFound, sc)
mockLoginUsingLdap(true, customErr, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, customErr)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeTrue)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeFalse)
})
})
authScenario("When grafana user authenticate with invalid credentials and invalid ldap credentials", func(sc *authScenarioContext) {
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(ErrInvalidCredentials, sc)
mockLoginUsingLdap(true, ErrInvalidCredentials, sc)
mockSaveInvalidLoginAttempt(sc)
err := AuthenticateUser(sc.loginUserQuery)
Convey("it should result in", func() {
So(err, ShouldEqual, ErrInvalidCredentials)
So(sc.loginAttemptValidationWasCalled, ShouldBeTrue)
So(sc.grafanaLoginWasCalled, ShouldBeTrue)
So(sc.ldapLoginWasCalled, ShouldBeTrue)
So(sc.saveInvalidLoginAttemptWasCalled, ShouldBeTrue)
})
})
})
}
type authScenarioContext struct {
loginUserQuery *LoginUserQuery
grafanaLoginWasCalled bool
ldapLoginWasCalled bool
loginAttemptValidationWasCalled bool
saveInvalidLoginAttemptWasCalled bool
}
type authScenarioFunc func(sc *authScenarioContext)
func mockLoginUsingGrafanaDB(err error, sc *authScenarioContext) {
loginUsingGrafanaDB = func(query *LoginUserQuery) error {
sc.grafanaLoginWasCalled = true
return err
}
}
func mockLoginUsingLdap(enabled bool, err error, sc *authScenarioContext) {
loginUsingLdap = func(query *LoginUserQuery) (bool, error) {
sc.ldapLoginWasCalled = true
return enabled, err
}
}
func mockLoginAttemptValidation(err error, sc *authScenarioContext) {
validateLoginAttempts = func(username string) error {
sc.loginAttemptValidationWasCalled = true
return err
}
}
func mockSaveInvalidLoginAttempt(sc *authScenarioContext) {
saveInvalidLoginAttempt = func(query *LoginUserQuery) {
sc.saveInvalidLoginAttemptWasCalled = true
}
}
func authScenario(desc string, fn authScenarioFunc) {
Convey(desc, func() {
origLoginUsingGrafanaDB := loginUsingGrafanaDB
origLoginUsingLdap := loginUsingLdap
origValidateLoginAttempts := validateLoginAttempts
origSaveInvalidLoginAttempt := saveInvalidLoginAttempt
sc := &authScenarioContext{
loginUserQuery: &LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
},
}
defer func() {
loginUsingGrafanaDB = origLoginUsingGrafanaDB
loginUsingLdap = origLoginUsingLdap
validateLoginAttempts = origValidateLoginAttempts
saveInvalidLoginAttempt = origSaveInvalidLoginAttempt
}()
fn(sc)
})
}

48
pkg/login/brute_force_login_protection.go Normal file
View File

@ -0,0 +1,48 @@
package login
import (
"time"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
)
var (
maxInvalidLoginAttempts int64 = 5
loginAttemptsWindow time.Duration = time.Minute * 5
)
var validateLoginAttempts = func(username string) error {
if setting.DisableBruteForceLoginProtection {
return nil
}
loginAttemptCountQuery := m.GetUserLoginAttemptCountQuery{
Username: username,
Since: time.Now().Add(-loginAttemptsWindow),
}
if err := bus.Dispatch(&loginAttemptCountQuery); err != nil {
return err
}
if loginAttemptCountQuery.Result >= maxInvalidLoginAttempts {
return ErrTooManyLoginAttempts
}
return nil
}
var saveInvalidLoginAttempt = func(query *LoginUserQuery) {
if setting.DisableBruteForceLoginProtection {
return
}
loginAttemptCommand := m.CreateLoginAttemptCommand{
Username: query.Username,
IpAddress: query.IpAddress,
}
bus.Dispatch(&loginAttemptCommand)
}

125
pkg/login/brute_force_login_protection_test.go Normal file
View File

@ -0,0 +1,125 @@
package login
import (
"testing"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
. "github.com/smartystreets/goconvey/convey"
)
func TestLoginAttemptsValidation(t *testing.T) {
Convey("Validate login attempts", t, func() {
Convey("Given brute force login protection enabled", func() {
setting.DisableBruteForceLoginProtection = false
Convey("When user login attempt count equals max-1 ", func() {
withLoginAttempts(maxInvalidLoginAttempts - 1)
err := validateLoginAttempts("user")
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When user login attempt count equals max ", func() {
withLoginAttempts(maxInvalidLoginAttempts)
err := validateLoginAttempts("user")
Convey("it should result in too many login attempts error", func() {
So(err, ShouldEqual, ErrTooManyLoginAttempts)
})
})
Convey("When user login attempt count is greater than max ", func() {
withLoginAttempts(maxInvalidLoginAttempts + 5)
err := validateLoginAttempts("user")
Convey("it should result in too many login attempts error", func() {
So(err, ShouldEqual, ErrTooManyLoginAttempts)
})
})
Convey("When saving invalid login attempt", func() {
defer bus.ClearBusHandlers()
createLoginAttemptCmd := &m.CreateLoginAttemptCommand{}
bus.AddHandler("test", func(cmd *m.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
saveInvalidLoginAttempt(&LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
})
Convey("it should dispatch command", func() {
So(createLoginAttemptCmd, ShouldNotBeNil)
So(createLoginAttemptCmd.Username, ShouldEqual, "user")
So(createLoginAttemptCmd.IpAddress, ShouldEqual, "192.168.1.1:56433")
})
})
})
Convey("Given brute force login protection disabled", func() {
setting.DisableBruteForceLoginProtection = true
Convey("When user login attempt count equals max-1 ", func() {
withLoginAttempts(maxInvalidLoginAttempts - 1)
err := validateLoginAttempts("user")
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When user login attempt count equals max ", func() {
withLoginAttempts(maxInvalidLoginAttempts)
err := validateLoginAttempts("user")
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When user login attempt count is greater than max ", func() {
withLoginAttempts(maxInvalidLoginAttempts + 5)
err := validateLoginAttempts("user")
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When saving invalid login attempt", func() {
defer bus.ClearBusHandlers()
createLoginAttemptCmd := (*m.CreateLoginAttemptCommand)(nil)
bus.AddHandler("test", func(cmd *m.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
saveInvalidLoginAttempt(&LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
})
Convey("it should not dispatch command", func() {
So(createLoginAttemptCmd, ShouldBeNil)
})
})
})
})
}
func withLoginAttempts(loginAttempts int64) {
bus.AddHandler("test", func(query *m.GetUserLoginAttemptCountQuery) error {
query.Result = loginAttempts
return nil
})
}

35
pkg/login/grafana_login.go Normal file
View File

@ -0,0 +1,35 @@
package login
import (
"crypto/subtle"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/util"
)
var validatePassword = func(providedPassword string, userPassword string, userSalt string) error {
passwordHashed := util.EncodePassword(providedPassword, userSalt)
if subtle.ConstantTimeCompare([]byte(passwordHashed), []byte(userPassword)) != 1 {
return ErrInvalidCredentials
}
return nil
}
var loginUsingGrafanaDB = func(query *LoginUserQuery) error {
userQuery := m.GetUserByLoginQuery{LoginOrEmail: query.Username}
if err := bus.Dispatch(&userQuery); err != nil {
return err
}
user := userQuery.Result
if err := validatePassword(query.Password, user.Password, user.Salt); err != nil {
return err
}
query.User = user
return nil
}

139
pkg/login/grafana_login_test.go Normal file
View File

@ -0,0 +1,139 @@
package login
import (
"testing"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
. "github.com/smartystreets/goconvey/convey"
)
func TestGrafanaLogin(t *testing.T) {
Convey("Login using Grafana DB", t, func() {
grafanaLoginScenario("When login with non-existing user", func(sc *grafanaLoginScenarioContext) {
sc.withNonExistingUser()
err := loginUsingGrafanaDB(sc.loginUserQuery)
Convey("it should result in user not found error", func() {
So(err, ShouldEqual, m.ErrUserNotFound)
})
Convey("it should not call password validation", func() {
So(sc.validatePasswordCalled, ShouldBeFalse)
})
Convey("it should not pupulate user object", func() {
So(sc.loginUserQuery.User, ShouldBeNil)
})
})
grafanaLoginScenario("When login with invalid credentials", func(sc *grafanaLoginScenarioContext) {
sc.withInvalidPassword()
err := loginUsingGrafanaDB(sc.loginUserQuery)
Convey("it should result in invalid credentials error", func() {
So(err, ShouldEqual, ErrInvalidCredentials)
})
Convey("it should call password validation", func() {
So(sc.validatePasswordCalled, ShouldBeTrue)
})
Convey("it should not pupulate user object", func() {
So(sc.loginUserQuery.User, ShouldBeNil)
})
})
grafanaLoginScenario("When login with valid credentials", func(sc *grafanaLoginScenarioContext) {
sc.withValidCredentials()
err := loginUsingGrafanaDB(sc.loginUserQuery)
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
Convey("it should call password validation", func() {
So(sc.validatePasswordCalled, ShouldBeTrue)
})
Convey("it should pupulate user object", func() {
So(sc.loginUserQuery.User, ShouldNotBeNil)
So(sc.loginUserQuery.User.Login, ShouldEqual, sc.loginUserQuery.Username)
So(sc.loginUserQuery.User.Password, ShouldEqual, sc.loginUserQuery.Password)
})
})
})
}
type grafanaLoginScenarioContext struct {
loginUserQuery *LoginUserQuery
validatePasswordCalled bool
}
type grafanaLoginScenarioFunc func(c *grafanaLoginScenarioContext)
func grafanaLoginScenario(desc string, fn grafanaLoginScenarioFunc) {
Convey(desc, func() {
origValidatePassword := validatePassword
sc := &grafanaLoginScenarioContext{
loginUserQuery: &LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
},
validatePasswordCalled: false,
}
defer func() {
validatePassword = origValidatePassword
}()
fn(sc)
})
}
func mockPasswordValidation(valid bool, sc *grafanaLoginScenarioContext) {
validatePassword = func(providedPassword string, userPassword string, userSalt string) error {
sc.validatePasswordCalled = true
if !valid {
return ErrInvalidCredentials
}
return nil
}
}
func (sc *grafanaLoginScenarioContext) getUserByLoginQueryReturns(user *m.User) {
bus.AddHandler("test", func(query *m.GetUserByLoginQuery) error {
if user == nil {
return m.ErrUserNotFound
}
query.Result = user
return nil
})
}
func (sc *grafanaLoginScenarioContext) withValidCredentials() {
sc.getUserByLoginQueryReturns(&m.User{
Id: 1,
Login: sc.loginUserQuery.Username,
Password: sc.loginUserQuery.Password,
Salt: "salt",
})
mockPasswordValidation(true, sc)
}
func (sc *grafanaLoginScenarioContext) withNonExistingUser() {
sc.getUserByLoginQueryReturns(nil)
}
func (sc *grafanaLoginScenarioContext) withInvalidPassword() {
sc.getUserByLoginQueryReturns(&m.User{
Password: sc.loginUserQuery.Password,
Salt: "salt",
})
mockPasswordValidation(false, sc)
}

21
pkg/login/ldap_login.go Normal file
View File

@ -0,0 +1,21 @@
package login
import (
"github.com/grafana/grafana/pkg/setting"
)
var loginUsingLdap = func(query *LoginUserQuery) (bool, error) {
if !setting.LdapEnabled {
return false, nil
}
for _, server := range LdapCfg.Servers {
author := NewLdapAuthenticator(server)
err := author.Login(query)
if err == nil || err != ErrInvalidCredentials {
return true, err
}
}
return true, ErrInvalidCredentials
}

172
pkg/login/ldap_login_test.go Normal file
View File

@ -0,0 +1,172 @@
package login
import (
"testing"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
. "github.com/smartystreets/goconvey/convey"
)
func TestLdapLogin(t *testing.T) {
Convey("Login using ldap", t, func() {
Convey("Given ldap enabled and a server configured", func() {
setting.LdapEnabled = true
LdapCfg.Servers = append(LdapCfg.Servers,
&LdapServerConf{
Host: "",
})
ldapLoginScenario("When login with invalid credentials", func(sc *ldapLoginScenarioContext) {
sc.withLoginResult(false)
enabled, err := loginUsingLdap(sc.loginUserQuery)
Convey("it should return true", func() {
So(enabled, ShouldBeTrue)
})
Convey("it should return invalid credentials error", func() {
So(err, ShouldEqual, ErrInvalidCredentials)
})
Convey("it should call ldap login", func() {
So(sc.ldapAuthenticatorMock.loginCalled, ShouldBeTrue)
})
})
ldapLoginScenario("When login with valid credentials", func(sc *ldapLoginScenarioContext) {
sc.withLoginResult(true)
enabled, err := loginUsingLdap(sc.loginUserQuery)
Convey("it should return true", func() {
So(enabled, ShouldBeTrue)
})
Convey("it should not return error", func() {
So(err, ShouldBeNil)
})
Convey("it should call ldap login", func() {
So(sc.ldapAuthenticatorMock.loginCalled, ShouldBeTrue)
})
})
})
Convey("Given ldap enabled and no server configured", func() {
setting.LdapEnabled = true
LdapCfg.Servers = make([]*LdapServerConf, 0)
ldapLoginScenario("When login", func(sc *ldapLoginScenarioContext) {
sc.withLoginResult(true)
enabled, err := loginUsingLdap(sc.loginUserQuery)
Convey("it should return true", func() {
So(enabled, ShouldBeTrue)
})
Convey("it should return invalid credentials error", func() {
So(err, ShouldEqual, ErrInvalidCredentials)
})
Convey("it should not call ldap login", func() {
So(sc.ldapAuthenticatorMock.loginCalled, ShouldBeFalse)
})
})
})
Convey("Given ldap disabled", func() {
setting.LdapEnabled = false
ldapLoginScenario("When login", func(sc *ldapLoginScenarioContext) {
sc.withLoginResult(false)
enabled, err := loginUsingLdap(&LoginUserQuery{
Username: "user",
Password: "pwd",
})
Convey("it should return false", func() {
So(enabled, ShouldBeFalse)
})
Convey("it should not return error", func() {
So(err, ShouldBeNil)
})
Convey("it should not call ldap login", func() {
So(sc.ldapAuthenticatorMock.loginCalled, ShouldBeFalse)
})
})
})
})
}
func mockLdapAuthenticator(valid bool) *mockLdapAuther {
mock := &mockLdapAuther{
validLogin: valid,
}
NewLdapAuthenticator = func(server *LdapServerConf) ILdapAuther {
return mock
}
return mock
}
type mockLdapAuther struct {
validLogin bool
loginCalled bool
}
func (a *mockLdapAuther) Login(query *LoginUserQuery) error {
a.loginCalled = true
if !a.validLogin {
return ErrInvalidCredentials
}
return nil
}
func (a *mockLdapAuther) SyncSignedInUser(signedInUser *m.SignedInUser) error {
return nil
}
func (a *mockLdapAuther) GetGrafanaUserFor(ldapUser *LdapUserInfo) (*m.User, error) {
return nil, nil
}
func (a *mockLdapAuther) SyncOrgRoles(user *m.User, ldapUser *LdapUserInfo) error {
return nil
}
type ldapLoginScenarioContext struct {
loginUserQuery *LoginUserQuery
ldapAuthenticatorMock *mockLdapAuther
}
type ldapLoginScenarioFunc func(c *ldapLoginScenarioContext)
func ldapLoginScenario(desc string, fn ldapLoginScenarioFunc) {
Convey(desc, func() {
origNewLdapAuthenticator := NewLdapAuthenticator
sc := &ldapLoginScenarioContext{
loginUserQuery: &LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
},
ldapAuthenticatorMock: &mockLdapAuther{},
}
defer func() {
NewLdapAuthenticator = origNewLdapAuthenticator
}()
fn(sc)
})
}
func (sc *ldapLoginScenarioContext) withLoginResult(valid bool) {
sc.ldapAuthenticatorMock = mockLdapAuthenticator(valid)
}

0
pkg/login/settings.go → pkg/login/ldap_settings.go
View File

36
pkg/models/login_attempt.go Normal file
View File

@ -0,0 +1,36 @@
package models
import (
"time"
)
type LoginAttempt struct {
Id int64
Username string
IpAddress string
Created time.Time
}
// ---------------------
// COMMANDS
type CreateLoginAttemptCommand struct {
Username string
IpAddress string
Result LoginAttempt
}
type DeleteOldLoginAttemptsCommand struct {
OlderThan time.Time
DeletedRows int64
}
// ---------------------
// QUERIES
type GetUserLoginAttemptCountQuery struct {
Username string
Since time.Time
Result int64
}

11
pkg/plugins/datasource/wrapper/datasource_plugin_wrapper.go
View File

@ -69,10 +69,13 @@ func (tw *DatasourcePluginWrapper) Query(ctx context.Context, ds *models.DataSou
for _, r := range pbres.Results {
qr := &tsdb.QueryResult{
RefId: r.RefId,
Series: []*tsdb.TimeSeries{},
Error: errors.New(r.Error),
ErrorString: r.Error,
RefId: r.RefId,
Series: []*tsdb.TimeSeries{},
}
if r.Error != "" {
qr.Error = errors.New(r.Error)
qr.ErrorString = r.Error
}
for _, s := range r.GetSeries() {

16
pkg/services/cleanup/cleanup.go
View File

@ -46,6 +46,7 @@ func (service *CleanUpService) start(ctx context.Context) error {
service.cleanUpTmpFiles()
service.deleteExpiredSnapshots()
service.deleteExpiredDashboardVersions()
service.deleteOldLoginAttempts()
case <-ctx.Done():
return ctx.Err()
}
@ -88,3 +89,18 @@ func (service *CleanUpService) deleteExpiredSnapshots() {
func (service *CleanUpService) deleteExpiredDashboardVersions() {
bus.Dispatch(&m.DeleteExpiredVersionsCommand{})
}
func (service *CleanUpService) deleteOldLoginAttempts() {
if setting.DisableBruteForceLoginProtection {
return
}
cmd := m.DeleteOldLoginAttemptsCommand{
OlderThan: time.Now().Add(time.Minute * -10),
}
if err := bus.Dispatch(&cmd); err != nil {
service.log.Error("Problem deleting expired login attempts", "error", err.Error())
} else {
service.log.Debug("Deleted expired login attempts", "rows affected", cmd.DeletedRows)
}
}

91
pkg/services/sqlstore/login_attempt.go Normal file
View File

@ -0,0 +1,91 @@
package sqlstore
import (
"strconv"
"time"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
)
var getTimeNow = time.Now
func init() {
bus.AddHandler("sql", CreateLoginAttempt)
bus.AddHandler("sql", DeleteOldLoginAttempts)
bus.AddHandler("sql", GetUserLoginAttemptCount)
}
func CreateLoginAttempt(cmd *m.CreateLoginAttemptCommand) error {
return inTransaction(func(sess *DBSession) error {
loginAttempt := m.LoginAttempt{
Username: cmd.Username,
IpAddress: cmd.IpAddress,
Created: getTimeNow(),
}
if _, err := sess.Insert(&loginAttempt); err != nil {
return err
}
cmd.Result = loginAttempt
return nil
})
}
func DeleteOldLoginAttempts(cmd *m.DeleteOldLoginAttemptsCommand) error {
return inTransaction(func(sess *DBSession) error {
var maxId int64
sql := "SELECT max(id) as id FROM login_attempt WHERE created < " + dialect.DateTimeFunc("?")
result, err := sess.Query(sql, cmd.OlderThan)
if err != nil {
return err
}
maxId = toInt64(result[0]["id"])
if maxId == 0 {
return nil
}
sql = "DELETE FROM login_attempt WHERE id <= ?"
if result, err := sess.Exec(sql, maxId); err != nil {
return err
} else if cmd.DeletedRows, err = result.RowsAffected(); err != nil {
return err
}
return nil
})
}
func GetUserLoginAttemptCount(query *m.GetUserLoginAttemptCountQuery) error {
loginAttempt := new(m.LoginAttempt)
total, err := x.
Where("username = ?", query.Username).
And("created >="+dialect.DateTimeFunc("?"), query.Since).
Count(loginAttempt)
if err != nil {
return err
}
query.Result = total
return nil
}
func toInt64(i interface{}) int64 {
switch i.(type) {
case []byte:
n, _ := strconv.ParseInt(string(i.([]byte)), 10, 64)
return n
case int:
return int64(i.(int))
case int64:
return i.(int64)
}
return 0
}

125
pkg/services/sqlstore/login_attempt_test.go Normal file
View File

@ -0,0 +1,125 @@
package sqlstore
import (
"testing"
"time"
m "github.com/grafana/grafana/pkg/models"
. "github.com/smartystreets/goconvey/convey"
)
func mockTime(mock time.Time) time.Time {
getTimeNow = func() time.Time { return mock }
return mock
}
func TestLoginAttempts(t *testing.T) {
Convey("Testing Login Attempts DB Access", t, func() {
InitTestDB(t)
user := "user"
beginningOfTime := mockTime(time.Date(2017, 10, 22, 8, 0, 0, 0, time.Local))
err := CreateLoginAttempt(&m.CreateLoginAttemptCommand{
Username: user,
IpAddress: "192.168.0.1",
})
So(err, ShouldBeNil)
timePlusOneMinute := mockTime(beginningOfTime.Add(time.Minute * 1))
err = CreateLoginAttempt(&m.CreateLoginAttemptCommand{
Username: user,
IpAddress: "192.168.0.1",
})
So(err, ShouldBeNil)
timePlusTwoMinutes := mockTime(beginningOfTime.Add(time.Minute * 2))
err = CreateLoginAttempt(&m.CreateLoginAttemptCommand{
Username: user,
IpAddress: "192.168.0.1",
})
So(err, ShouldBeNil)
Convey("Should return a total count of zero login attempts when comparing since beginning of time + 2min and 1s", func() {
query := m.GetUserLoginAttemptCountQuery{
Username: user,
Since: timePlusTwoMinutes.Add(time.Second * 1),
}
err := GetUserLoginAttemptCount(&query)
So(err, ShouldBeNil)
So(query.Result, ShouldEqual, 0)
})
Convey("Should return the total count of login attempts since beginning of time", func() {
query := m.GetUserLoginAttemptCountQuery{
Username: user,
Since: beginningOfTime,
}
err := GetUserLoginAttemptCount(&query)
So(err, ShouldBeNil)
So(query.Result, ShouldEqual, 3)
})
Convey("Should return the total count of login attempts since beginning of time + 1min", func() {
query := m.GetUserLoginAttemptCountQuery{
Username: user,
Since: timePlusOneMinute,
}
err := GetUserLoginAttemptCount(&query)
So(err, ShouldBeNil)
So(query.Result, ShouldEqual, 2)
})
Convey("Should return the total count of login attempts since beginning of time + 2min", func() {
query := m.GetUserLoginAttemptCountQuery{
Username: user,
Since: timePlusTwoMinutes,
}
err := GetUserLoginAttemptCount(&query)
So(err, ShouldBeNil)
So(query.Result, ShouldEqual, 1)
})
Convey("Should return deleted rows older than beginning of time", func() {
cmd := m.DeleteOldLoginAttemptsCommand{
OlderThan: beginningOfTime,
}
err := DeleteOldLoginAttempts(&cmd)
So(err, ShouldBeNil)
So(cmd.DeletedRows, ShouldEqual, 0)
})
Convey("Should return deleted rows older than beginning of time + 1min", func() {
cmd := m.DeleteOldLoginAttemptsCommand{
OlderThan: timePlusOneMinute,
}
err := DeleteOldLoginAttempts(&cmd)
So(err, ShouldBeNil)
So(cmd.DeletedRows, ShouldEqual, 1)
})
Convey("Should return deleted rows older than beginning of time + 2min", func() {
cmd := m.DeleteOldLoginAttemptsCommand{
OlderThan: timePlusTwoMinutes,
}
err := DeleteOldLoginAttempts(&cmd)
So(err, ShouldBeNil)
So(cmd.DeletedRows, ShouldEqual, 2)
})
Convey("Should return deleted rows older than beginning of time + 2min and 1s", func() {
cmd := m.DeleteOldLoginAttemptsCommand{
OlderThan: timePlusTwoMinutes.Add(time.Second * 1),
}
err := DeleteOldLoginAttempts(&cmd)
So(err, ShouldBeNil)
So(cmd.DeletedRows, ShouldEqual, 3)
})
})
}

23
pkg/services/sqlstore/migrations/login_attempt_mig.go Normal file
View File

@ -0,0 +1,23 @@
package migrations
import . "github.com/grafana/grafana/pkg/services/sqlstore/migrator"
func addLoginAttemptMigrations(mg *Migrator) {
loginAttemptV1 := Table{
Name: "login_attempt",
Columns: []*Column{
{Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true},
{Name: "username", Type: DB_NVarchar, Length: 190, Nullable: false},
{Name: "ip_address", Type: DB_NVarchar, Length: 30, Nullable: false},
{Name: "created", Type: DB_DateTime, Nullable: false},
},
Indices: []*Index{
{Cols: []string{"username"}},
},
}
// create table
mg.AddMigration("create login attempt table", NewAddTableMigration(loginAttemptV1))
// add indices
mg.AddMigration("add index login_attempt.username", NewAddIndexMigration(loginAttemptV1, loginAttemptV1.Indices[0]))
}

1
pkg/services/sqlstore/migrations/migrations.go
View File

@ -29,6 +29,7 @@ func AddMigrations(mg *Migrator) {
addTeamMigrations(mg)
addDashboardAclMigrations(mg)
addTagMigration(mg)
addLoginAttemptMigrations(mg)
}
func addMigrationLogMigrations(mg *Migrator) {

5
pkg/services/sqlstore/migrator/dialect.go
View File

@ -19,6 +19,7 @@ type Dialect interface {
LikeStr() string
Default(col *Column) string
BooleanStr(bool) string
DateTimeFunc(string) string
CreateIndexSql(tableName string, index *Index) string
CreateTableSql(table *Table) string
@ -78,6 +79,10 @@ func (b *BaseDialect) Default(col *Column) string {
return col.Default
}
func (db *BaseDialect) DateTimeFunc(value string) string {
return value
}
func (b *BaseDialect) CreateTableSql(table *Table) string {
var sql string
sql = "CREATE TABLE IF NOT EXISTS "

4
pkg/services/sqlstore/migrator/sqlite_dialect.go
View File

@ -36,6 +36,10 @@ func (db *Sqlite3) BooleanStr(value bool) string {
return "0"
}
func (db *Sqlite3) DateTimeFunc(value string) string {
return "datetime(" + value + ")"
}
func (db *Sqlite3) SqlType(c *Column) string {
switch c.Type {
case DB_Date, DB_DateTime, DB_TimeStamp, DB_Time:

2
pkg/services/sqlstore/sqlutil/sqlutil.go
View File

@ -12,7 +12,7 @@ type TestDB struct {
}
var TestDB_Sqlite3 = TestDB{DriverName: "sqlite3", ConnStr: ":memory:?_loc=Local"}
var TestDB_Mysql = TestDB{DriverName: "mysql", ConnStr: "grafana:password@tcp(localhost:3306)/grafana_tests?collation=utf8mb4_unicode_ci"}
var TestDB_Mysql = TestDB{DriverName: "mysql", ConnStr: "grafana:password@tcp(localhost:3306)/grafana_tests?collation=utf8mb4_unicode_ci&loc=Local"}
var TestDB_Postgres = TestDB{DriverName: "postgres", ConnStr: "user=grafanatest password=grafanatest host=localhost port=5432 dbname=grafanatest sslmode=disable"}
func CleanDB(x *xorm.Engine) {

18
pkg/setting/setting.go
View File

@ -75,13 +75,14 @@ var (
EnforceDomain bool
// Security settings.
SecretKey string
LogInRememberDays int
CookieUserName string
CookieRememberName string
DisableGravatar bool
EmailCodeValidMinutes int
DataProxyWhiteList map[string]bool
SecretKey string
LogInRememberDays int
CookieUserName string
CookieRememberName string
DisableGravatar bool
EmailCodeValidMinutes int
DataProxyWhiteList map[string]bool
DisableBruteForceLoginProtection bool
// Snapshots
ExternalSnapshotUrl string
@ -514,6 +515,7 @@ func NewConfigContext(args *CommandLineArgs) error {
CookieUserName = security.Key("cookie_username").String()
CookieRememberName = security.Key("cookie_remember_name").String()
DisableGravatar = security.Key("disable_gravatar").MustBool(true)
DisableBruteForceLoginProtection = security.Key("disable_brute_force_login_protection").MustBool(false)
// read snapshots settings
snapshots := Cfg.Section("snapshots")
@ -578,7 +580,7 @@ func NewConfigContext(args *CommandLineArgs) error {
// PhantomJS rendering
ImagesDir = filepath.Join(DataPath, "png")
PhantomDir = filepath.Join(HomePath, "vendor/phantomjs")
PhantomDir = filepath.Join(HomePath, "tools/phantomjs")
analytics := Cfg.Section("analytics")
ReportingEnabled = analytics.Key("reporting_enabled").MustBool(true)

3
public/app/core/components/grafana_app.ts
View File

@ -71,6 +71,7 @@ export function grafanaAppDirective(playlistSrv, contextSrv, $timeout, $rootScop
body.toggleClass('sidemenu-open', sidemenuOpen);
appEvents.on('toggle-sidemenu', () => {
sidemenuOpen = scope.contextSrv.sidemenu;
body.toggleClass('sidemenu-open');
});
@ -167,6 +168,8 @@ export function grafanaAppDirective(playlistSrv, contextSrv, $timeout, $rootScop
// mouse and keyboard is user activity
body.mousemove(userActivityDetected);
body.keydown(userActivityDetected);
// set useCapture = true to catch event here
document.addEventListener('wheel', userActivityDetected, true);
// treat tab change as activity
document.addEventListener('visibilitychange', userActivityDetected);

2
public/app/core/services/segment_srv.js
View File

@ -89,7 +89,7 @@ function (angular, _, coreModule) {
if (addTemplateVars) {
_.each(templateSrv.variables, function(variable) {
if (variableTypeFilter === void 0 || variableTypeFilter === variable.type) {
segments.unshift(self.newSegment({ type: 'template', value: '$' + variable.name, expandable: true }));
segments.unshift(self.newSegment({ type: 'value', value: '$' + variable.name, expandable: true }));
}
});
}

8
public/app/features/dashboard/dashboard_model.ts
View File

@ -354,6 +354,14 @@ export class DashboardModel {
if (panel.repeatDirection === REPEAT_DIR_VERTICAL) {
copy.gridPos.y = yPos;
yPos += copy.gridPos.h;
// Update gridPos for panels below
let panelBelowIndex = panelIndex + index + 1;
for (let i = panelBelowIndex; i < this.panels.length; i++) {
if (this.panels[i].gridPos.y < yPos) {
this.panels[i].gridPos.y += copy.gridPos.h;
}
}
} else {
// set width based on how many are selected
// assumed the repeated panels should take up full row width

8
public/app/features/dashboard/dashgrid/DashboardRow.tsx
View File

@ -27,6 +27,7 @@ export class DashboardRow extends React.Component<DashboardRowProps, any> {
this.toggle = this.toggle.bind(this);
this.openSettings = this.openSettings.bind(this);
this.delete = this.delete.bind(this);
this.update = this.update.bind(this);
}
toggle() {
@ -37,13 +38,18 @@ export class DashboardRow extends React.Component<DashboardRowProps, any> {
});
}
update() {
this.dashboard.processRepeats();
this.forceUpdate();
}
openSettings() {
appEvents.emit('show-modal', {
templateHtml: `<row-options row="model.row" on-updated="model.onUpdated()" dismiss="dismiss()"></row-options>`,
modalClass: 'modal--narrow',
model: {
row: this.props.panel,
onUpdated: this.forceUpdate.bind(this),
onUpdated: this.update.bind(this),
},
});
}

34
public/app/features/dashboard/specs/repeat.jest.ts
View File

@ -142,12 +142,9 @@ describe('given dashboard with panel repeat in vertical direction', function() {
beforeEach(function() {
dashboard = new DashboardModel({
panels: [
{
id: 2,
repeat: 'apps',
repeatDirection: 'v',
gridPos: { x: 5, y: 0, h: 2, w: 8 },
},
{ id: 1, type: 'row', gridPos: { x: 0, y: 0, h: 1, w: 24 } },
{ id: 2, repeat: 'apps', repeatDirection: 'v', gridPos: { x: 5, y: 1, h: 2, w: 8 } },
{ id: 3, type: 'row', gridPos: { x: 0, y: 3, h: 1, w: 24 } },
],
templating: {
list: [
@ -171,24 +168,13 @@ describe('given dashboard with panel repeat in vertical direction', function() {
});
it('should place on items on top of each other and keep witdh', function() {
expect(dashboard.panels[0].gridPos).toMatchObject({
x: 5,
y: 0,
h: 2,
w: 8,
});
expect(dashboard.panels[1].gridPos).toMatchObject({
x: 5,
y: 2,
h: 2,
w: 8,
});
expect(dashboard.panels[2].gridPos).toMatchObject({
x: 5,
y: 4,
h: 2,
w: 8,
});
expect(dashboard.panels[0].gridPos).toMatchObject({ x: 0, y: 0, h: 1, w: 24 }); // first row
expect(dashboard.panels[1].gridPos).toMatchObject({ x: 5, y: 1, h: 2, w: 8 });
expect(dashboard.panels[2].gridPos).toMatchObject({ x: 5, y: 3, h: 2, w: 8 });
expect(dashboard.panels[3].gridPos).toMatchObject({ x: 5, y: 5, h: 2, w: 8 });
expect(dashboard.panels[4].gridPos).toMatchObject({ x: 0, y: 7, h: 1, w: 24 }); // last row
});
});

2
public/app/plugins/datasource/cloudwatch/datasource.ts
View File

@ -36,7 +36,7 @@ export default class CloudWatchDatasource {
item.region = this.templateSrv.replace(this.getActualRegion(item.region), options.scopedVars);
item.namespace = this.templateSrv.replace(item.namespace, options.scopedVars);
item.metricName = this.templateSrv.replace(item.metricName, options.scopedVars);
item.dimensions = this.convertDimensionFormat(item.dimensions, options.scopeVars);
item.dimensions = this.convertDimensionFormat(item.dimensions, options.scopedVars);
item.period = String(this.getPeriod(item, options)); // use string format for period in graph query, and alerting
return _.extend(

22
public/app/plugins/datasource/graphite/graphite_query.ts
View File

@ -181,6 +181,22 @@ export default class GraphiteQuery {
var nestedSeriesRefRegex = /\#([A-Z])/g;
var targetWithNestedQueries = target.target;
// Use ref count to track circular references
function countTargetRefs(targetsByRefId, refId) {
let refCount = 0;
_.each(targetsByRefId, (t, id) => {
if (id !== refId) {
let match = nestedSeriesRefRegex.exec(t.target);
let count = match && match.length ? match.length - 1 : 0;
refCount += count;
}
});
targetsByRefId[refId].refCount = refCount;
}
_.each(targetsByRefId, (t, id) => {
countTargetRefs(targetsByRefId, id);
});
// Keep interpolating until there are no query references
// The reason for the loop is that the referenced query might contain another reference to another query
while (targetWithNestedQueries.match(nestedSeriesRefRegex)) {
@ -191,7 +207,11 @@ export default class GraphiteQuery {
}
// no circular references
delete targetsByRefId[g1];
if (t.refCount === 0) {
delete targetsByRefId[g1];
}
t.refCount--;
return t.target;
});

47
public/app/plugins/datasource/graphite/specs/graphite_query.jest.ts Normal file
View File

@ -0,0 +1,47 @@
import gfunc from '../gfunc';
import GraphiteQuery from '../graphite_query';
describe('Graphite query model', () => {
let ctx: any = {
datasource: {
getFuncDef: gfunc.getFuncDef,
getFuncDefs: jest.fn().mockReturnValue(Promise.resolve(gfunc.getFuncDefs('1.0'))),
waitForFuncDefsLoaded: jest.fn().mockReturnValue(Promise.resolve(null)),
createFuncInstance: gfunc.createFuncInstance,
},
templateSrv: {},
targets: [],
};
beforeEach(() => {
ctx.target = { refId: 'A', target: 'scaleToSeconds(#A, 60)' };
ctx.queryModel = new GraphiteQuery(ctx.datasource, ctx.target, ctx.templateSrv);
});
describe('when updating targets with nested queries', () => {
beforeEach(() => {
ctx.target = { refId: 'D', target: 'asPercent(#A, #C)' };
ctx.targets = [
{ refId: 'A', target: 'first.query.count' },
{ refId: 'B', target: 'second.query.count' },
{ refId: 'C', target: 'diffSeries(#A, #B)' },
{ refId: 'D', target: 'asPercent(#A, #C)' },
];
ctx.queryModel = new GraphiteQuery(ctx.datasource, ctx.target, ctx.templateSrv);
});
it('targetFull should include nested queries', () => {
ctx.queryModel.updateRenderedTarget(ctx.target, ctx.targets);
const targetFullExpected = 'asPercent(first.query.count, diffSeries(first.query.count, second.query.count))';
expect(ctx.queryModel.target.targetFull).toBe(targetFullExpected);
});
it('should not hang on circular references', () => {
ctx.target.target = 'asPercent(#A, #B)';
ctx.targets = [{ refId: 'A', target: 'asPercent(#B, #C)' }, { refId: 'B', target: 'asPercent(#A, #C)' }];
ctx.queryModel.updateRenderedTarget(ctx.target, ctx.targets);
// Just ensure updateRenderedTarget() is completed and doesn't hang
expect(ctx.queryModel.target.targetFull).toBeDefined();
});
});
});

2
public/app/plugins/datasource/influxdb/query_ctrl.ts
View File

@ -255,7 +255,7 @@ export class InfluxQueryCtrl extends QueryCtrl {
for (let variable of this.templateSrv.variables) {
segments.unshift(
this.uiSegmentSrv.newSegment({
type: 'template',
type: 'value',
value: '/^$' + variable.name + '$/',
expandable: true,
})

31
public/app/plugins/panel/graph/graph.ts
View File

@ -355,33 +355,16 @@ function graphDirective(timeSrv, popoverSrv, contextSrv) {
function sortSeries(series, panel) {
var sortBy = panel.legend.sort;
var sortOrder = panel.legend.sortDesc;
var haveSortBy = sortBy !== null || sortBy !== undefined;
var haveSortOrder = sortOrder !== null || sortOrder !== undefined;
var haveSortBy = sortBy !== null && sortBy !== undefined;
var haveSortOrder = sortOrder !== null && sortOrder !== undefined;
var shouldSortBy = panel.stack && haveSortBy && haveSortOrder;
var sortDesc = panel.legend.sortDesc === true ? -1 : 1;
series.sort((x, y) => {
if (x.zindex > y.zindex) {
return 1;
}
if (x.zindex < y.zindex) {
return -1;
}
if (shouldSortBy) {
if (x.stats[sortBy] > y.stats[sortBy]) {
return 1 * sortDesc;
}
if (x.stats[sortBy] < y.stats[sortBy]) {
return -1 * sortDesc;
}
}
return 0;
});
return series;
if (shouldSortBy) {
return _.sortBy(series, s => s.stats[sortBy] * sortDesc);
} else {
return _.sortBy(series, s => s.zindex);
}
}
function translateFillOption(fill) {

55
public/app/plugins/panel/table/column_options.html
View File

@ -1,17 +1,16 @@
<div class="edit-tab-with-sidemenu">
<aside class="edit-sidemenu-aside">
<ul class="edit-sidemenu">
<aside class="edit-sidemenu-aside">
<ul class="edit-sidemenu">
<li ng-repeat="style in editor.panel.styles" ng-class="{active: editor.activeStyleIndex === $index}">
<a ng-click="editor.activeStyleIndex = $index" >{{style.pattern || 'New rule'}}</a>
<a ng-click="editor.activeStyleIndex = $index">{{style.pattern || 'New rule'}}</a>
</li>
<li>
<a class="pointer" ng-click="editor.addColumnStyle()">
<i class="fa fa-plus"></i>&nbsp;Add
</a>
</li>
</ul>
</aside>
</ul>
</aside>
<div class="edit-tab-content" ng-repeat="style in editor.panel.styles" ng-if="editor.activeStyleIndex === $index">
@ -20,7 +19,9 @@
<div class="gf-form-inline">
<div class="gf-form">
<label class="gf-form-label width-13">Apply to columns named</label>
<input type="text" placeholder="Name or regex" class="gf-form-input width-13" ng-model="style.pattern" bs-tooltip="'Specify regex using /my.*regex/ syntax'" bs-typeahead="editor.getColumnNames" ng-blur="editor.render()" data-min-length=0 data-items=100 ng-model-onblur data-placement="right">
<input type="text" placeholder="Name or regex" class="gf-form-input width-13" ng-model="style.pattern" bs-tooltip="'Specify regex using /my.*regex/ syntax'"
bs-typeahead="editor.getColumnNames" ng-blur="editor.render()" data-min-length=0 data-items=100 ng-model-onblur
data-placement="right">
</div>
</div>
<div class="gf-form" ng-if="style.type !== 'hidden'">
@ -39,18 +40,20 @@
<select class="gf-form-input" ng-model="style.type" ng-options="c.value as c.text for c in editor.columnTypes" ng-change="editor.render()"></select>
</div>
</div>
<div class="gf-form" ng-if="style.type === 'date'">
<div class="gf-form" ng-if="style.type === 'date'">
<label class="gf-form-label width-11">Date Format</label>
<div class="gf-form-select-wrapper width-16">
<select class="gf-form-input" ng-model="style.dateFormat" ng-options="c.value as c.text for c in editor.dateFormats" ng-change="editor.render()"></select>
</div>
<gf-form-dropdown model="style.dateFormat" css-class="gf-form-input width-16" lookup-text="true"
get-options="editor.dateFormats" on-change="editor.render()" allow-custom="true">
</gf-form-dropdown>
</div>
<div ng-if="style.type === 'string'">
<gf-form-switch class="gf-form" label-class="width-11" ng-if="style.type === 'string'" label="Sanitize HTML" checked="style.sanitize" change="editor.render()"></gf-form-switch>
<gf-form-switch class="gf-form" label-class="width-11" ng-if="style.type === 'string'" label="Sanitize HTML" checked="style.sanitize"
change="editor.render()"></gf-form-switch>
</div>
<div ng-if="style.type === 'string'">
<gf-form-switch class="gf-form" label-class="width-11" ng-if="style.type === 'string'" label="Preserve Formatting" checked="style.preserveFormat" change="editor.render()"></gf-form-switch>
<gf-form-switch class="gf-form" label-class="width-11" ng-if="style.type === 'string'" label="Preserve Formatting" checked="style.preserveFormat"
change="editor.render()"></gf-form-switch>
</div>
<div ng-if="style.type === 'number'">
@ -60,16 +63,20 @@
</div>
<div class="gf-form">
<label class="gf-form-label width-11">Decimals</label>
<input type="number" class="gf-form-input width-4" data-placement="right" ng-model="style.decimals" ng-change="editor.render()" ng-model-onblur>
<input type="number" class="gf-form-input width-4" data-placement="right" ng-model="style.decimals" ng-change="editor.render()"
ng-model-onblur>
</div>
</div>
</div>
<div class="section gf-form-group" ng-if="style.type === 'number'">
<div class="section gf-form-group" ng-if="style.type === 'number'">
<h5 class="section-heading">Thresholds</h5>
<div class="gf-form">
<label class="gf-form-label width-8">Thresholds<tip>Comma separated values</tip></label>
<input type="text" class="gf-form-input width-10" ng-model="style.thresholds" placeholder="50,80" ng-blur="editor.render()" array-join>
<label class="gf-form-label width-8">Thresholds
<tip>Comma separated values</tip>
</label>
<input type="text" class="gf-form-input width-10" ng-model="style.thresholds" placeholder="50,80" ng-blur="editor.render()"
array-join>
</div>
<div class="gf-form">
<label class="gf-form-label width-8">Color Mode</label>
@ -102,21 +109,23 @@
<info-popover mode="right-absolute">
<p>Specify an URL (relative or absolute)</p>
<span>
Use special variables to specify cell values: <br>
<em>$__cell</em> refers to current cell value <br>
Use special variables to specify cell values:
<br>
<em>$__cell</em> refers to current cell value
<br>
<em>$__cell_n</em> refers to Nth column value in current row. Column indexes are started from 0. For instance,
<em>$__cell_1</em> refers to second column's value.
<em>$__cell_1</em> refers to second column's value.
</span>
</info-popover>
</div>
<div class="gf-form">
<label class="gf-form-label width-9">Tooltip</label>
<input type="text" class="gf-form-input width-29" ng-model="style.linkTooltip" ng-blur="editor.render()" ng-model-onblur data-placement="right">
<input type="text" class="gf-form-input width-29" ng-model="style.linkTooltip" ng-blur="editor.render()" ng-model-onblur
data-placement="right">
<info-popover mode="right-absolute">
<p>Specify text for link tooltip.</p>
<span>
This title appears when user hovers pointer over the cell with link.
Use the same variables as for URL.
This title appears when user hovers pointer over the cell with link. Use the same variables as for URL.
</span>
</info-popover>
</div>

10
public/sass/components/_dropdown.scss
View File

@ -33,7 +33,7 @@
border-top: 4px solid $text-color-weak;
border-right: 4px solid transparent;
border-left: 4px solid transparent;
content: "";
content: '';
}
// Place the caret
@ -218,7 +218,7 @@
.caret {
border-top: 0;
border-bottom: 4px solid $black;
content: "";
content: '';
}
// Different positioning for bottom up menu
.dropdown-menu {
@ -255,9 +255,9 @@
}
// Caret to indicate there is a submenu
.dropdown-submenu > a::after {
.dropdown-submenu > a::before {
display: block;
content: " ";
content: ' ';
float: right;
width: 0;
height: 0;
@ -312,7 +312,7 @@
width: 2rem;
display: inline-block;
text-align: center;
content: "\f11c";
content: '\f11c';
}
}

62
public/sass/components/_search.scss
View File

@ -10,7 +10,7 @@
}
.search-container {
left: $side-menu-width;
left: 0;
top: 0;
right: 0;
bottom: 0;
@ -38,13 +38,6 @@
background-color: $navbarButtonBackground;
flex-grow: 10;
}
// .tag-filter {
// .Select-control {
// width: 300px;
// background-color: $navbarBackground;
// }
// }
}
.search-field-spacer {
@ -58,7 +51,7 @@
.search-dropdown {
display: flex;
flex-direction: row;
flex-direction: column;
height: calc(100% - #{$navbarHeight});
}
@ -74,9 +67,8 @@
flex-grow: 1;
height: 100%;
padding-top: 16px;
display: flex;
display: none;
flex-direction: column;
align-items: flex-start;
}
.search-filter-box {
@ -85,7 +77,6 @@
padding: $spacer*1.5;
min-width: 340px;
margin-bottom: $spacer * 1.5;
margin-left: $spacer * 1.5;
}
.search-filter-box__header {
@ -215,7 +206,8 @@
}
.search-item__tags {
padding: 10px;
display: none;
//padding: 10px;
}
.search-item__actions {
@ -248,16 +240,46 @@
background: $panel-bg;
}
@include media-breakpoint-down(xs) {
@include media-breakpoint-up(sm) {
.search-container {
left: 0;
left: $side-menu-width;
}
.search-dropdown__col_2 {
display: none;
}
.search-item__tags {
display: none;
display: flex;
margin-bottom: 1rem;
}
}
@include media-breakpoint-up(md) {
.search-dropdown__col_2 {
flex-direction: row;
justify-content: space-between;
max-width: 700px;
height: 260px;
align-items: flex-start;
}
.search-dropdown__col_1 {
height: 100%;
}
.search-filter-box {
margin: 0;
}
}
@include media-breakpoint-up(lg) {
.search-dropdown {
flex-direction: row;
}
.search-dropdown__col_2 {
flex-direction: column;
}
.search-filter-box {
margin-left: $spacer * 1.5;
margin-bottom: $spacer * 1.5;
}
}

2
scripts/build/Dockerfile
View File

@ -21,7 +21,7 @@ RUN gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A170311380
RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - && \
yum install -y nodejs --nogpgcheck
ENV GOLANG_VERSION 1.9.2
ENV GOLANG_VERSION 1.9.3
RUN wget https://dl.yarnpkg.com/rpm/yarn.repo -O /etc/yum.repos.d/yarn.repo && \
yum install -y yarn --nogpgcheck && \

2
scripts/grunt/options/phantomjs.js
View File

@ -3,7 +3,7 @@ module.exports = function(config,grunt) {
grunt.registerTask('phantomjs', 'Copy phantomjs binary to vendor/', function() {
var dest = './vendor/phantomjs/phantomjs';
var dest = './tools/phantomjs/phantomjs';
var confDir = './node_modules/phantomjs-prebuilt/lib/';
if (process.platform === "win32") {

2
scripts/grunt/release_task.js
View File

@ -26,7 +26,7 @@ module.exports = function(grunt) {
});
grunt.config('copy.backend_files', {
expand: true,
src: ['conf/**', 'vendor/phantomjs/*', 'scripts/*'],
src: ['conf/**', 'tools/phantomjs/*', 'scripts/*'],
options: { mode: true},
dest: '<%= tempDir %>'
});

86
tools/phantomjs/render.js Normal file
View File

@ -0,0 +1,86 @@
(function() {
'use strict';
var page = require('webpage').create();
var args = require('system').args;
var params = {};
var regexp = /^([^=]+)=([^$]+)/;
args.forEach(function(arg) {
var parts = arg.match(regexp);
if (!parts) { return; }
params[parts[1]] = parts[2];
});
var usage = "url=<url> png=<filename> width=<width> height=<height> renderKey=<key>";
if (!params.url || !params.png || !params.renderKey || !params.domain) {
console.log(usage);
phantom.exit();
}
phantom.addCookie({
'name': 'renderKey',
'value': params.renderKey,
'domain': params.domain,
});
page.viewportSize = {
width: params.width || '800',
height: params.height || '400'
};
var timeoutMs = (parseInt(params.timeout) || 10) * 1000;
var waitBetweenReadyCheckMs = 50;
var totalWaitMs = 0;
page.open(params.url, function (status) {
console.log('Loading a web page: ' + params.url + ' status: ' + status, timeoutMs);
page.onError = function(msg, trace) {
var msgStack = ['ERROR: ' + msg];
if (trace && trace.length) {
msgStack.push('TRACE:');
trace.forEach(function(t) {
msgStack.push(' -> ' + t.file + ': ' + t.line + (t.function ? ' (in function "' + t.function +'")' : ''));
});
}
console.error(msgStack.join('\n'));
};
function checkIsReady() {
var panelsRendered = page.evaluate(function() {
if (!window.angular) { return false; }
var body = window.angular.element(document.body);
if (!body.injector) { return false; }
if (!body.injector()) { return false; }
var rootScope = body.injector().get('$rootScope');
if (!rootScope) {return false;}
var panels = angular.element('div.panel:visible').length;
return rootScope.panelsRendered >= panels;
});
if (panelsRendered || totalWaitMs > timeoutMs) {
var bb = page.evaluate(function () {
return document.getElementsByClassName("main-view")[0].getBoundingClientRect();
});
page.clipRect = {
top: bb.top,
left: bb.left,
width: bb.width,
height: bb.height
};
page.render(params.png);
phantom.exit();
} else {
totalWaitMs += waitBetweenReadyCheckMs;
setTimeout(checkIsReady, waitBetweenReadyCheckMs);
}
}
setTimeout(checkIsReady, waitBetweenReadyCheckMs);
});
})();