Chore: Remove global setting var from azure ad oath (#35040)

* Remove global setting var from azure ad oath

* Remove more glob var from social

* Use GrafanaComURL from cfg

pkg/login/social/azuread_oauth.go

@@ -7,7 +7,6 @@ import (
 	"strings"
 
 	"github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/util/errutil"
 
 	"golang.org/x/oauth2"
@@ -16,7 +15,8 @@ import (
 
 type SocialAzureAD struct {
 	*SocialBase
-	allowedGroups []string
+	allowedGroups     []string
+	autoAssignOrgRole string
 }
 
 type azureClaims struct {
@@ -53,7 +53,7 @@ func (s *SocialAzureAD) UserInfo(_ *http.Client, token *oauth2.Token) (*BasicUse
 		return nil, errors.New("error getting user info: no email found in access token")
 	}
 
-	role := extractRole(claims)
+	role := extractRole(claims, s.autoAssignOrgRole)
 
 	groups := extractGroups(claims)
 	if !s.IsGroupMember(groups) {
@@ -96,9 +96,9 @@ func extractEmail(claims azureClaims) string {
 	return claims.Email
 }
 
-func extractRole(claims azureClaims) models.RoleType {
+func extractRole(claims azureClaims, autoAssignRole string) models.RoleType {
 	if len(claims.Roles) == 0 {
-		return models.RoleType(setting.AutoAssignOrgRole)
+		return models.RoleType(autoAssignRole)
 	}
 
 	roleOrder := []models.RoleType{

pkg/login/social/azuread_oauth_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/grafana/grafana/pkg/setting"
 	"golang.org/x/oauth2"
 	"gopkg.in/square/go-jose.v2"
 	"gopkg.in/square/go-jose.v2/jwt"
@@ -14,8 +13,9 @@ import (
 
 func TestSocialAzureAD_UserInfo(t *testing.T) {
 	type fields struct {
-		SocialBase    *SocialBase
-		allowedGroups []string
+		SocialBase        *SocialBase
+		allowedGroups     []string
+		autoAssignOrgRole string
 	}
 	type args struct {
 		client *http.Client
@@ -39,7 +39,9 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
-			settingAutoAssignOrgRole: "Viewer",
+			fields: fields{
+				autoAssignOrgRole: "Viewer",
+			},
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@@ -77,7 +79,9 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
-			settingAutoAssignOrgRole: "Viewer",
+			fields: fields{
+				autoAssignOrgRole: "Viewer",
+			},
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@@ -154,7 +158,9 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
-			settingAutoAssignOrgRole: "Editor",
+			fields: fields{
+				autoAssignOrgRole: "Editor",
+			},
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@@ -222,7 +228,8 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 		{
 			name: "Error if user is a member of allowed_groups",
 			fields: fields{
-				allowedGroups: []string{"foo", "bar"},
+				allowedGroups:     []string{"foo", "bar"},
+				autoAssignOrgRole: "Viewer",
 			},
 			claims: &azureClaims{
 				Email:             "me@example.com",
@@ -232,7 +239,6 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
-			settingAutoAssignOrgRole: "Viewer",
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@@ -247,8 +253,9 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			s := &SocialAzureAD{
-				SocialBase:    tt.fields.SocialBase,
-				allowedGroups: tt.fields.allowedGroups,
+				SocialBase:        tt.fields.SocialBase,
+				allowedGroups:     tt.fields.allowedGroups,
+				autoAssignOrgRole: tt.fields.autoAssignOrgRole,
 			}
 
 			key := []byte("secret")
@@ -282,8 +289,6 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				token = token.WithExtra(map[string]interface{}{"id_token": raw})
 			}
 
-			setting.AutoAssignOrgRole = tt.settingAutoAssignOrgRole
-
 			got, err := s.UserInfo(tt.args.client, token)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("UserInfo() error = %v, wantErr %v", err, tt.wantErr)

pkg/login/social/social.go

@@ -79,12 +79,12 @@ func newSocialBase(name string, config *oauth2.Config, info *setting.OAuthInfo)
 	}
 }
 
-func NewOAuthService() {
+func NewOAuthService(cfg *setting.Cfg) {
 	setting.OAuthService = &setting.OAuther{}
 	setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo)
 
 	for _, name := range allOauthes {
-		sec := setting.Raw.Section("auth." + name)
+		sec := cfg.Raw.Section("auth." + name)
 
 		info := &setting.OAuthInfo{
 			ClientId:            sec.Key("client_id").String(),
@@ -131,7 +131,7 @@ func NewOAuthService() {
 				TokenURL:  info.TokenUrl,
 				AuthStyle: oauth2.AuthStyleAutoDetect,
 			},
-			RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
+			RedirectURL: strings.TrimSuffix(cfg.AppURL, "/") + SocialBaseUrl + name,
 			Scopes:      info.Scopes,
 		}
 
@@ -166,8 +166,9 @@ func NewOAuthService() {
 		// AzureAD.
 		if name == "azuread" {
 			SocialMap["azuread"] = &SocialAzureAD{
-				SocialBase:    newSocialBase(name, &config, info),
-				allowedGroups: util.SplitString(sec.Key("allowed_groups").String()),
+				SocialBase:        newSocialBase(name, &config, info),
+				allowedGroups:     util.SplitString(sec.Key("allowed_groups").String()),
+				autoAssignOrgRole: cfg.AutoAssignOrgRole,
 			}
 		}
 
@@ -204,17 +205,17 @@ func NewOAuthService() {
 				ClientID:     info.ClientId,
 				ClientSecret: info.ClientSecret,
 				Endpoint: oauth2.Endpoint{
-					AuthURL:   setting.GrafanaComUrl + "/oauth2/authorize",
-					TokenURL:  setting.GrafanaComUrl + "/api/oauth2/token",
+					AuthURL:   cfg.GrafanaComURL + "/oauth2/authorize",
+					TokenURL:  cfg.GrafanaComURL + "/api/oauth2/token",
 					AuthStyle: oauth2.AuthStyleInHeader,
 				},
-				RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
+				RedirectURL: strings.TrimSuffix(cfg.AppURL, "/") + SocialBaseUrl + name,
 				Scopes:      info.Scopes,
 			}
 
 			SocialMap[grafanaCom] = &SocialGrafanaCom{
 				SocialBase:           newSocialBase(name, &config, info),
-				url:                  setting.GrafanaComUrl,
+				url:                  cfg.GrafanaComURL,
 				allowedOrganizations: util.SplitString(sec.Key("allowed_organizations").String()),
 			}
 		}

pkg/server/server.go

@@ -150,7 +150,7 @@ func (s *Server) init() error {
 	}
 
 	login.Init()
-	social.NewOAuthService()
+	social.NewOAuthService(s.cfg)
 
 	services := s.serviceRegistry.GetServices()
 	if err := s.buildServiceGraph(services); err != nil {

pkg/setting/setting.go

@@ -385,6 +385,9 @@ type Cfg struct {
 	// Grafana Live ws endpoint (per Grafana server instance). 0 disables
 	// Live, -1 means unlimited connections.
 	LiveMaxConnections int
+
+	// Grafana.com URL
+	GrafanaComURL string
 }
 
 // IsLiveConfigEnabled returns true if live should be able to save configs to SQL tables
@@ -940,6 +943,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 	if GrafanaComUrl == "" {
 		GrafanaComUrl = valueAsString(iniFile.Section("grafana_com"), "url", "https://grafana.com")
 	}
+	cfg.GrafanaComURL = GrafanaComUrl
 
 	imageUploadingSection := iniFile.Section("external_image_storage")
 	cfg.ImageUploadProvider = valueAsString(imageUploadingSection, "provider", "")