IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Only authenticate logins when password is set (#13147)

Browse Source 
* auth: never authenticate passwords shorter than 4 chars.

* auth: refactoring password length check.

* auth: does not authenticate when password is empty.

* auth: removes unneccesary change.
This commit is contained in:
Leonard Gram 2018-09-05 12:12:46 +02:00 committed by Torkel Ödegaard
parent c9ae585d2a
commit 275f613050
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/login/auth.go
View File

@ -2,7 +2,6 @@ package login
import ( import (
"errors" "errors"
"github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
) )
@ -14,6 +13,7 @@ var (
ErrProviderDeniedRequest = errors.New("Login provider denied login request") ErrProviderDeniedRequest = errors.New("Login provider denied login request")
ErrSignUpNotAllowed = errors.New("Signup is not allowed for this adapter") ErrSignUpNotAllowed = errors.New("Signup is not allowed for this adapter")
ErrTooManyLoginAttempts = errors.New("Too many consecutive incorrect login attempts for user. Login for user temporarily blocked") ErrTooManyLoginAttempts = errors.New("Too many consecutive incorrect login attempts for user. Login for user temporarily blocked")
ErrPasswordEmpty = errors.New("No password provided.")
ErrUsersQuotaReached = errors.New("Users quota reached") ErrUsersQuotaReached = errors.New("Users quota reached")
ErrGettingUserQuota = errors.New("Error getting user quota") ErrGettingUserQuota = errors.New("Error getting user quota")
) )
@ -28,6 +28,10 @@ func AuthenticateUser(query *m.LoginUserQuery) error {
return err return err
} }
if err := validatePasswordSet(query.Password); err != nil {
return err
}
err := loginUsingGrafanaDB(query) err := loginUsingGrafanaDB(query)
if err == nil || (err != m.ErrUserNotFound && err != ErrInvalidCredentials) { if err == nil || (err != m.ErrUserNotFound && err != ErrInvalidCredentials) {
return err return err
@ -52,3 +56,10 @@ func AuthenticateUser(query *m.LoginUserQuery) error {
return err return err
} }
func validatePasswordSet(password string) error {
if len(password) == 0 {
return ErrPasswordEmpty
}
return nil
}

18
pkg/login/auth_test.go
View File

@ -10,6 +10,24 @@ import (
func TestAuthenticateUser(t *testing.T) { func TestAuthenticateUser(t *testing.T) {
Convey("Authenticate user", t, func() { Convey("Authenticate user", t, func() {
authScenario("When a user authenticates without setting a password", func(sc *authScenarioContext) {
mockLoginAttemptValidation(nil, sc)
mockLoginUsingGrafanaDB(nil, sc)
mockLoginUsingLdap(false, nil, sc)
loginQuery := m.LoginUserQuery{
Username: "user",
Password: "",
}
err := AuthenticateUser(&loginQuery)
Convey("login should fail", func() {
So(sc.grafanaLoginWasCalled, ShouldBeFalse)
So(sc.ldapLoginWasCalled, ShouldBeFalse)
So(err, ShouldEqual, ErrPasswordEmpty)
})
})
authScenario("When a user authenticates having too many login attempts", func(sc *authScenarioContext) { authScenario("When a user authenticates having too many login attempts", func(sc *authScenarioContext) {
mockLoginAttemptValidation(ErrTooManyLoginAttempts, sc) mockLoginAttemptValidation(ErrTooManyLoginAttempts, sc)
mockLoginUsingGrafanaDB(nil, sc) mockLoginUsingGrafanaDB(nil, sc)