IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Users: Disable users removed from LDAP (#16820)

Browse Source 
* Users: add is_disabled column

* Users: disable users removed from LDAP

* Auth: return ErrInvalidCredentials for failed LDAP auth

* User: return isDisabled flag in user search api

* User: mark disabled users at the server admin page

* Chore: refactor according to review

* Auth: prevent disabled user from login

* Auth: re-enable user when it found in ldap

* User: add api endpoint for disabling user

* User: use separate endpoints to disable/enable user

* User: disallow disabling external users

* User: able do disable users from admin UI

* Chore: refactor based on review

* Chore: use more clear error check when disabling user

* Fix login tests

* Tests for disabling user during the LDAP login

* Tests for disable user API

* Tests for login with disabled user

* Remove disable user UI stub

* Sync with latest LDAP refactoring
This commit is contained in:
Alexander Zobnin
2019-05-21 14:52:49 +03:00
committed by GitHub
parent 8d1909c56d
commit 2d03815770
17 changed files with 428 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/login/auth.go
View File

@@ -19,6 +19,7 @@ var (
ErrPasswordEmpty = errors.New("No password provided")
ErrUsersQuotaReached = errors.New("Users quota reached")
ErrGettingUserQuota = errors.New("Error getting user quota")
ErrUserDisabled = errors.New("User is disabled")
)
func Init() {
@@ -36,7 +37,7 @@ func AuthenticateUser(query *models.LoginUserQuery) error {
}
err := loginUsingGrafanaDB(query)
if err == nil || (err != models.ErrUserNotFound && err != ErrInvalidCredentials) {
if err == nil || (err != models.ErrUserNotFound && err != ErrInvalidCredentials && err != ErrUserDisabled) {
return err
}
@@ -46,11 +47,14 @@ func AuthenticateUser(query *models.LoginUserQuery) error {
return ldapErr
}
err = ldapErr
if err != ErrUserDisabled || ldapErr != ldap.ErrInvalidCredentials {
err = ldapErr
}
}
if err == ErrInvalidCredentials || err == ldap.ErrInvalidCredentials {
saveInvalidLoginAttempt(query)
return ErrInvalidCredentials
}
if err == models.ErrUserNotFound {
@@ -59,6 +63,7 @@ func AuthenticateUser(query *models.LoginUserQuery) error {
return err
}
func validatePasswordSet(password string) error {
if len(password) == 0 {
return ErrPasswordEmpty