Users: Disable users removed from LDAP (#16820)

* Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2025-02-25 18:55:37 -06:00 · 2019-05-21 14:52:49 +03:00
parent 8d1909c56d
commit 2d03815770
17 changed files with 428 additions and 72 deletions
--- a/pkg/models/user.go
+++ b/pkg/models/user.go
@@ -30,6 +30,7 @@ type User struct {
 	EmailVerified bool
 	Theme         string
 	HelpFlags1    HelpFlags1
+	IsDisabled    bool

 	IsAdmin bool
 	OrgId   int64
@@ -88,6 +89,11 @@ type UpdateUserPermissionsCommand struct {
 	UserId         int64 `json:"-"`
 }

+type DisableUserCommand struct {
+	UserId     int64
+	IsDisabled bool
+}
+
 type DeleteUserCommand struct {
 	UserId int64
 }
@@ -203,6 +209,7 @@ type UserProfileDTO struct {
 	Theme          string `json:"theme"`
 	OrgId          int64  `json:"orgId"`
 	IsGrafanaAdmin bool   `json:"isGrafanaAdmin"`
+	IsDisabled     bool   `json:"isDisabled"`
 }

 type UserSearchHitDTO struct {
@@ -212,6 +219,7 @@ type UserSearchHitDTO struct {
 	Email         string    `json:"email"`
 	AvatarUrl     string    `json:"avatarUrl"`
 	IsAdmin       bool      `json:"isAdmin"`
+	IsDisabled    bool      `json:"isDisabled"`
 	LastSeenAt    time.Time `json:"lastSeenAt"`
 	LastSeenAtAge string    `json:"lastSeenAtAge"`
 }
--- a/pkg/models/user_auth.go
+++ b/pkg/models/user_auth.go
@@ -6,6 +6,10 @@ import (
 	"golang.org/x/oauth2"
 )

+const (
+	AuthModuleLDAP = "ldap"
+)
+
 type UserAuth struct {
 	Id                int64
 	UserId            int64
@@ -29,6 +33,7 @@ type ExternalUserInfo struct {
 	Groups         []string
 	OrgRoles       map[int64]RoleType
 	IsGrafanaAdmin *bool // This is a pointer to know if we should sync this or not (nil = ignore sync)
+	IsDisabled     bool
 }

 // ---------------------
@@ -81,6 +86,12 @@ type GetUserByAuthInfoQuery struct {
 	Result *User
 }

+type GetExternalUserInfoByLoginQuery struct {
+	LoginOrEmail string
+
+	Result *ExternalUserInfo
+}
+
 type GetAuthInfoQuery struct {
 	UserId     int64
 	AuthModule string