IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

support passing api token in Basic auth password (#12416)

Browse Source
This commit is contained in:
Dan Cech 2018-06-28 12:08:32 +02:00 committed by Torkel Ödegaard
parent c2381f088f
commit 3056d9a80e
3 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/sources/http_api/auth.md
View File

@ -44,6 +44,14 @@ Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
The `Authorization` header value should be `Bearer <your api key>`. The `Authorization` header value should be `Bearer <your api key>`.
The API Token can also be passed as a Basic authorization password with the special username `api_key`:
curl example:
```bash
?curl http://api_key:eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk@localhost:3000/api/org
{"id":1,"name":"Main Org."}
```
# Auth HTTP resources / actions # Auth HTTP resources / actions
## Api Keys ## Api Keys

6
pkg/middleware/auth.go
View File

@ -9,6 +9,7 @@ import (
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/session" "github.com/grafana/grafana/pkg/services/session"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
) )
type AuthOptions struct { type AuthOptions struct {
@ -34,6 +35,11 @@ func getApiKey(c *m.ReqContext) string {
return key return key
} }
username, password, err := util.DecodeBasicAuthHeader(header)
if err == nil && username == "api_key" {
return password
}
return "" return ""
} }

26
pkg/middleware/middleware_test.go
View File

@ -82,7 +82,7 @@ func TestMiddlewareContext(t *testing.T) {
setting.BasicAuthEnabled = true setting.BasicAuthEnabled = true
authHeader := util.GetBasicAuthHeader("myUser", "myPass") authHeader := util.GetBasicAuthHeader("myUser", "myPass")
sc.fakeReq("GET", "/").withAuthoriziationHeader(authHeader).exec() sc.fakeReq("GET", "/").withAuthorizationHeader(authHeader).exec()
Convey("Should init middleware context with user", func() { Convey("Should init middleware context with user", func() {
So(sc.context.IsSignedIn, ShouldEqual, true) So(sc.context.IsSignedIn, ShouldEqual, true)
@ -128,6 +128,28 @@ func TestMiddlewareContext(t *testing.T) {
}) })
}) })
middlewareScenario("Valid api key via Basic auth", func(sc *scenarioContext) {
keyhash := util.EncodePassword("v5nAwpMafFP6znaS4urhdWDLS5511M42", "asd")
bus.AddHandler("test", func(query *m.GetApiKeyByNameQuery) error {
query.Result = &m.ApiKey{OrgId: 12, Role: m.ROLE_EDITOR, Key: keyhash}
return nil
})
authHeader := util.GetBasicAuthHeader("api_key", "eyJrIjoidjVuQXdwTWFmRlA2em5hUzR1cmhkV0RMUzU1MTFNNDIiLCJuIjoiYXNkIiwiaWQiOjF9")
sc.fakeReq("GET", "/").withAuthorizationHeader(authHeader).exec()
Convey("Should return 200", func() {
So(sc.resp.Code, ShouldEqual, 200)
})
Convey("Should init middleware context", func() {
So(sc.context.IsSignedIn, ShouldEqual, true)
So(sc.context.OrgId, ShouldEqual, 12)
So(sc.context.OrgRole, ShouldEqual, m.ROLE_EDITOR)
})
})
middlewareScenario("UserId in session", func(sc *scenarioContext) { middlewareScenario("UserId in session", func(sc *scenarioContext) {
sc.fakeReq("GET", "/").handler(func(c *m.ReqContext) { sc.fakeReq("GET", "/").handler(func(c *m.ReqContext) {
@ -473,7 +495,7 @@ func (sc *scenarioContext) withInvalidApiKey() *scenarioContext {
return sc return sc
} }
func (sc *scenarioContext) withAuthoriziationHeader(authHeader string) *scenarioContext { func (sc *scenarioContext) withAuthorizationHeader(authHeader string) *scenarioContext {
sc.authHeader = authHeader sc.authHeader = authHeader
return sc return sc
} }