mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Auth: Add authed device tagging (#72442)
* add authed device tagging * fix config * implement feedback * implement feedback * add reverse untag behavior * remove duplicate stat * Update pkg/services/anonymous/anonimpl/impl.go
This commit is contained in:
parent
d279d926a4
commit
3353b1a8aa
@ -3,6 +3,7 @@ package anonimpl
|
||||
import (
|
||||
"context"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"hash/fnv"
|
||||
"net/http"
|
||||
@ -14,28 +15,30 @@ import (
|
||||
"github.com/grafana/grafana/pkg/infra/network"
|
||||
"github.com/grafana/grafana/pkg/infra/remotecache"
|
||||
"github.com/grafana/grafana/pkg/infra/usagestats"
|
||||
"github.com/grafana/grafana/pkg/services/anonymous"
|
||||
"github.com/grafana/grafana/pkg/web"
|
||||
)
|
||||
|
||||
const thirtyDays = 30 * 24 * time.Hour
|
||||
const anonCachePrefix = "anon-session"
|
||||
|
||||
type Device struct {
|
||||
ip string
|
||||
userAgent string
|
||||
Kind anonymous.DeviceKind `json:"kind"`
|
||||
IP string `json:"ip"`
|
||||
UserAgent string `json:"user_agent"`
|
||||
LastSeen time.Time `json:"last_seen"`
|
||||
}
|
||||
|
||||
func (a *Device) Key() (string, error) {
|
||||
key := strings.Builder{}
|
||||
key.WriteString(a.ip)
|
||||
key.WriteString(a.userAgent)
|
||||
key.WriteString(a.IP)
|
||||
key.WriteString(a.UserAgent)
|
||||
|
||||
hash := fnv.New128a()
|
||||
if _, err := hash.Write([]byte(key.String())); err != nil {
|
||||
return "", fmt.Errorf("failed to write to hash: %w", err)
|
||||
}
|
||||
|
||||
return strings.Join([]string{anonCachePrefix, hex.EncodeToString(hash.Sum(nil))}, ":"), nil
|
||||
return strings.Join([]string{string(a.Kind), hex.EncodeToString(hash.Sum(nil))}, ":"), nil
|
||||
}
|
||||
|
||||
type AnonDeviceService struct {
|
||||
@ -57,17 +60,36 @@ func ProvideAnonymousDeviceService(remoteCache remotecache.CacheStorage, usageSt
|
||||
}
|
||||
|
||||
func (a *AnonDeviceService) usageStatFn(ctx context.Context) (map[string]interface{}, error) {
|
||||
sessionCount, err := a.remoteCache.Count(ctx, anonCachePrefix)
|
||||
anonDeviceCount, err := a.remoteCache.Count(ctx, string(anonymous.AnonDevice))
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
authedDeviceCount, err := a.remoteCache.Count(ctx, string(anonymous.AuthedDevice))
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return map[string]interface{}{
|
||||
"stats.anonymous.session.count": sessionCount,
|
||||
"stats.anonymous.session.count": anonDeviceCount, // keep session for legacy data
|
||||
"stats.users.device.count": authedDeviceCount,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request) error {
|
||||
func (a *AnonDeviceService) untagDevice(ctx context.Context, device *Device) error {
|
||||
key, err := device.Key()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := a.remoteCache.Delete(ctx, key); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request, kind anonymous.DeviceKind) error {
|
||||
addr := web.RemoteAddr(httpReq)
|
||||
ip, err := network.GetIPFromAddress(addr)
|
||||
if err != nil {
|
||||
@ -80,12 +102,14 @@ func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request
|
||||
clientIPStr = ""
|
||||
}
|
||||
|
||||
anonDevice := &Device{
|
||||
ip: clientIPStr,
|
||||
userAgent: httpReq.UserAgent(),
|
||||
taggedDevice := &Device{
|
||||
Kind: kind,
|
||||
IP: clientIPStr,
|
||||
UserAgent: httpReq.UserAgent(),
|
||||
LastSeen: time.Now().UTC(),
|
||||
}
|
||||
|
||||
key, err := anonDevice.Key()
|
||||
key, err := taggedDevice.Key()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -96,5 +120,27 @@ func (a *AnonDeviceService) TagDevice(ctx context.Context, httpReq *http.Request
|
||||
|
||||
a.localCache.SetDefault(key, struct{}{})
|
||||
|
||||
return a.remoteCache.Set(ctx, key, []byte(key), thirtyDays)
|
||||
deviceJSON, err := json.Marshal(taggedDevice)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := a.remoteCache.Set(ctx, key, deviceJSON, thirtyDays); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// remove existing tag when device switches to another kind
|
||||
untagKind := anonymous.AnonDevice
|
||||
if kind == anonymous.AnonDevice {
|
||||
untagKind = anonymous.AuthedDevice
|
||||
}
|
||||
if err := a.untagDevice(ctx, &Device{
|
||||
Kind: untagKind,
|
||||
IP: taggedDevice.IP,
|
||||
UserAgent: taggedDevice.UserAgent,
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -2,14 +2,17 @@ package anonimpl
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/remotecache"
|
||||
"github.com/grafana/grafana/pkg/infra/usagestats"
|
||||
"github.com/grafana/grafana/pkg/services/anonymous"
|
||||
)
|
||||
|
||||
func TestAnonDeviceKey(t *testing.T) {
|
||||
@ -21,24 +24,27 @@ func TestAnonDeviceKey(t *testing.T) {
|
||||
{
|
||||
name: "should hash correctly",
|
||||
session: &Device{
|
||||
ip: "10.10.10.10",
|
||||
userAgent: "test",
|
||||
Kind: anonymous.AnonDevice,
|
||||
IP: "10.10.10.10",
|
||||
UserAgent: "test",
|
||||
},
|
||||
expected: "anon-session:ad9f5c6bf504a9fa77c37a3a6658c0cd",
|
||||
},
|
||||
{
|
||||
name: "should hash correctly with different ip",
|
||||
session: &Device{
|
||||
ip: "10.10.10.1",
|
||||
userAgent: "test",
|
||||
Kind: anonymous.AnonDevice,
|
||||
IP: "10.10.10.1",
|
||||
UserAgent: "test",
|
||||
},
|
||||
expected: "anon-session:580605320245e8289e0b301074a027c3",
|
||||
},
|
||||
{
|
||||
name: "should hash correctly with different user agent",
|
||||
session: &Device{
|
||||
ip: "10.10.10.1",
|
||||
userAgent: "test2",
|
||||
Kind: anonymous.AnonDevice,
|
||||
IP: "10.10.10.1",
|
||||
UserAgent: "test2",
|
||||
},
|
||||
expected: "anon-session:5fdd04b0bd04a9fa77c4243f8111258b",
|
||||
},
|
||||
@ -58,75 +64,149 @@ func TestAnonDeviceKey(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestIntegrationAnonDeviceService_tag(t *testing.T) {
|
||||
func TestIntegrationDeviceService_tag(t *testing.T) {
|
||||
type tagReq struct {
|
||||
httpReq *http.Request
|
||||
kind anonymous.DeviceKind
|
||||
}
|
||||
testCases := []struct {
|
||||
name string
|
||||
req []*http.Request
|
||||
expectedCount int64
|
||||
name string
|
||||
req []tagReq
|
||||
expectedAnonCount int64
|
||||
expectedAuthedCount int64
|
||||
expectedDevice *Device
|
||||
}{
|
||||
{
|
||||
name: "no requests",
|
||||
req: []*http.Request{},
|
||||
expectedCount: 0,
|
||||
name: "no requests",
|
||||
req: []tagReq{{httpReq: &http.Request{}, kind: anonymous.AnonDevice}},
|
||||
expectedAnonCount: 0,
|
||||
expectedAuthedCount: 0,
|
||||
},
|
||||
{
|
||||
name: "missing info should not tag",
|
||||
req: []*http.Request{
|
||||
{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
},
|
||||
req: []tagReq{{httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
},
|
||||
},
|
||||
expectedCount: 0,
|
||||
kind: anonymous.AnonDevice,
|
||||
}},
|
||||
expectedAnonCount: 0,
|
||||
expectedAuthedCount: 0,
|
||||
},
|
||||
{
|
||||
name: "should tag once",
|
||||
req: []*http.Request{
|
||||
{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
req: []tagReq{{httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
expectedCount: 1,
|
||||
kind: anonymous.AnonDevice,
|
||||
},
|
||||
},
|
||||
expectedAnonCount: 1,
|
||||
expectedAuthedCount: 0,
|
||||
expectedDevice: &Device{
|
||||
Kind: anonymous.AnonDevice,
|
||||
IP: "10.30.30.1",
|
||||
UserAgent: "test"},
|
||||
},
|
||||
{
|
||||
name: "repeat request should not tag",
|
||||
req: []*http.Request{
|
||||
{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
req: []tagReq{{httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
expectedCount: 1,
|
||||
kind: anonymous.AnonDevice,
|
||||
}, {httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AnonDevice,
|
||||
},
|
||||
},
|
||||
expectedAnonCount: 1,
|
||||
expectedAuthedCount: 0,
|
||||
}, {
|
||||
name: "authed request should untag anon",
|
||||
req: []tagReq{{httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AnonDevice,
|
||||
}, {httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AuthedDevice,
|
||||
},
|
||||
},
|
||||
expectedAnonCount: 0,
|
||||
expectedAuthedCount: 1,
|
||||
}, {
|
||||
name: "anon request should untag authed",
|
||||
req: []tagReq{{httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AuthedDevice,
|
||||
}, {httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AnonDevice,
|
||||
},
|
||||
},
|
||||
expectedAnonCount: 1,
|
||||
expectedAuthedCount: 0,
|
||||
},
|
||||
{
|
||||
name: "tag 2 different requests",
|
||||
req: []*http.Request{
|
||||
{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.2"},
|
||||
},
|
||||
name: "tag 4 different requests",
|
||||
req: []tagReq{{httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.1"},
|
||||
},
|
||||
},
|
||||
expectedCount: 2,
|
||||
kind: anonymous.AnonDevice,
|
||||
}, {httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.2"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AnonDevice,
|
||||
}, {httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.3"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AuthedDevice,
|
||||
}, {httpReq: &http.Request{
|
||||
Header: http.Header{
|
||||
"User-Agent": []string{"test"},
|
||||
"X-Forwarded-For": []string{"10.30.30.4"},
|
||||
},
|
||||
},
|
||||
kind: anonymous.AuthedDevice,
|
||||
},
|
||||
},
|
||||
expectedAnonCount: 2,
|
||||
expectedAuthedCount: 2,
|
||||
},
|
||||
}
|
||||
|
||||
@ -137,14 +217,32 @@ func TestIntegrationAnonDeviceService_tag(t *testing.T) {
|
||||
anonService := ProvideAnonymousDeviceService(fakeStore, &usagestats.UsageStatsMock{})
|
||||
|
||||
for _, req := range tc.req {
|
||||
err := anonService.TagDevice(context.Background(), req)
|
||||
err := anonService.TagDevice(context.Background(), req.httpReq, req.kind)
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
stats, err := anonService.usageStatFn(context.Background())
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, tc.expectedCount, stats["stats.anonymous.session.count"].(int64))
|
||||
assert.Equal(t, tc.expectedAnonCount, stats["stats.anonymous.session.count"].(int64))
|
||||
assert.Equal(t, tc.expectedAuthedCount, stats["stats.users.device.count"].(int64))
|
||||
|
||||
if tc.expectedDevice != nil {
|
||||
key, err := tc.expectedDevice.Key()
|
||||
require.NoError(t, err)
|
||||
|
||||
k, err := fakeStore.Get(context.Background(), key)
|
||||
require.NoError(t, err)
|
||||
|
||||
gotDevice := &Device{}
|
||||
err = json.Unmarshal(k, gotDevice)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.NotNil(t, gotDevice.LastSeen)
|
||||
gotDevice.LastSeen = time.Time{}
|
||||
|
||||
assert.Equal(t, tc.expectedDevice, gotDevice)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@ -162,8 +260,10 @@ func TestIntegrationAnonDeviceService_localCacheSafety(t *testing.T) {
|
||||
}
|
||||
|
||||
anonDevice := &Device{
|
||||
ip: "10.30.30.2",
|
||||
userAgent: "test",
|
||||
Kind: anonymous.AnonDevice,
|
||||
IP: "10.30.30.2",
|
||||
UserAgent: "test",
|
||||
LastSeen: time.Now().UTC(),
|
||||
}
|
||||
|
||||
key, err := anonDevice.Key()
|
||||
@ -171,7 +271,7 @@ func TestIntegrationAnonDeviceService_localCacheSafety(t *testing.T) {
|
||||
|
||||
anonService.localCache.SetDefault(key, true)
|
||||
|
||||
err = anonService.TagDevice(context.Background(), req)
|
||||
err = anonService.TagDevice(context.Background(), req, anonymous.AnonDevice)
|
||||
require.NoError(t, err)
|
||||
|
||||
stats, err := anonService.usageStatFn(context.Background())
|
||||
|
@ -3,11 +3,13 @@ package anontest
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"github.com/grafana/grafana/pkg/services/anonymous"
|
||||
)
|
||||
|
||||
type FakeAnonymousSessionService struct {
|
||||
}
|
||||
|
||||
func (f *FakeAnonymousSessionService) TagDevice(ctx context.Context, httpReq *http.Request) error {
|
||||
func (f *FakeAnonymousSessionService) TagDevice(ctx context.Context, httpReq *http.Request, kind anonymous.DeviceKind) error {
|
||||
return nil
|
||||
}
|
||||
|
@ -5,6 +5,13 @@ import (
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type DeviceKind string
|
||||
|
||||
const (
|
||||
AnonDevice DeviceKind = "anon-session"
|
||||
AuthedDevice DeviceKind = "authed-session"
|
||||
)
|
||||
|
||||
type Service interface {
|
||||
TagDevice(context.Context, *http.Request) error
|
||||
TagDevice(context.Context, *http.Request, DeviceKind) error
|
||||
}
|
||||
|
@ -84,7 +84,7 @@ func ProvideService(
|
||||
s.RegisterClient(clients.ProvideAPIKey(apikeyService, userService))
|
||||
|
||||
if cfg.LoginCookieName != "" {
|
||||
s.RegisterClient(clients.ProvideSession(cfg, sessionService, features))
|
||||
s.RegisterClient(clients.ProvideSession(cfg, sessionService, features, anonDeviceService))
|
||||
}
|
||||
|
||||
if s.cfg.AnonymousEnabled {
|
||||
|
@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/log"
|
||||
"github.com/grafana/grafana/pkg/services/anonymous"
|
||||
@ -14,6 +15,8 @@ import (
|
||||
|
||||
var _ authn.ContextAwareClient = new(Anonymous)
|
||||
|
||||
const timeoutTag = 2 * time.Minute
|
||||
|
||||
func ProvideAnonymous(cfg *setting.Cfg, orgService org.Service, anonDeviceService anonymous.Service) *Anonymous {
|
||||
return &Anonymous{
|
||||
cfg: cfg,
|
||||
@ -54,7 +57,10 @@ func (a *Anonymous) Authenticate(ctx context.Context, r *authn.Request) (*authn.
|
||||
a.log.Warn("tag anon session panic", "err", err)
|
||||
}
|
||||
}()
|
||||
if err := a.anonDeviceService.TagDevice(context.Background(), httpReqCopy); err != nil {
|
||||
|
||||
newCtx, cancel := context.WithTimeout(context.Background(), timeoutTag)
|
||||
defer cancel()
|
||||
if err := a.anonDeviceService.TagDevice(newCtx, httpReqCopy, anonymous.AnonDevice); err != nil {
|
||||
a.log.Warn("failed to tag anonymous session", "error", err)
|
||||
}
|
||||
}()
|
||||
|
@ -3,11 +3,13 @@ package clients
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/log"
|
||||
"github.com/grafana/grafana/pkg/infra/network"
|
||||
"github.com/grafana/grafana/pkg/services/anonymous"
|
||||
"github.com/grafana/grafana/pkg/services/auth"
|
||||
"github.com/grafana/grafana/pkg/services/authn"
|
||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||
@ -18,20 +20,25 @@ import (
|
||||
var _ authn.HookClient = new(Session)
|
||||
var _ authn.ContextAwareClient = new(Session)
|
||||
|
||||
func ProvideSession(cfg *setting.Cfg, sessionService auth.UserTokenService, features *featuremgmt.FeatureManager) *Session {
|
||||
func ProvideSession(cfg *setting.Cfg, sessionService auth.UserTokenService,
|
||||
features *featuremgmt.FeatureManager, anonDeviceService anonymous.Service) *Session {
|
||||
return &Session{
|
||||
cfg: cfg,
|
||||
features: features,
|
||||
sessionService: sessionService,
|
||||
log: log.New(authn.ClientSession),
|
||||
cfg: cfg,
|
||||
features: features,
|
||||
sessionService: sessionService,
|
||||
log: log.New(authn.ClientSession),
|
||||
anonDeviceService: anonDeviceService,
|
||||
tagDevices: cfg.TagAuthedDevices,
|
||||
}
|
||||
}
|
||||
|
||||
type Session struct {
|
||||
cfg *setting.Cfg
|
||||
features *featuremgmt.FeatureManager
|
||||
sessionService auth.UserTokenService
|
||||
log log.Logger
|
||||
cfg *setting.Cfg
|
||||
features *featuremgmt.FeatureManager
|
||||
sessionService auth.UserTokenService
|
||||
log log.Logger
|
||||
tagDevices bool
|
||||
anonDeviceService anonymous.Service
|
||||
}
|
||||
|
||||
func (s *Session) Name() string {
|
||||
@ -60,6 +67,29 @@ func (s *Session) Authenticate(ctx context.Context, r *authn.Request) (*authn.Id
|
||||
}
|
||||
}
|
||||
|
||||
if s.tagDevices {
|
||||
// Tag authed devices
|
||||
httpReqCopy := &http.Request{}
|
||||
if r.HTTPRequest != nil && r.HTTPRequest.Header != nil {
|
||||
// avoid r.HTTPRequest.Clone(context.Background()) as we do not require a full clone
|
||||
httpReqCopy.Header = r.HTTPRequest.Header.Clone()
|
||||
httpReqCopy.RemoteAddr = r.HTTPRequest.RemoteAddr
|
||||
}
|
||||
go func() {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
s.log.Warn("tag anon session panic", "err", err)
|
||||
}
|
||||
}()
|
||||
|
||||
newCtx, cancel := context.WithTimeout(context.Background(), timeoutTag)
|
||||
defer cancel()
|
||||
if err := s.anonDeviceService.TagDevice(newCtx, httpReqCopy, anonymous.AuthedDevice); err != nil {
|
||||
s.log.Warn("failed to tag anonymous session", "error", err)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
return &authn.Identity{
|
||||
ID: authn.NamespacedID(authn.NamespaceUser, token.UserId),
|
||||
SessionToken: token,
|
||||
|
@ -11,6 +11,7 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/grafana/grafana/pkg/models/usertoken"
|
||||
"github.com/grafana/grafana/pkg/services/anonymous/anontest"
|
||||
"github.com/grafana/grafana/pkg/services/auth"
|
||||
"github.com/grafana/grafana/pkg/services/auth/authtest"
|
||||
"github.com/grafana/grafana/pkg/services/authn"
|
||||
@ -29,7 +30,7 @@ func TestSession_Test(t *testing.T) {
|
||||
cfg := setting.NewCfg()
|
||||
cfg.LoginCookieName = ""
|
||||
cfg.LoginMaxLifetime = 20 * time.Second
|
||||
s := ProvideSession(cfg, &authtest.FakeUserAuthTokenService{}, featuremgmt.WithFeatures())
|
||||
s := ProvideSession(cfg, &authtest.FakeUserAuthTokenService{}, featuremgmt.WithFeatures(), &anontest.FakeAnonymousSessionService{})
|
||||
|
||||
disabled := s.Test(context.Background(), &authn.Request{HTTPRequest: validHTTPReq})
|
||||
assert.False(t, disabled)
|
||||
@ -145,7 +146,7 @@ func TestSession_Authenticate(t *testing.T) {
|
||||
cfg.LoginCookieName = cookieName
|
||||
cfg.TokenRotationIntervalMinutes = 10
|
||||
cfg.LoginMaxLifetime = 20 * time.Second
|
||||
s := ProvideSession(cfg, tt.fields.sessionService, tt.fields.features)
|
||||
s := ProvideSession(cfg, tt.fields.sessionService, tt.fields.features, &anontest.FakeAnonymousSessionService{})
|
||||
|
||||
got, err := s.Authenticate(context.Background(), tt.args.r)
|
||||
require.True(t, (err != nil) == tt.wantErr, err)
|
||||
@ -185,7 +186,7 @@ func TestSession_Hook(t *testing.T) {
|
||||
token.UnhashedToken = "new-token"
|
||||
return true, token, nil
|
||||
},
|
||||
}, featuremgmt.WithFeatures())
|
||||
}, featuremgmt.WithFeatures(), &anontest.FakeAnonymousSessionService{})
|
||||
|
||||
sampleID := &authn.Identity{
|
||||
SessionToken: &auth.UserToken{
|
||||
@ -219,7 +220,7 @@ func TestSession_Hook(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("should not rotate token with feature flag", func(t *testing.T) {
|
||||
s := ProvideSession(setting.NewCfg(), nil, featuremgmt.WithFeatures(featuremgmt.FlagClientTokenRotation))
|
||||
s := ProvideSession(setting.NewCfg(), nil, featuremgmt.WithFeatures(featuremgmt.FlagClientTokenRotation), &anontest.FakeAnonymousSessionService{})
|
||||
|
||||
req := &authn.Request{}
|
||||
identity := &authn.Identity{}
|
||||
|
@ -282,7 +282,8 @@ func (h *ContextHandler) initContextWithAnonymousUser(reqContext *contextmodel.R
|
||||
reqContext.Logger.Warn("tag anon session panic", "err", err)
|
||||
}
|
||||
}()
|
||||
if err := h.anonDeviceService.TagDevice(context.Background(), httpReqCopy); err != nil {
|
||||
|
||||
if err := h.anonDeviceService.TagDevice(context.Background(), httpReqCopy, anonymous.AnonDevice); err != nil {
|
||||
reqContext.Logger.Warn("Failed to tag anonymous session", "error", err)
|
||||
}
|
||||
}()
|
||||
|
@ -282,6 +282,8 @@ type Cfg struct {
|
||||
AuthConfigUIAdminAccess bool
|
||||
// TO REMOVE: Not documented & not supported. Remove with legacy handlers in 10.2
|
||||
AuthBrokerEnabled bool
|
||||
// TO REMOVE: Not documented & not supported. Remove in 10.3
|
||||
TagAuthedDevices bool
|
||||
|
||||
// AWS Plugin Auth
|
||||
AWSAllowedAuthProviders []string
|
||||
@ -1528,6 +1530,7 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
|
||||
// Do not use
|
||||
cfg.AuthConfigUIAdminAccess = auth.Key("config_ui_admin_access").MustBool(false)
|
||||
cfg.AuthBrokerEnabled = auth.Key("broker").MustBool(true)
|
||||
cfg.TagAuthedDevices = auth.Key("tag_authed_devices").MustBool(true)
|
||||
|
||||
cfg.DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
|
||||
DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)
|
||||
|
Loading…
Reference in New Issue
Block a user