IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158)

Browse Source 
If anonymous access is enabled for an org and there are multiple
orgs. When requesting a page that requires user to be logged in
and orgId query string is set in the request url to an org not
equal the anonymous org, if the user is not logged in should
be redirected to the login page.

Fixes #26120

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
This commit is contained in:
Marcus Efraimsson
2020-10-23 16:34:35 +02:00
committed by GitHub
parent 090c683fea
commit 3be82ecd4e
3 changed files with 65 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/middleware/auth.go
View File

@@ -94,6 +94,14 @@ func Auth(options *AuthOptions) macaron.Handler {
if err == nil {
forceLogin = forceLoginParam
}
if !forceLogin {
orgIDValue := c.Req.URL.Query().Get("orgId")
orgID, err := strconv.ParseInt(orgIDValue, 10, 64)
if err == nil && orgID > 0 && orgID != c.OrgId {
forceLogin = true
}
}
}
requireLogin := !c.AllowAnonymous || forceLogin
if !c.IsSignedIn && options.ReqSignedIn && requireLogin {