From fc17ed351c859004dabf377b0e1a1b7d55362d44 Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Mon, 19 Sep 2016 16:48:07 -0400 Subject: [PATCH 1/6] support logging in with grafana.net credentials --- pkg/api/login.go | 1 + pkg/models/models.go | 1 + pkg/setting/setting_oauth.go | 2 +- pkg/social/grafananet_oauth.go | 112 ++++++++++++++++++++++ pkg/social/social.go | 30 +++++- public/app/core/controllers/login_ctrl.js | 8 +- public/app/partials/login.html | 7 +- public/sass/components/_search.scss | 2 +- public/sass/pages/_login.scss | 15 ++- 9 files changed, 171 insertions(+), 7 deletions(-) create mode 100644 pkg/social/grafananet_oauth.go diff --git a/pkg/api/login.go b/pkg/api/login.go index 789765ee01e..d1c571d8e0f 100644 --- a/pkg/api/login.go +++ b/pkg/api/login.go @@ -27,6 +27,7 @@ func LoginView(c *middleware.Context) { viewData.Settings["googleAuthEnabled"] = setting.OAuthService.Google viewData.Settings["githubAuthEnabled"] = setting.OAuthService.GitHub + viewData.Settings["grafanaNetAuthEnabled"] = setting.OAuthService.GrafanaNet viewData.Settings["genericOAuthEnabled"] = setting.OAuthService.Generic viewData.Settings["oauthProviderName"] = setting.OAuthService.OAuthProviderName viewData.Settings["disableUserSignUp"] = !setting.AllowUserSignUp diff --git a/pkg/models/models.go b/pkg/models/models.go index 5a53cfdabb3..3f4b27ed6ab 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -7,4 +7,5 @@ const ( GOOGLE TWITTER GENERIC + GRAFANANET ) diff --git a/pkg/setting/setting_oauth.go b/pkg/setting/setting_oauth.go index 71c4ade1468..540b32ad83e 100644 --- a/pkg/setting/setting_oauth.go +++ b/pkg/setting/setting_oauth.go @@ -11,7 +11,7 @@ type OAuthInfo struct { } type OAuther struct { - GitHub, Google, Twitter, Generic bool + GitHub, Google, Twitter, Generic, GrafanaNet bool OAuthInfos map[string]*OAuthInfo OAuthProviderName string } diff --git a/pkg/social/grafananet_oauth.go b/pkg/social/grafananet_oauth.go new file mode 100644 index 00000000000..05cc7c1f397 --- /dev/null +++ b/pkg/social/grafananet_oauth.go @@ -0,0 +1,112 @@ +package social + +import ( + "encoding/json" + "fmt" + "net/http" + "strconv" + + "github.com/grafana/grafana/pkg/models" + + "golang.org/x/oauth2" +) + +type SocialGrafanaNet struct { + *oauth2.Config + url string + allowedOrganizations []string + allowSignup bool +} + +func (s *SocialGrafanaNet) Type() int { + return int(models.GRAFANANET) +} + +func (s *SocialGrafanaNet) IsEmailAllowed(email string) bool { + return true +} + +func (s *SocialGrafanaNet) IsSignupAllowed() bool { + return s.allowSignup +} + +func (s *SocialGrafanaNet) IsOrganizationMember(client *http.Client) bool { + if len(s.allowedOrganizations) == 0 { + return true + } + + organizations, err := s.FetchOrganizations(client) + if err != nil { + return false + } + + for _, allowedOrganization := range s.allowedOrganizations { + for _, organization := range organizations { + if organization == allowedOrganization { + return true + } + } + } + + return false +} + +func (s *SocialGrafanaNet) FetchOrganizations(client *http.Client) ([]string, error) { + type Record struct { + Login string `json:"login"` + } + + url := fmt.Sprintf(s.url + "/api/oauth2/user/orgs") + r, err := client.Get(url) + if err != nil { + return nil, err + } + + defer r.Body.Close() + + var records []Record + + if err = json.NewDecoder(r.Body).Decode(&records); err != nil { + return nil, err + } + + var logins = make([]string, len(records)) + for i, record := range records { + logins[i] = record.Login + } + + return logins, nil +} + +func (s *SocialGrafanaNet) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) { + var data struct { + Id int `json:"id"` + Name string `json:"login"` + Email string `json:"email"` + } + + var err error + client := s.Client(oauth2.NoContext, token) + r, err := client.Get(s.url + "/api/oauth2/user") + if err != nil { + return nil, err + } + + defer r.Body.Close() + + if err = json.NewDecoder(r.Body).Decode(&data); err != nil { + return nil, err + } + + userInfo := &BasicUserInfo{ + Identity: strconv.Itoa(data.Id), + Name: data.Name, + Email: data.Email, + } + + if !s.IsOrganizationMember(client) { + return nil, ErrMissingOrganizationMembership + } + + return userInfo, nil +} diff --git a/pkg/social/social.go b/pkg/social/social.go index 66d0f5fa778..83e5aa19b43 100644 --- a/pkg/social/social.go +++ b/pkg/social/social.go @@ -36,7 +36,7 @@ func NewOAuthService() { setting.OAuthService = &setting.OAuther{} setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo) - allOauthes := []string{"github", "google", "generic_oauth"} + allOauthes := []string{"github", "google", "generic_oauth", "grafananet"} for _, name := range allOauthes { sec := setting.Cfg.Section("auth." + name) @@ -108,5 +108,33 @@ func NewOAuthService() { allowedOrganizations: allowedOrganizations, } } + + if name == "grafananet" { + setting.OAuthService.GrafanaNet = true + allowedOrganizations := sec.Key("allowed_organizations").Strings(" ") + + url := sec.Key("url").String() + if url == "" { + url = "https://grafana.net" + } + + config := oauth2.Config{ + ClientID: info.ClientId, + ClientSecret: info.ClientSecret, + Endpoint: oauth2.Endpoint{ + AuthURL: url + "/oauth2/authorize", + TokenURL: url + "/api/oauth2/token", + }, + RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name, + Scopes: info.Scopes, + } + + SocialMap["grafananet"] = &SocialGrafanaNet{ + Config: &config, + url: url, + allowSignup: info.AllowSignup, + allowedOrganizations: allowedOrganizations, + } + } } } diff --git a/public/app/core/controllers/login_ctrl.js b/public/app/core/controllers/login_ctrl.js index 3f31407f454..ee5a1832420 100644 --- a/public/app/core/controllers/login_ctrl.js +++ b/public/app/core/controllers/login_ctrl.js @@ -17,7 +17,13 @@ function (angular, coreModule, config) { $scope.googleAuthEnabled = config.googleAuthEnabled; $scope.githubAuthEnabled = config.githubAuthEnabled; - $scope.oauthEnabled = config.githubAuthEnabled || config.googleAuthEnabled || config.genericOAuthEnabled; + $scope.grafanaNetAuthEnabled = config.grafanaNetAuthEnabled; + $scope.oauthEnabled = ( + config.githubAuthEnabled + || config.googleAuthEnabled + || config.grafanaNetAuthEnabled + || config.genericOAuthEnabled + ); $scope.allowUserPassLogin = config.allowUserPassLogin; $scope.genericOAuthEnabled = config.genericOAuthEnabled; $scope.oauthProviderName = config.oauthProviderName; diff --git a/public/app/partials/login.html b/public/app/partials/login.html index f4f5fb26d7e..d9bf7ecdb18 100644 --- a/public/app/partials/login.html +++ b/public/app/partials/login.html @@ -59,10 +59,13 @@ with Github + + with Grafana.net + - with {{oauthProviderName || "OAuth 2"}} - + with {{oauthProviderName || "OAuth 2"}} + diff --git a/public/sass/components/_search.scss b/public/sass/components/_search.scss index 563f89919e5..2eeb34ec0b4 100644 --- a/public/sass/components/_search.scss +++ b/public/sass/components/_search.scss @@ -111,7 +111,7 @@ font-size: $font-size-sm; padding-right: 7rem; background: url(../img/grafana_net_logo.svg); - background-size: 6.5rem 3rem; + background-size: 6.5rem; background-repeat: no-repeat; background-position: right; position: relative; diff --git a/public/sass/pages/_login.scss b/public/sass/pages/_login.scss index 8f376dfae71..8641aabe1b1 100644 --- a/public/sass/pages/_login.scss +++ b/public/sass/pages/_login.scss @@ -112,6 +112,19 @@ background: #555; color: white; } + + .btn-grafana-net { + background: url(../img/grafana_net_logo.svg); + background-size: 10rem; + background-repeat: no-repeat; + background-position: right 35%; + overflow: hidden; + padding-right: 10.5rem; + + span { + display: none; + } + } } .password-recovery { @@ -157,7 +170,7 @@ .invite-box { text-align: center; border: 1px solid $tight-form-func-bg; - background-color: $panel-bg; + background-color: $panel-bg; max-width: 800px; margin-left: auto; margin-right: auto; From dcd96c90e2128bf62f9933c3e3b439df640360ac Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Tue, 20 Sep 2016 10:09:20 -0400 Subject: [PATCH 2/6] add grafana.net auth section to defaults.ini, normalize section heading line lengths --- conf/defaults.ini | 49 ++++++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/conf/defaults.ini b/conf/defaults.ini index 53a034bfeaa..92a0cf10b8c 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -9,7 +9,7 @@ app_mode = production # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty instance_name = ${HOSTNAME} -#################################### Paths #################################### +#################################### Paths ############################### [paths] # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) # @@ -23,7 +23,7 @@ logs = data/log # plugins = data/plugins -#################################### Server #################################### +#################################### Server ############################## [server] # Protocol (http or https) protocol = http @@ -57,7 +57,7 @@ enable_gzip = false cert_file = cert_key = -#################################### Database #################################### +#################################### Database ############################ [database] # You can configure the database connection by specifying type, host, name, user and password # as seperate properties or as on string using the url propertie. @@ -84,7 +84,7 @@ server_cert_name = # For "sqlite3" only, path relative to data_path setting path = grafana.db -#################################### Session #################################### +#################################### Session ############################# [session] # Either "memory", "file", "redis", "mysql", "postgres", "memcache", default is "file" provider = file @@ -112,7 +112,7 @@ cookie_secure = false session_life_time = 86400 gc_interval_time = 86400 -#################################### Analytics #################################### +#################################### Analytics ########################### [analytics] # Server reporting, sends usage counters to stats.grafana.org every 24 hours. # No ip addresses are being tracked, only simple counters to track @@ -133,7 +133,7 @@ google_analytics_ua_id = # Google Tag Manager ID, only enabled if you specify an id here google_tag_manager_id = -#################################### Security #################################### +#################################### Security ############################ [security] # default admin user, created on startup admin_user = admin @@ -161,7 +161,7 @@ external_enabled = true external_snapshot_url = https://snapshots-origin.raintank.io external_snapshot_name = Publish to snapshot.raintank.io -#################################### Users #################################### +#################################### Users ############################### [users] # disable user signup / registration allow_sign_up = true @@ -187,7 +187,7 @@ default_theme = dark # Allow users to sign in using username and password allow_user_pass_login = true -#################################### Anonymous Auth ########################## +#################################### Anonymous Auth ###################### [auth.anonymous] # enable anonymous access enabled = false @@ -198,7 +198,7 @@ org_name = Main Org. # specify role for unauthenticated users org_role = Viewer -#################################### Github Auth ########################## +#################################### Github Auth ######################### [auth.github] enabled = false allow_sign_up = false @@ -211,7 +211,7 @@ api_url = https://api.github.com/user team_ids = allowed_organizations = -#################################### Google Auth ########################## +#################################### Google Auth ######################### [auth.google] enabled = false allow_sign_up = false @@ -223,7 +223,16 @@ token_url = https://accounts.google.com/o/oauth2/token api_url = https://www.googleapis.com/oauth2/v1/userinfo allowed_domains = -#################################### Generic OAuth ########################## +#################################### Grafana.net Auth #################### +[auth.grafananet] +enabled = false +allow_sign_up = false +client_id = some_id +client_secret = some_secret +scopes = user:email +allowed_organizations = + +#################################### Generic OAuth ####################### [auth.generic_oauth] enabled = false allow_sign_up = false @@ -247,12 +256,12 @@ header_name = X-WEBAUTH-USER header_property = username auto_sign_up = true -#################################### Auth LDAP ########################## +#################################### Auth LDAP ########################### [auth.ldap] enabled = false config_file = /etc/grafana/ldap.toml -#################################### SMTP / Emailing ########################## +#################################### SMTP / Emailing ##################### [smtp] enabled = false host = localhost:25 @@ -267,7 +276,7 @@ from_address = admin@grafana.localhost welcome_email_on_sign_up = false templates_pattern = emails/*.html -#################################### Logging ########################## +#################################### Logging ############################# [log] # Either "console", "file", "syslog". Default is console and file # Use space to separate multiple modes, e.g. "console file" @@ -322,18 +331,18 @@ facility = tag = -#################################### AMQP Event Publisher ########################## +#################################### AMQP Event Publisher ################ [event_publisher] enabled = false rabbitmq_url = amqp://localhost/ exchange = grafana_events -#################################### Dashboard JSON files ########################## +#################################### Dashboard JSON files ################ [dashboards.json] enabled = false path = /var/lib/grafana/dashboards -#################################### Usage Quotas ########################## +#################################### Usage Quotas ######################## [quota] enabled = false @@ -368,7 +377,7 @@ global_api_key = -1 # global limit on number of logged in users. global_session = -1 -#################################### Alerting ###################################### +#################################### Alerting ############################ # docs about alerting can be found in /docs/sources/alerting/ # __.-/| # \`o_O' @@ -387,7 +396,7 @@ global_session = -1 [alerting] enabled = true -#################################### Internal Grafana Metrics ########################## +#################################### Internal Grafana Metrics ############ # Metrics available at HTTP API Url /api/metrics [metrics] enabled = true @@ -402,7 +411,7 @@ prefix = prod.grafana.%(instance_name)s. [grafana_net] url = https://grafana.net -#################################### External image storage ########################## +#################################### External Image Storage ############## [external_image_storage] # You can choose between (s3, webdav or internal) provider = s3 From da95a23080963a39bcb28c1513e385b0fef6e910 Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Tue, 20 Sep 2016 11:36:13 -0400 Subject: [PATCH 3/6] remove 'Github' from oauth login error messages --- pkg/api/login_oauth.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go index 6512a827341..eab8d869951 100644 --- a/pkg/api/login_oauth.go +++ b/pkg/api/login_oauth.go @@ -46,9 +46,9 @@ func OAuthLogin(ctx *middleware.Context) { userInfo, err := connect.UserInfo(token) if err != nil { if err == social.ErrMissingTeamMembership { - ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github team membership not fulfilled")) + ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required team membership not fulfilled")) } else if err == social.ErrMissingOrganizationMembership { - ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github organization membership not fulfilled")) + ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required organization membership not fulfilled")) } else { ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err) } From 630a8ed8aa2508adc14453fab8b7cf04aeab7e59 Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Tue, 20 Sep 2016 12:36:36 -0400 Subject: [PATCH 4/6] support setting default org role when adding user via grafana.net auth --- pkg/api/login_oauth.go | 9 +++++---- pkg/models/user.go | 19 ++++++++++--------- pkg/services/sqlstore/user.go | 6 +++++- pkg/social/grafananet_oauth.go | 2 ++ pkg/social/social.go | 1 + 5 files changed, 23 insertions(+), 14 deletions(-) diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go index eab8d869951..07cf70a96e3 100644 --- a/pkg/api/login_oauth.go +++ b/pkg/api/login_oauth.go @@ -83,10 +83,11 @@ func OAuthLogin(ctx *middleware.Context) { return } cmd := m.CreateUserCommand{ - Login: userInfo.Email, - Email: userInfo.Email, - Name: userInfo.Name, - Company: userInfo.Company, + Login: userInfo.Email, + Email: userInfo.Email, + Name: userInfo.Name, + Company: userInfo.Company, + DefaultOrgRole: userInfo.Role, } if err = bus.Dispatch(&cmd); err != nil { diff --git a/pkg/models/user.go b/pkg/models/user.go index a231156b7b0..d2dcdf0a5c9 100644 --- a/pkg/models/user.go +++ b/pkg/models/user.go @@ -44,15 +44,16 @@ func (u *User) NameOrFallback() string { // COMMANDS type CreateUserCommand struct { - Email string - Login string - Name string - Company string - OrgName string - Password string - EmailVerified bool - IsAdmin bool - SkipOrgSetup bool + Email string + Login string + Name string + Company string + OrgName string + Password string + EmailVerified bool + IsAdmin bool + SkipOrgSetup bool + DefaultOrgRole string Result User } diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go index 3dc685cd7e5..bbf21296519 100644 --- a/pkg/services/sqlstore/user.go +++ b/pkg/services/sqlstore/user.go @@ -128,7 +128,11 @@ func CreateUser(cmd *m.CreateUserCommand) error { } if setting.AutoAssignOrg && !user.IsAdmin { - orgUser.Role = m.RoleType(setting.AutoAssignOrgRole) + if len(cmd.DefaultOrgRole) > 0 { + orgUser.Role = m.RoleType(cmd.DefaultOrgRole) + } else { + orgUser.Role = m.RoleType(setting.AutoAssignOrgRole) + } } if _, err = sess.Insert(&orgUser); err != nil { diff --git a/pkg/social/grafananet_oauth.go b/pkg/social/grafananet_oauth.go index 05cc7c1f397..80c1aaedb45 100644 --- a/pkg/social/grafananet_oauth.go +++ b/pkg/social/grafananet_oauth.go @@ -83,6 +83,7 @@ func (s *SocialGrafanaNet) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) Id int `json:"id"` Name string `json:"login"` Email string `json:"email"` + Role string `json:"role"` } var err error @@ -102,6 +103,7 @@ func (s *SocialGrafanaNet) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) Identity: strconv.Itoa(data.Id), Name: data.Name, Email: data.Email, + Role: data.Role, } if !s.IsOrganizationMember(client) { diff --git a/pkg/social/social.go b/pkg/social/social.go index 83e5aa19b43..fc29fe9c5d2 100644 --- a/pkg/social/social.go +++ b/pkg/social/social.go @@ -15,6 +15,7 @@ type BasicUserInfo struct { Email string Login string Company string + Role string } type SocialConnector interface { From 248ed2672ff630634052fff6b0d3ec72ff4e60d4 Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Wed, 21 Sep 2016 09:42:06 -0400 Subject: [PATCH 5/6] remove 'Github' from oauth login error messages --- public/app/core/controllers/login_ctrl.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public/app/core/controllers/login_ctrl.js b/public/app/core/controllers/login_ctrl.js index debdacb5704..ea4bbd515fa 100644 --- a/public/app/core/controllers/login_ctrl.js +++ b/public/app/core/controllers/login_ctrl.js @@ -7,8 +7,8 @@ function (angular, coreModule, config) { 'use strict'; var failCodes = { - "1000": "Required Github team membership not fulfilled", - "1001": "Required Github organization membership not fulfilled", + "1000": "Required team membership not fulfilled", + "1001": "Required organization membership not fulfilled", "1002": "Required email domain not fulfilled", }; From e5fc4332cdb3b3ce1943910ba44cecd41ca9ecd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torkel=20=C3=96degaard?= Date: Wed, 28 Sep 2016 15:10:50 +0200 Subject: [PATCH 6/6] feat(oauth): refactoring PR #6077 --- pkg/api/login.go | 11 ++++---- pkg/setting/setting_oauth.go | 5 ++-- pkg/social/social.go | 33 +++++++---------------- public/app/core/controllers/login_ctrl.js | 17 ++++-------- public/app/partials/login.html | 10 +++---- 5 files changed, 27 insertions(+), 49 deletions(-) diff --git a/pkg/api/login.go b/pkg/api/login.go index d1c571d8e0f..c3dea616abf 100644 --- a/pkg/api/login.go +++ b/pkg/api/login.go @@ -25,11 +25,12 @@ func LoginView(c *middleware.Context) { return } - viewData.Settings["googleAuthEnabled"] = setting.OAuthService.Google - viewData.Settings["githubAuthEnabled"] = setting.OAuthService.GitHub - viewData.Settings["grafanaNetAuthEnabled"] = setting.OAuthService.GrafanaNet - viewData.Settings["genericOAuthEnabled"] = setting.OAuthService.Generic - viewData.Settings["oauthProviderName"] = setting.OAuthService.OAuthProviderName + enabledOAuths := make(map[string]interface{}) + for key, oauth := range setting.OAuthService.OAuthInfos { + enabledOAuths[key] = map[string]string{"name": oauth.Name} + } + + viewData.Settings["oauth"] = enabledOAuths viewData.Settings["disableUserSignUp"] = !setting.AllowUserSignUp viewData.Settings["loginHint"] = setting.LoginHint viewData.Settings["allowUserPassLogin"] = setting.AllowUserPassLogin diff --git a/pkg/setting/setting_oauth.go b/pkg/setting/setting_oauth.go index 63d0da928e3..8d51343e635 100644 --- a/pkg/setting/setting_oauth.go +++ b/pkg/setting/setting_oauth.go @@ -8,12 +8,11 @@ type OAuthInfo struct { AllowedDomains []string ApiUrl string AllowSignup bool + Name string } type OAuther struct { - GitHub, Google, Twitter, Generic, GrafanaNet bool - OAuthInfos map[string]*OAuthInfo - OAuthProviderName string + OAuthInfos map[string]*OAuthInfo } var OAuthService *OAuther diff --git a/pkg/social/social.go b/pkg/social/social.go index fc29fe9c5d2..4dbc70d71a9 100644 --- a/pkg/social/social.go +++ b/pkg/social/social.go @@ -51,6 +51,7 @@ func NewOAuthService() { Enabled: sec.Key("enabled").MustBool(), AllowedDomains: sec.Key("allowed_domains").Strings(" "), AllowSignup: sec.Key("allow_sign_up").MustBool(), + Name: sec.Key("name").MustString(name), } if !info.Enabled { @@ -71,22 +72,18 @@ func NewOAuthService() { // GitHub. if name == "github" { - setting.OAuthService.GitHub = true - teamIds := sec.Key("team_ids").Ints(",") - allowedOrganizations := sec.Key("allowed_organizations").Strings(" ") SocialMap["github"] = &SocialGithub{ Config: &config, allowedDomains: info.AllowedDomains, apiUrl: info.ApiUrl, allowSignup: info.AllowSignup, - teamIds: teamIds, - allowedOrganizations: allowedOrganizations, + teamIds: sec.Key("team_ids").Ints(","), + allowedOrganizations: sec.Key("allowed_organizations").Strings(" "), } } // Google. if name == "google" { - setting.OAuthService.Google = true SocialMap["google"] = &SocialGoogle{ Config: &config, allowedDomains: info.AllowedDomains, apiUrl: info.ApiUrl, @@ -96,35 +93,23 @@ func NewOAuthService() { // Generic - Uses the same scheme as Github. if name == "generic_oauth" { - setting.OAuthService.Generic = true - setting.OAuthService.OAuthProviderName = sec.Key("oauth_provider_name").String() - teamIds := sec.Key("team_ids").Ints(",") - allowedOrganizations := sec.Key("allowed_organizations").Strings(" ") SocialMap["generic_oauth"] = &GenericOAuth{ Config: &config, allowedDomains: info.AllowedDomains, apiUrl: info.ApiUrl, allowSignup: info.AllowSignup, - teamIds: teamIds, - allowedOrganizations: allowedOrganizations, + teamIds: sec.Key("team_ids").Ints(","), + allowedOrganizations: sec.Key("allowed_organizations").Strings(" "), } } if name == "grafananet" { - setting.OAuthService.GrafanaNet = true - allowedOrganizations := sec.Key("allowed_organizations").Strings(" ") - - url := sec.Key("url").String() - if url == "" { - url = "https://grafana.net" - } - config := oauth2.Config{ ClientID: info.ClientId, ClientSecret: info.ClientSecret, Endpoint: oauth2.Endpoint{ - AuthURL: url + "/oauth2/authorize", - TokenURL: url + "/api/oauth2/token", + AuthURL: setting.GrafanaNetUrl + "/oauth2/authorize", + TokenURL: setting.GrafanaNetUrl + "/api/oauth2/token", }, RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name, Scopes: info.Scopes, @@ -132,9 +117,9 @@ func NewOAuthService() { SocialMap["grafananet"] = &SocialGrafanaNet{ Config: &config, - url: url, + url: setting.GrafanaNetUrl, allowSignup: info.AllowSignup, - allowedOrganizations: allowedOrganizations, + allowedOrganizations: sec.Key("allowed_organizations").Strings(" "), } } } diff --git a/public/app/core/controllers/login_ctrl.js b/public/app/core/controllers/login_ctrl.js index ea4bbd515fa..8a336c16086 100644 --- a/public/app/core/controllers/login_ctrl.js +++ b/public/app/core/controllers/login_ctrl.js @@ -1,9 +1,10 @@ define([ 'angular', + 'lodash', '../core_module', 'app/core/config', ], -function (angular, coreModule, config) { +function (angular, _, coreModule, config) { 'use strict'; var failCodes = { @@ -21,18 +22,10 @@ function (angular, coreModule, config) { contextSrv.sidemenu = false; - $scope.googleAuthEnabled = config.googleAuthEnabled; - $scope.githubAuthEnabled = config.githubAuthEnabled; - $scope.grafanaNetAuthEnabled = config.grafanaNetAuthEnabled; - $scope.oauthEnabled = ( - config.githubAuthEnabled - || config.googleAuthEnabled - || config.grafanaNetAuthEnabled - || config.genericOAuthEnabled - ); + $scope.oauth = config.oauth; + $scope.oauthEnabled = _.keys(config.oauth).length > 0; + $scope.allowUserPassLogin = config.allowUserPassLogin; - $scope.genericOAuthEnabled = config.genericOAuthEnabled; - $scope.oauthProviderName = config.oauthProviderName; $scope.disableUserSignUp = config.disableUserSignUp; $scope.loginHint = config.loginHint; diff --git a/public/app/partials/login.html b/public/app/partials/login.html index d9bf7ecdb18..648632fe1c4 100644 --- a/public/app/partials/login.html +++ b/public/app/partials/login.html @@ -51,20 +51,20 @@