IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthN: Post login hooks (#61287)

Browse Source 
* AuthN: add the ability to register post login hooks

* AuthN: add a guard for the user id

* AuthN: Add helper to create external user info from identity

* AuthN: Pass auth request to password clients

* AuthN: set auth module and username in metadata
This commit is contained in:
Karl Persson
2023-01-12 15:02:04 +01:00
committed by GitHub
parent 4b13a5a9ab
commit 3e8857acb8
8 changed files with 90 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/services/authn/authnimpl/service.go
View File

@@ -96,6 +96,8 @@ type Service struct {
// postAuthHooks are called after a successful authentication. They can modify the identity.
postAuthHooks []authn.PostAuthHookFn
// postLoginHooks are called after a login request is performed, both for failing and successful requests.
postLoginHooks []authn.PostLoginHookFn
}
func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Request) (*authn.Identity, bool, error) {
@@ -130,12 +132,23 @@ func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Requ
return identity, true, nil
}
func (s *Service) Login(ctx context.Context, client string, r *authn.Request) (*authn.Identity, error) {
identity, ok, err := s.Authenticate(ctx, client, r)
func (s *Service) RegisterPostAuthHook(hook authn.PostAuthHookFn) {
s.postAuthHooks = append(s.postAuthHooks, hook)
}
func (s *Service) Login(ctx context.Context, client string, r *authn.Request) (identity *authn.Identity, err error) {
var ok bool
identity, ok, err = s.Authenticate(ctx, client, r)
if !ok {
return nil, authn.ErrClientNotConfigured.Errorf("client not configured: %s", client)
}
defer func() {
for _, hook := range s.postLoginHooks {
hook(ctx, identity, r, err)
}
}()
if err != nil {
return nil, err
}
@@ -143,7 +156,7 @@ func (s *Service) Login(ctx context.Context, client string, r *authn.Request) (*
namespace, id := identity.NamespacedID()
// Login is only supported for users
if namespace != authn.NamespaceUser {
if namespace != authn.NamespaceUser || id <= 0 {
return nil, authn.ErrUnsupportedIdentity.Errorf("expected identity of type user but got: %s", namespace)
}
@@ -158,14 +171,12 @@ func (s *Service) Login(ctx context.Context, client string, r *authn.Request) (*
return nil, err
}
// FIXME: add login hooks to replace the one used in HookService
identity.SessionToken = sessionToken
return identity, nil
}
func (s *Service) RegisterPostAuthHook(hook authn.PostAuthHookFn) {
s.postAuthHooks = append(s.postAuthHooks, hook)
func (s *Service) RegisterPostLoginHook(hook authn.PostLoginHookFn) {
s.postLoginHooks = append(s.postLoginHooks, hook)
}
func orgIDFromRequest(r *authn.Request) int64 {