IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

moves rotation into auth since both happens before c.Next()

Browse Source
This commit is contained in:
bergquist 2019-01-21 08:59:01 +01:00
parent fd937e3d95
commit 47a7d93fd9
2 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
pkg/middleware/middleware.go
View File

@ -61,28 +61,6 @@ func GetContextHandler(ats *auth.UserAuthTokenService) macaron.Handler {
c.Map(ctx) c.Map(ctx)
//if signed in with token
rotated, err := ats.RefreshToken(ctx.UserToken, ctx.RemoteAddr(), ctx.Req.UserAgent())
if err != nil {
ctx.Logger.Error("failed to rotate token", "error", err)
return
}
if rotated {
ctx.Logger.Info("new token", "unhashed token", ctx.UserToken.UnhashedToken)
ctx.Resp.Header().Del("Set-Cookie")
cookie := http.Cookie{
Name: "grafana_session",
Value: url.QueryEscape(ctx.UserToken.UnhashedToken),
HttpOnly: true,
//MaxAge: 600,
Domain: setting.Domain,
Path: setting.AppSubUrl + "/",
}
ctx.Resp.Header().Add("Set-Cookie", cookie.String())
}
// update last seen every 5min // update last seen every 5min
if ctx.ShouldUpdateLastSeenAt() { if ctx.ShouldUpdateLastSeenAt() {
ctx.Logger.Debug("Updating last user_seen_at", "user_id", ctx.UserId) ctx.Logger.Debug("Updating last user_seen_at", "user_id", ctx.UserId)
@ -114,6 +92,7 @@ func initContextWithAnonymousUser(ctx *m.ReqContext) bool {
} }
func initContextWithToken(ctx *m.ReqContext, orgID int64, ts *auth.UserAuthTokenService) bool { func initContextWithToken(ctx *m.ReqContext, orgID int64, ts *auth.UserAuthTokenService) bool {
//auth User
unhashedToken := ctx.GetCookie("grafana_session") unhashedToken := ctx.GetCookie("grafana_session")
if unhashedToken == "" { if unhashedToken == "" {
return false return false
@ -135,6 +114,27 @@ func initContextWithToken(ctx *m.ReqContext, orgID int64, ts *auth.UserAuthToken
ctx.IsSignedIn = true ctx.IsSignedIn = true
ctx.UserToken = user ctx.UserToken = user
//rotate session token if needed.
rotated, err := ts.RefreshToken(ctx.UserToken, ctx.RemoteAddr(), ctx.Req.UserAgent())
if err != nil {
ctx.Logger.Error("failed to rotate token", "error", err, "user.id", user.UserId, "user_token.id", user.Id)
return true
}
if rotated {
ctx.Logger.Info("new token", "unhashed token", ctx.UserToken.UnhashedToken)
ctx.Resp.Header().Del("Set-Cookie")
cookie := http.Cookie{
Name: "grafana_session",
Value: url.QueryEscape(ctx.UserToken.UnhashedToken),
HttpOnly: true,
Domain: setting.Domain,
Path: setting.AppSubUrl + "/",
}
ctx.Resp.Header().Add("Set-Cookie", cookie.String())
}
return true return true
} }

4
pkg/services/auth/auth_token.go
View File

@ -190,7 +190,7 @@ func (s *UserAuthTokenService) RefreshToken(token *models.UserAuthToken, clientI
needsRotation = rotatedAt.Before(now().Add(time.Duration(-30) * time.Second)) needsRotation = rotatedAt.Before(now().Add(time.Duration(-30) * time.Second))
} }
s.log.Info("refresh token", "needs rotation?", needsRotation, "auth_token_seen", token.AuthTokenSeen, "rotated_at", rotatedAt, "token.Id", token.Id) s.log.Debug("refresh token", "needs rotation?", needsRotation, "auth_token_seen", token.AuthTokenSeen, "rotated_at", rotatedAt, "token.Id", token.Id)
if !needsRotation { if !needsRotation {
return false, nil return false, nil
} }
@ -216,7 +216,7 @@ func (s *UserAuthTokenService) RefreshToken(token *models.UserAuthToken, clientI
} }
affected, _ := res.RowsAffected() affected, _ := res.RowsAffected()
s.log.Info("rotated", "affected", affected, "auth_token_id", token.Id, "userId", token.UserId, "user_agent", userAgent, "client_ip", clientIP) s.log.Debug("rotated", "affected", affected, "auth_token_id", token.Id, "userId", token.UserId, "user_agent", userAgent, "client_ip", clientIP)
if affected > 0 { if affected > 0 {
token.UnhashedToken = newToken token.UnhashedToken = newToken
return true, nil return true, nil