IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

support additional fields in authproxy (#11661)

Browse Source
This commit is contained in:
Dan Cech 2018-05-07 04:39:16 -04:00 committed by Torkel Ödegaard
parent b4ad044044
commit 543c7fe587
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/sources/installation/configuration.md
View File

@ -659,6 +659,10 @@ Set to `true` to enable auto sign up of users who do not exist in Grafana DB. De
Limit where auth proxy requests come from by configuring a list of IP addresses. This can be used to prevent users spoofing the X-WEBAUTH-USER header. Limit where auth proxy requests come from by configuring a list of IP addresses. This can be used to prevent users spoofing the X-WEBAUTH-USER header.
### headers
Used to define additional headers for `Name`, `Email` and/or `Login`, for example if the user's name is sent in the X-WEBAUTH-NAME header and their email address in the X-WEBAUTH-EMAIL header, set `headers = Name:X-WEBAUTH-NAME Email:X-WEBAUTH-EMAIL`.
<hr> <hr>
## [session] ## [session]

11
pkg/middleware/auth_proxy.go
View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"net" "net"
"net/mail" "net/mail"
"reflect"
"strings" "strings"
"time" "time"
@ -111,6 +112,16 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool {
return true return true
} }
for _, field := range []string{"Name", "Email", "Login"} {
if setting.AuthProxyHeaders[field] == "" {
continue
}
if val := ctx.Req.Header.Get(setting.AuthProxyHeaders[field]); val != "" {
reflect.ValueOf(extUser).Elem().FieldByName(field).SetString(val)
}
}
// add/update user in grafana // add/update user in grafana
cmd := &m.UpsertUserCommand{ cmd := &m.UpsertUserCommand{
ReqContext: ctx, ReqContext: ctx,

9
pkg/setting/setting.go
View File

@ -125,6 +125,7 @@ var (
AuthProxyAutoSignUp bool AuthProxyAutoSignUp bool
AuthProxyLdapSyncTtl int AuthProxyLdapSyncTtl int
AuthProxyWhitelist string AuthProxyWhitelist string
AuthProxyHeaders map[string]string
// Basic Auth // Basic Auth
BasicAuthEnabled bool BasicAuthEnabled bool
@ -611,6 +612,14 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
AuthProxyLdapSyncTtl = authProxy.Key("ldap_sync_ttl").MustInt() AuthProxyLdapSyncTtl = authProxy.Key("ldap_sync_ttl").MustInt()
AuthProxyWhitelist = authProxy.Key("whitelist").String() AuthProxyWhitelist = authProxy.Key("whitelist").String()
AuthProxyHeaders = make(map[string]string)
for _, propertyAndHeader := range util.SplitString(authProxy.Key("headers").String()) {
split := strings.SplitN(propertyAndHeader, ":", 2)
if len(split) == 2 {
AuthProxyHeaders[split[0]] = split[1]
}
}
// basic auth // basic auth
authBasic := iniFile.Section("auth.basic") authBasic := iniFile.Section("auth.basic")
BasicAuthEnabled = authBasic.Key("enabled").MustBool(true) BasicAuthEnabled = authBasic.Key("enabled").MustBool(true)