IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authn: Fix password client fallthrough (#63244)

Browse Source 
* fix password client fallthrough

* fix grafana client String
This commit is contained in:
Jo
2023-02-12 14:42:47 +01:00
committed by GitHub
parent 6ca9e5b440
commit 554dc9b97d
4 changed files with 24 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/services/authn/clients/password.go
View File

@@ -4,6 +4,9 @@ import (
"context"
"errors"
"github.com/hashicorp/go-multierror"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/loginattempt"
"github.com/grafana/grafana/pkg/util/errutil"
@@ -20,12 +23,13 @@ var (
var _ authn.PasswordClient = new(Password)
func ProvidePassword(loginAttempts loginattempt.Service, clients ...authn.PasswordClient) *Password {
return &Password{loginAttempts, clients}
return &Password{loginAttempts, clients, log.New("authn.password")}
}
type Password struct {
loginAttempts loginattempt.Service
clients []authn.PasswordClient
log log.Logger
}
func (c *Password) AuthenticatePassword(ctx context.Context, r *authn.Request, username, password string) (*authn.Identity, error) {
@@ -43,25 +47,22 @@ func (c *Password) AuthenticatePassword(ctx context.Context, r *authn.Request, u
return nil, errEmptyPassword.Errorf("no password provided")
}
var clientErr error
var clientErrs error
for _, pwClient := range c.clients {
var identity *authn.Identity
identity, clientErr = pwClient.AuthenticatePassword(ctx, r, username, password)
identity, clientErr := pwClient.AuthenticatePassword(ctx, r, username, password)
clientErrs = multierror.Append(clientErrs, clientErr)
// for invalid password or if the identity is not found by a client continue to next one
if errors.Is(clientErr, errInvalidPassword) || errors.Is(clientErr, errIdentityNotFound) {
continue
}
if clientErr != nil {
return nil, errPasswordAuthFailed.Errorf("failed to authenticate identity: %w", clientErr)
c.log.Warn("failed to authenticate password identity", "client", pwClient, "error", clientErr)
continue
}
return identity, nil
}
if errors.Is(clientErr, errInvalidPassword) {
if errors.Is(clientErrs, errInvalidPassword) {
_ = c.loginAttempts.Add(ctx, username, web.RemoteAddr(r.HTTPRequest))
}
return nil, errPasswordAuthFailed.Errorf("failed to authenticate identity: %w", clientErr)
return nil, errPasswordAuthFailed.Errorf("failed to authenticate identity: %w", clientErrs)
}