IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthProxy: Fix user retrieval through cache (#73802)

Browse Source 
* AuthProxy: Change auth proxy sync cache key
This commit is contained in:
Karl Persson 2023-08-25 13:59:45 +02:00 committed by GitHub
parent 917f4e9918
commit 5d14b6ba19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
pkg/services/authn/clients/proxy.go
View File

@ -2,12 +2,12 @@ package clients
import (
"context"
"encoding/binary"
"encoding/hex"
"fmt"
"hash/fnv"
"net"
"path"
"strconv"
"strings"
"time"
@ -26,7 +26,7 @@ const (
proxyFieldLogin = "Login"
proxyFieldRole = "Role"
proxyFieldGroups = "Groups"
proxyCachePrefix = "auth-proxy-sync-ttl"
proxyCachePrefix = "authn-proxy-sync-ttl"
)
var proxyFields = [...]string{proxyFieldName, proxyFieldEmail, proxyFieldLogin, proxyFieldRole, proxyFieldGroups}
@ -85,22 +85,25 @@ func (c *Proxy) Authenticate(ctx context.Context, r *authn.Request) (*authn.Iden
// See if we have cached the user id, in that case we can fetch the signed-in user and skip sync.
// Error here means that we could not find anything in cache, so we can proceed as usual
if entry, err := c.cache.Get(ctx, cacheKey); err == nil {
uid := int64(binary.LittleEndian.Uint64(entry))
usr, err := c.userSrv.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{
UserID: uid,
OrgID: r.OrgID,
})
uid, err := strconv.ParseInt(string(entry), 10, 64)
if err != nil {
c.log.FromContext(ctx).Warn("Could not resolved cached user", "error", err, "userId", string(entry))
}
c.log.FromContext(ctx).Warn("failed to parse user id from cache", "error", err, "userId", string(entry))
} else {
usr, err := c.userSrv.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{
UserID: uid,
OrgID: r.OrgID,
})
// if we for some reason cannot find the user we proceed with the normal flow, authenticate with ProxyClient
// and perform syncs
if usr != nil {
c.log.FromContext(ctx).Debug("User was loaded from cache, skip syncs", "userId", usr.UserID)
return authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceUser, usr.UserID), usr, authn.ClientParams{SyncPermissions: true}, login.AuthProxyAuthModule), nil
if err != nil {
c.log.FromContext(ctx).Warn("Could not resolved cached user", "error", err, "userId", string(entry))
}
// if we for some reason cannot find the user we proceed with the normal flow, authenticate with ProxyClient
// and perform syncs
if usr != nil {
c.log.FromContext(ctx).Debug("User was loaded from cache, skip syncs", "userId", usr.UserID)
return authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceUser, usr.UserID), usr, authn.ClientParams{SyncPermissions: true}, login.AuthProxyAuthModule), nil
}
}
}
}
@ -137,8 +140,7 @@ func (c *Proxy) Hook(ctx context.Context, identity *authn.Identity, r *authn.Req
}
c.log.FromContext(ctx).Debug("Cache proxy user", "userId", id)
bytes := make([]byte, 8)
binary.LittleEndian.PutUint64(bytes, uint64(id))
bytes := []byte(strconv.FormatInt(id, 10))
if err := c.cache.Set(ctx, identity.ClientParams.CacheAuthProxyKey, bytes, time.Duration(c.cfg.AuthProxySyncTTL)*time.Minute); err != nil {
c.log.Warn("failed to cache proxy user", "error", err, "userId", id)
}