IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Allow soft token revocation (#31601)

Browse Source 
* Add revoked_at field to user auth token to allow soft revokes

* Allow soft token revocations

* Update token revocations and tests

* Return error info on revokedTokenErr

* Override session cookie only when no revokedErr nor API request

* Display modal on revoked token error

* Feedback: Refactor TokenRevokedModal to FC

* Add GetUserRevokedTokens into UserTokenService

* Backendsrv: adds tests and refactors soft token path

* Apply feedback

* Write redirect cookie on token revoked error

* Update TokenRevokedModal style

* Return meaningful error info

* Some UI changes

* Update backend_srv tests

* Minor style fix on backend_srv tests

* Replace deprecated method usage to publish events

* Fix backend_srv tests

* Apply suggestions from code review

Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Minor style fix after PR suggestion commit

* Apply suggestions from code review

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Prettier fixes

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
This commit is contained in:
Joan López de la Franca Beltran
2021-03-16 17:44:02 +01:00
committed by GitHub
parent a1c7e0630d
commit 610999cfa2
13 changed files with 286 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/models/user_token.go
View File

@@ -32,6 +32,14 @@ type TokenExpiredError struct {
func (e *TokenExpiredError) Error() string { return "user token expired" }
type TokenRevokedError struct {
UserID int64
TokenID int64
MaxConcurrentSessions int64
}
func (e *TokenRevokedError) Error() string { return "user token revoked" }
// UserToken represents a user token
type UserToken struct {
Id int64
@@ -45,6 +53,7 @@ type UserToken struct {
RotatedAt int64
CreatedAt int64
UpdatedAt int64
RevokedAt int64
UnhashedToken string
}
@@ -57,9 +66,10 @@ type UserTokenService interface {
CreateToken(ctx context.Context, user *User, clientIP net.IP, userAgent string) (*UserToken, error)
LookupToken(ctx context.Context, unhashedToken string) (*UserToken, error)
TryRotateToken(ctx context.Context, token *UserToken, clientIP net.IP, userAgent string) (bool, error)
RevokeToken(ctx context.Context, token *UserToken) error
RevokeToken(ctx context.Context, token *UserToken, soft bool) error
RevokeAllUserTokens(ctx context.Context, userId int64) error
ActiveTokenCount(ctx context.Context) (int64, error)
GetUserToken(ctx context.Context, userId, userTokenId int64) (*UserToken, error)
GetUserTokens(ctx context.Context, userId int64) ([]*UserToken, error)
GetUserRevokedTokens(ctx context.Context, userId int64) ([]*UserToken, error)
}