IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: bug where disabled didnt disable the use of service account (#47688)

Browse Source
This commit is contained in:
Eric Leijonmarck
2022-04-13 13:40:58 +01:00
committed by GitHub
parent ab5e2e10ce
commit 673a2ab49e
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/services/contexthandler/contexthandler.go
View File

@@ -4,6 +4,7 @@ package contexthandler
import (
"context"
"errors"
"net/http"
"net/url"
"strconv"
"strings"
@@ -255,20 +256,26 @@ func (h *ContextHandler) initContextWithAPIKey(reqContext *models.ReqContext) bo
//There is a service account attached to the API key
//Use service account linked to API key as the signed in user
query := models.GetSignedInUserQuery{UserId: *apikey.ServiceAccountId, OrgId: apikey.OrgId}
if err := h.SQLStore.GetSignedInUserWithCacheCtx(reqContext.Req.Context(), &query); err != nil {
querySignedInUser := models.GetSignedInUserQuery{UserId: *apikey.ServiceAccountId, OrgId: apikey.OrgId}
if err := h.SQLStore.GetSignedInUserWithCacheCtx(reqContext.Req.Context(), &querySignedInUser); err != nil {
reqContext.Logger.Error(
"Failed to link API key to service account in",
"id", query.UserId,
"org", query.OrgId,
"id", querySignedInUser.UserId,
"org", querySignedInUser.OrgId,
"err", err,
)
reqContext.JsonApiErr(500, "Unable to link API key to service account", err)
reqContext.JsonApiErr(http.StatusInternalServerError, "Unable to link API key to service account", err)
return true
}
// disabled service accounts are not allowed to access the API
if querySignedInUser.Result.IsDisabled {
reqContext.JsonApiErr(http.StatusUnauthorized, "Service account is disabled", nil)
return true
}
reqContext.IsSignedIn = true
reqContext.SignedInUser = query.Result
reqContext.SignedInUser = querySignedInUser.Result
return true
}