From 6ea9f0c447c82a60072db86a80de35779618f8f1 Mon Sep 17 00:00:00 2001 From: Karl Persson Date: Tue, 12 Mar 2024 09:15:14 +0100 Subject: [PATCH] AuthN: Use fetch user sync hook for render keys connected to a user (#84080) * Use fetch user sync hook for render keys connected to a user --- pkg/services/authn/authnimpl/service.go | 2 +- pkg/services/authn/clients/render.go | 37 ++++++++++------------- pkg/services/authn/clients/render_test.go | 19 ++---------- 3 files changed, 20 insertions(+), 38 deletions(-) diff --git a/pkg/services/authn/authnimpl/service.go b/pkg/services/authn/authnimpl/service.go index c819131ad35..70d81fc53ae 100644 --- a/pkg/services/authn/authnimpl/service.go +++ b/pkg/services/authn/authnimpl/service.go @@ -89,7 +89,7 @@ func ProvideService( usageStats.RegisterMetricsFunc(s.getUsageStats) - s.RegisterClient(clients.ProvideRender(userService, renderService)) + s.RegisterClient(clients.ProvideRender(renderService)) s.RegisterClient(clients.ProvideAPIKey(apikeyService)) if cfg.LoginCookieName != "" { diff --git a/pkg/services/authn/clients/render.go b/pkg/services/authn/clients/render.go index 53862408228..e5a1b6970a4 100644 --- a/pkg/services/authn/clients/render.go +++ b/pkg/services/authn/clients/render.go @@ -8,7 +8,6 @@ import ( "github.com/grafana/grafana/pkg/services/login" "github.com/grafana/grafana/pkg/services/org" "github.com/grafana/grafana/pkg/services/rendering" - "github.com/grafana/grafana/pkg/services/user" "github.com/grafana/grafana/pkg/util/errutil" ) @@ -22,12 +21,11 @@ const ( var _ authn.ContextAwareClient = new(Render) -func ProvideRender(userService user.Service, renderService rendering.Service) *Render { - return &Render{userService, renderService} +func ProvideRender(renderService rendering.Service) *Render { + return &Render{renderService} } type Render struct { - userService user.Service renderService rendering.Service } @@ -42,26 +40,23 @@ func (c *Render) Authenticate(ctx context.Context, r *authn.Request) (*authn.Ide return nil, errInvalidRenderKey.Errorf("found no render user for key: %s", key) } - var identity *authn.Identity if renderUsr.UserID <= 0 { - identity = &authn.Identity{ - ID: authn.NamespacedID(authn.NamespaceRenderService, 0), - OrgID: renderUsr.OrgID, - OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)}, - ClientParams: authn.ClientParams{SyncPermissions: true}, - } - } else { - usr, err := c.userService.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{UserID: renderUsr.UserID, OrgID: renderUsr.OrgID}) - if err != nil { - return nil, err - } - - identity = authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceUser, usr.UserID), usr, authn.ClientParams{SyncPermissions: true}, login.RenderModule) + return &authn.Identity{ + ID: authn.NamespacedID(authn.NamespaceRenderService, 0), + OrgID: renderUsr.OrgID, + OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)}, + ClientParams: authn.ClientParams{SyncPermissions: true}, + LastSeenAt: time.Now(), + AuthenticatedBy: login.RenderModule, + }, nil } - identity.LastSeenAt = time.Now() - identity.AuthenticatedBy = login.RenderModule - return identity, nil + return &authn.Identity{ + ID: authn.NamespacedID(authn.NamespaceUser, renderUsr.UserID), + LastSeenAt: time.Now(), + AuthenticatedBy: login.RenderModule, + ClientParams: authn.ClientParams{FetchSyncedUser: true, SyncPermissions: true}, + }, nil } func (c *Render) Test(ctx context.Context, r *authn.Request) bool { diff --git a/pkg/services/authn/clients/render_test.go b/pkg/services/authn/clients/render_test.go index 19e18dbb336..24051db326f 100644 --- a/pkg/services/authn/clients/render_test.go +++ b/pkg/services/authn/clients/render_test.go @@ -13,8 +13,6 @@ import ( "github.com/grafana/grafana/pkg/services/login" "github.com/grafana/grafana/pkg/services/org" "github.com/grafana/grafana/pkg/services/rendering" - "github.com/grafana/grafana/pkg/services/user" - "github.com/grafana/grafana/pkg/services/user/usertest" ) func TestRender_Authenticate(t *testing.T) { @@ -23,7 +21,6 @@ func TestRender_Authenticate(t *testing.T) { renderKey string req *authn.Request expectedErr error - expectedUsr *user.SignedInUser expectedIdentity *authn.Identity expectedRenderUsr *rendering.RenderUser } @@ -60,23 +57,13 @@ func TestRender_Authenticate(t *testing.T) { }, expectedIdentity: &authn.Identity{ ID: "user:1", - OrgID: 1, - OrgName: "test", - OrgRoles: map[int64]org.RoleType{1: org.RoleAdmin}, - IsGrafanaAdmin: boolPtr(false), AuthenticatedBy: login.RenderModule, - ClientParams: authn.ClientParams{SyncPermissions: true}, + ClientParams: authn.ClientParams{FetchSyncedUser: true, SyncPermissions: true}, }, expectedRenderUsr: &rendering.RenderUser{ OrgID: 1, UserID: 1, }, - expectedUsr: &user.SignedInUser{ - UserID: 1, - OrgID: 1, - OrgName: "test", - OrgRole: "Admin", - }, }, { desc: "expect error when render key is invalid", @@ -97,7 +84,7 @@ func TestRender_Authenticate(t *testing.T) { renderService := rendering.NewMockService(ctrl) renderService.EXPECT().GetRenderUser(gomock.Any(), tt.renderKey).Return(tt.expectedRenderUsr, tt.expectedRenderUsr != nil) - c := ProvideRender(&usertest.FakeUserService{ExpectedSignedInUser: tt.expectedUsr}, renderService) + c := ProvideRender(renderService) identity, err := c.Authenticate(context.Background(), tt.req) if tt.expectedErr != nil { assert.ErrorIs(t, tt.expectedErr, err) @@ -141,7 +128,7 @@ func TestRender_Test(t *testing.T) { for _, tt := range tests { t.Run(tt.desc, func(t *testing.T) { - c := ProvideRender(&usertest.FakeUserService{}, &rendering.MockService{}) + c := ProvideRender(&rendering.MockService{}) assert.Equal(t, tt.expected, c.Test(context.Background(), tt.req)) }) }