mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Add function in ds_proxy to handle oauthPassThru headers
This commit is contained in:
parent
f79dc0a89b
commit
7e62394d01
@ -220,42 +220,7 @@ func (proxy *DataSourceProxy) getDirector() func(req *http.Request) {
|
||||
}
|
||||
|
||||
if proxy.ds.JsonData != nil && proxy.ds.JsonData.Get("oauthPassThru").MustBool() {
|
||||
cmd := &m.GetAuthInfoQuery{UserId: proxy.ctx.UserId}
|
||||
if err := bus.Dispatch(cmd); err != nil {
|
||||
logger.Error("Error feching oauth information for user", "error", err)
|
||||
}
|
||||
|
||||
provider := cmd.Result.AuthModule
|
||||
connect, ok := social.SocialMap[strings.TrimPrefix(provider, "oauth_")] // The socialMap keys don't have "oauth_" prefix, but everywhere else in the system does
|
||||
if !ok {
|
||||
logger.Error("Failed to find oauth provider with given name", "provider", provider)
|
||||
}
|
||||
|
||||
// TokenSource handles refreshing the token if it has expired
|
||||
token, err := connect.TokenSource(proxy.ctx.Req.Context(), &oauth2.Token{
|
||||
AccessToken: cmd.Result.OAuthAccessToken,
|
||||
Expiry: cmd.Result.OAuthExpiry,
|
||||
RefreshToken: cmd.Result.OAuthRefreshToken,
|
||||
TokenType: cmd.Result.OAuthTokenType,
|
||||
}).Token()
|
||||
if err != nil {
|
||||
logger.Error("Failed to retrieve access token from oauth provider", "provider", cmd.Result.AuthModule)
|
||||
}
|
||||
|
||||
// If the tokens are not the same, update the entry in the DB
|
||||
if token.AccessToken != cmd.Result.OAuthAccessToken {
|
||||
cmd2 := &m.UpdateAuthInfoCommand{
|
||||
UserId: cmd.Result.Id,
|
||||
AuthModule: cmd.Result.AuthModule,
|
||||
AuthId: cmd.Result.AuthId,
|
||||
OAuthToken: token,
|
||||
}
|
||||
if err := bus.Dispatch(cmd2); err != nil {
|
||||
logger.Error("Failed to update access token during token refresh", "error", err)
|
||||
}
|
||||
}
|
||||
req.Header.Del("Authorization")
|
||||
req.Header.Add("Authorization", fmt.Sprintf("%s %s", token.Type(), token.AccessToken))
|
||||
addOAuthPassThruAuth(proxy.ctx, req)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -347,3 +312,46 @@ func checkWhiteList(c *m.ReqContext, host string) bool {
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func addOAuthPassThruAuth(c *m.ReqContext, req *http.Request) {
|
||||
cmd := &m.GetAuthInfoQuery{UserId: c.UserId}
|
||||
if err := bus.Dispatch(cmd); err != nil {
|
||||
logger.Error("Error feching oauth information for user", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
provider := cmd.Result.AuthModule
|
||||
connect, ok := social.SocialMap[strings.TrimPrefix(provider, "oauth_")] // The socialMap keys don't have "oauth_" prefix, but everywhere else in the system does
|
||||
if !ok {
|
||||
logger.Error("Failed to find oauth provider with given name", "provider", provider)
|
||||
return
|
||||
}
|
||||
|
||||
// TokenSource handles refreshing the token if it has expired
|
||||
token, err := connect.TokenSource(c.Req.Context(), &oauth2.Token{
|
||||
AccessToken: cmd.Result.OAuthAccessToken,
|
||||
Expiry: cmd.Result.OAuthExpiry,
|
||||
RefreshToken: cmd.Result.OAuthRefreshToken,
|
||||
TokenType: cmd.Result.OAuthTokenType,
|
||||
}).Token()
|
||||
if err != nil {
|
||||
logger.Error("Failed to retrieve access token from oauth provider", "provider", cmd.Result.AuthModule)
|
||||
return
|
||||
}
|
||||
|
||||
// If the tokens are not the same, update the entry in the DB
|
||||
if token.AccessToken != cmd.Result.OAuthAccessToken {
|
||||
cmd2 := &m.UpdateAuthInfoCommand{
|
||||
UserId: cmd.Result.Id,
|
||||
AuthModule: cmd.Result.AuthModule,
|
||||
AuthId: cmd.Result.AuthId,
|
||||
OAuthToken: token,
|
||||
}
|
||||
if err := bus.Dispatch(cmd2); err != nil {
|
||||
logger.Error("Failed to update access token during token refresh", "error", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
req.Header.Del("Authorization")
|
||||
req.Header.Add("Authorization", fmt.Sprintf("%s %s", token.Type(), token.AccessToken))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user