IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Login: Require user to not be signed in to get request password email (#35421)

Browse Source
This commit is contained in:
Tobias Skarhed 2021-06-14 18:02:05 +02:00 committed by GitHub
parent 395b942134
commit 7f882eea05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/api/api.go
View File

@ -23,6 +23,7 @@ var plog = log.New("api")
func (hs *HTTPServer) registerRoutes() { func (hs *HTTPServer) registerRoutes() {
reqNoAuth := middleware.NoAuth() reqNoAuth := middleware.NoAuth()
reqSignedIn := middleware.ReqSignedIn reqSignedIn := middleware.ReqSignedIn
reqNotSignedIn := middleware.ReqNotSignedIn
reqSignedInNoAnonymous := middleware.ReqSignedInNoAnonymous reqSignedInNoAnonymous := middleware.ReqSignedInNoAnonymous
reqGrafanaAdmin := middleware.ReqGrafanaAdmin reqGrafanaAdmin := middleware.ReqGrafanaAdmin
reqEditorRole := middleware.ReqEditorRole reqEditorRole := middleware.ReqEditorRole
@ -112,7 +113,7 @@ func (hs *HTTPServer) registerRoutes() {
r.Post("/api/user/invite/complete", bind(dtos.CompleteInviteForm{}), routing.Wrap(hs.CompleteInvite)) r.Post("/api/user/invite/complete", bind(dtos.CompleteInviteForm{}), routing.Wrap(hs.CompleteInvite))
// reset password // reset password
r.Get("/user/password/send-reset-email", hs.Index) r.Get("/user/password/send-reset-email", reqNotSignedIn, hs.Index)
r.Get("/user/password/reset", hs.Index) r.Get("/user/password/reset", hs.Index)
r.Post("/api/user/password/send-reset-email", bind(dtos.SendResetPasswordEmailForm{}), routing.Wrap(SendResetPasswordEmail)) r.Post("/api/user/password/send-reset-email", bind(dtos.SendResetPasswordEmailForm{}), routing.Wrap(SendResetPasswordEmail))

6
pkg/middleware/auth.go
View File

@ -161,6 +161,12 @@ func SnapshotPublicModeOrSignedIn(cfg *setting.Cfg) macaron.Handler {
} }
} }
func ReqNotSignedIn(c *models.ReqContext) {
if c.IsSignedIn {
c.Redirect(setting.AppSubUrl + "/")
}
}
// NoAuth creates a middleware that doesn't require any authentication. // NoAuth creates a middleware that doesn't require any authentication.
// If forceLogin param is set it will redirect the user to the login page. // If forceLogin param is set it will redirect the user to the login page.
func NoAuth() macaron.Handler { func NoAuth() macaron.Handler {