inject login/logout hooks

2024-11-23 09:26:43 -06:00 · 2019-01-15 15:15:52 +01:00 · 2019-01-15 15:15:52 +01:00 · 8764fb5aa6
commit 8764fb5aa6
parent b0df7280be
6 changed files with 37 additions and 42 deletions
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -23,9 +23,9 @@ func (hs *HTTPServer) registerRoutes() {

 	// not logged in views
 	r.Get("/", reqSignedIn, hs.Index)
-	r.Get("/logout", Logout)
-	r.Post("/login", quota("session"), bind(dtos.LoginCommand{}), Wrap(LoginPost))
-	r.Get("/login/:name", quota("session"), OAuthLogin)
+	r.Get("/logout", hs.Logout)
+	r.Post("/login", quota("session"), bind(dtos.LoginCommand{}), Wrap(hs.LoginPost))
+	r.Get("/login/:name", quota("session"), hs.OAuthLogin)
 	r.Get("/login", hs.LoginView)
 	r.Get("/invite/:code", hs.Index)

@ -84,11 +84,11 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Get("/signup", hs.Index)
 	r.Get("/api/user/signup/options", Wrap(GetSignUpOptions))
 	r.Post("/api/user/signup", quota("user"), bind(dtos.SignUpForm{}), Wrap(SignUp))
-	r.Post("/api/user/signup/step2", bind(dtos.SignUpStep2Form{}), Wrap(SignUpStep2))
+	r.Post("/api/user/signup/step2", bind(dtos.SignUpStep2Form{}), Wrap(hs.SignUpStep2))

 	// invited
 	r.Get("/api/user/invite/:code", Wrap(GetInviteInfoByCode))
-	r.Post("/api/user/invite/complete", bind(dtos.CompleteInviteForm{}), Wrap(CompleteInvite))
+	r.Post("/api/user/invite/complete", bind(dtos.CompleteInviteForm{}), Wrap(hs.CompleteInvite))

 	// reset password
 	r.Get("/user/password/send-reset-email", hs.Index)
@ -109,7 +109,7 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Delete("/api/snapshots/:key", reqEditorRole, Wrap(DeleteDashboardSnapshot))

 	// api renew session based on remember cookie
-	r.Get("/api/login/ping", quota("session"), LoginAPIPing)
+	r.Get("/api/login/ping", quota("session"), hs.LoginAPIPing)

 	// authed api
 	r.Group("/api", func(apiRoute routing.RouteRegister) {
--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
@ -11,6 +11,8 @@ import (
 	"path"
 	"time"

+	"github.com/grafana/grafana/pkg/services/auth"
+
 	"github.com/grafana/grafana/pkg/api/routing"
 	"github.com/prometheus/client_golang/prometheus"

@ -49,13 +51,14 @@ type HTTPServer struct {
 	streamManager *live.StreamManager
 	httpSrv       *http.Server

-	RouteRegister   routing.RouteRegister    `inject:""`
-	Bus             bus.Bus                  `inject:""`
-	RenderService   rendering.Service        `inject:""`
-	Cfg             *setting.Cfg             `inject:""`
-	HooksService    *hooks.HooksService      `inject:""`
-	CacheService    *cache.CacheService      `inject:""`
-	DatasourceCache datasources.CacheService `inject:""`
+	RouteRegister    routing.RouteRegister      `inject:""`
+	Bus              bus.Bus                    `inject:""`
+	RenderService    rendering.Service          `inject:""`
+	Cfg              *setting.Cfg               `inject:""`
+	HooksService     *hooks.HooksService        `inject:""`
+	CacheService     *cache.CacheService        `inject:""`
+	DatasourceCache  datasources.CacheService   `inject:""`
+	AuthTokenService *auth.UserAuthTokenService `inject:""`
 }

 func (hs *HTTPServer) Init() error {
--- a/pkg/api/login.go
+++ b/pkg/api/login.go
@ -9,7 +9,6 @@ import (
 	"github.com/grafana/grafana/pkg/login"
 	"github.com/grafana/grafana/pkg/metrics"
 	m "github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/services/session"
 	"github.com/grafana/grafana/pkg/setting"
 )

@ -43,7 +42,7 @@ func (hs *HTTPServer) LoginView(c *m.ReqContext) {
 		return
 	}

-	if !tryLoginUsingRememberCookie(c) {
+	if !hs.tryLoginUsingRememberCookie(c) {
 		c.HTML(200, ViewIndex, viewData)
 		return
 	}
@ -75,7 +74,7 @@ func tryOAuthAutoLogin(c *m.ReqContext) bool {
 	return false
 }

-func tryLoginUsingRememberCookie(c *m.ReqContext) bool {
+func (hs *HTTPServer) tryLoginUsingRememberCookie(c *m.ReqContext) bool {
 	// Check auto-login.
 	uname := c.GetCookie(setting.CookieUserName)
 	if len(uname) == 0 {
@ -111,12 +110,12 @@ func tryLoginUsingRememberCookie(c *m.ReqContext) bool {
 	}

 	isSucceed = true
-	loginUserWithUser(user, c)
+	hs.loginUserWithUser(user, c)
 	return true
 }

-func LoginAPIPing(c *m.ReqContext) {
-	if !tryLoginUsingRememberCookie(c) {
+func (hs *HTTPServer) LoginAPIPing(c *m.ReqContext) {
+	if !hs.tryLoginUsingRememberCookie(c) {
 		c.JsonApiErr(401, "Unauthorized", nil)
 		return
 	}
@ -124,7 +123,7 @@ func LoginAPIPing(c *m.ReqContext) {
 	c.JsonOK("Logged in")
 }

-func LoginPost(c *m.ReqContext, cmd dtos.LoginCommand) Response {
+func (hs *HTTPServer) LoginPost(c *m.ReqContext, cmd dtos.LoginCommand) Response {
 	if setting.DisableLoginForm {
 		return Error(401, "Login is disabled", nil)
 	}
@ -146,7 +145,7 @@ func LoginPost(c *m.ReqContext, cmd dtos.LoginCommand) Response {

 	user := authQuery.User

-	loginUserWithUser(user, c)
+	hs.loginUserWithUser(user, c)

 	result := map[string]interface{}{
 		"message": "Logged in",
@ -162,27 +161,20 @@ func LoginPost(c *m.ReqContext, cmd dtos.LoginCommand) Response {
 	return JSON(200, result)
 }

-func loginUserWithUser(user *m.User, c *m.ReqContext) {
+func (hs *HTTPServer) loginUserWithUser(user *m.User, c *m.ReqContext) {
 	if user == nil {
-		log.Error(3, "User login with nil user")
+		hs.log.Error("User login with nil user")
 	}

-	c.Resp.Header().Del("Set-Cookie")
-
-	days := 86400 * setting.LogInRememberDays
-	if days > 0 {
-		c.SetCookie(setting.CookieUserName, user.Login, days, setting.AppSubUrl+"/")
-		c.SetSuperSecureCookie(user.Rands+user.Password, setting.CookieRememberName, user.Login, days, setting.AppSubUrl+"/")
+	err := hs.AuthTokenService.UserAuthenticatedHook(user, c)
+	if err != nil {
+		hs.log.Error("User auth hook failed", err)
 	}
-
-	c.Session.RegenerateId(c.Context)
-	c.Session.Set(session.SESS_KEY_USERID, user.Id)
 }

-func Logout(c *m.ReqContext) {
-	c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl+"/")
-	c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl+"/")
-	c.Session.Destory(c.Context)
+func (hs *HTTPServer) Logout(c *m.ReqContext) {
+	hs.AuthTokenService.UserSignedOutHook(c)
+
 	if setting.SignoutRedirectUrl != "" {
 		c.Redirect(setting.SignoutRedirectUrl)
 	} else {
--- a/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
@ -31,7 +31,7 @@ func GenStateString() string {
 	return base64.URLEncoding.EncodeToString(rnd)
 }

-func OAuthLogin(ctx *m.ReqContext) {
+func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
 	if setting.OAuthService == nil {
 		ctx.Handle(404, "OAuth not enabled", nil)
 		return
@ -178,7 +178,7 @@ func OAuthLogin(ctx *m.ReqContext) {
 	}

 	// login
-	loginUserWithUser(cmd.Result, ctx)
+	hs.loginUserWithUser(cmd.Result, ctx)

 	metrics.M_Api_Login_OAuth.Inc()

--- a/pkg/api/org_invite.go
+++ b/pkg/api/org_invite.go
@ -148,7 +148,7 @@ func GetInviteInfoByCode(c *m.ReqContext) Response {
 	})
 }

-func CompleteInvite(c *m.ReqContext, completeInvite dtos.CompleteInviteForm) Response {
+func (hs *HTTPServer) CompleteInvite(c *m.ReqContext, completeInvite dtos.CompleteInviteForm) Response {
 	query := m.GetTempUserByCodeQuery{Code: completeInvite.InviteCode}

 	if err := bus.Dispatch(&query); err != nil {
@ -186,7 +186,7 @@ func CompleteInvite(c *m.ReqContext, completeInvite dtos.CompleteInviteForm) Res
 		return rsp
 	}

-	loginUserWithUser(user, c)
+	hs.loginUserWithUser(user, c)

 	metrics.M_Api_User_SignUpCompleted.Inc()
 	metrics.M_Api_User_SignUpInvite.Inc()
--- a/pkg/api/signup.go
+++ b/pkg/api/signup.go
@ -51,7 +51,7 @@ func SignUp(c *m.ReqContext, form dtos.SignUpForm) Response {
 	return JSON(200, util.DynMap{"status": "SignUpCreated"})
 }

-func SignUpStep2(c *m.ReqContext, form dtos.SignUpStep2Form) Response {
+func (hs *HTTPServer) SignUpStep2(c *m.ReqContext, form dtos.SignUpStep2Form) Response {
 	if !setting.AllowUserSignUp {
 		return Error(401, "User signup is disabled", nil)
 	}
@ -109,7 +109,7 @@ func SignUpStep2(c *m.ReqContext, form dtos.SignUpStep2Form) Response {
 		apiResponse["code"] = "redirect-to-select-org"
 	}

-	loginUserWithUser(user, c)
+	hs.loginUserWithUser(user, c)
 	metrics.M_Api_User_SignUpCompleted.Inc()

 	return JSON(200, apiResponse)