mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Identity: Remove typed id (#91801)
* Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
This commit is contained in:
Karl Persson
GitHub
@@ -11,12 +11,12 @@ import (
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/authlib/claims"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/api/routing"
|
||||
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
||||
"github.com/grafana/grafana/pkg/infra/db"
|
||||
"github.com/grafana/grafana/pkg/infra/fs"
|
||||
"github.com/grafana/grafana/pkg/infra/tracing"
|
||||
@@ -190,7 +190,7 @@ func getContextHandler(t *testing.T, cfg *setting.Cfg) *contexthandler.ContextHa
|
||||
return contexthandler.ProvideService(
|
||||
cfg,
|
||||
tracing.InitializeTracerForTest(),
|
||||
&authntest.FakeService{ExpectedIdentity: &authn.Identity{ID: identity.AnonymousTypedID, SessionToken: &usertoken.UserToken{}}},
|
||||
&authntest.FakeService{ExpectedIdentity: &authn.Identity{ID: "0", Type: claims.TypeAnonymous, SessionToken: &usertoken.UserToken{}}},
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -44,11 +44,11 @@ func (hs *HTTPServer) isDashboardStarredByUser(c *contextmodel.ReqContext, dashI
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
@@ -195,8 +195,8 @@ func (hs *HTTPServer) setDefaultFolderPermissions(ctx context.Context, orgID int
|
||||
|
||||
var permissions []accesscontrol.SetResourcePermissionCommand
|
||||
|
||||
if identity.IsIdentityType(user.GetID(), claims.TypeUser) {
|
||||
userID, err := identity.UserIdentifier(user.GetID())
|
||||
if user.IsIdentityType(claims.TypeUser) {
|
||||
userID, err := user.GetInternalID()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -171,7 +171,7 @@ func (hs *HTTPServer) setIndexViewData(c *contextmodel.ReqContext) (*dtos.IndexV
|
||||
|
||||
func (hs *HTTPServer) buildUserAnalyticsSettings(c *contextmodel.ReqContext) dtos.AnalyticsSettings {
|
||||
// Anonymous users do not have an email or auth info
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return dtos.AnalyticsSettings{Identifier: "@" + hs.Cfg.AppURL}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,13 +12,13 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/authlib/claims"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/api/routing"
|
||||
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
||||
"github.com/grafana/grafana/pkg/components/simplejson"
|
||||
"github.com/grafana/grafana/pkg/infra/log"
|
||||
"github.com/grafana/grafana/pkg/login/social"
|
||||
@@ -332,7 +332,7 @@ func TestLoginPostRedirect(t *testing.T) {
|
||||
HooksService: &hooks.HooksService{},
|
||||
License: &licensing.OSSLicensingService{},
|
||||
authnService: &authntest.FakeService{
|
||||
ExpectedIdentity: &authn.Identity{ID: identity.MustParseTypedID("user:42"), SessionToken: &usertoken.UserToken{}},
|
||||
ExpectedIdentity: &authn.Identity{ID: "42", Type: claims.TypeUser, SessionToken: &usertoken.UserToken{}},
|
||||
},
|
||||
AuthTokenService: authtest.NewFakeUserAuthTokenService(),
|
||||
Features: featuremgmt.WithFeatures(),
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
"github.com/grafana/authlib/claims"
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
||||
"github.com/grafana/grafana/pkg/infra/metrics"
|
||||
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
||||
"github.com/grafana/grafana/pkg/services/org"
|
||||
@@ -133,11 +132,11 @@ func (hs *HTTPServer) CreateOrg(c *contextmodel.ReqContext) response.Response {
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return response.Error(http.StatusForbidden, "Only users can create organizations", nil)
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "Failed to parse user id", err)
|
||||
}
|
||||
|
||||
@@ -6,10 +6,10 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/authlib/claims"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
|
||||
"github.com/grafana/grafana/pkg/services/authn"
|
||||
@@ -267,7 +267,8 @@ func TestAPIEndpoint_GetOrg(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.desc, func(t *testing.T) {
|
||||
expectedIdentity := &authn.Identity{
|
||||
ID: identity.MustParseTypedID("user:1"),
|
||||
ID: "1",
|
||||
Type: claims.TypeUser,
|
||||
OrgID: 1,
|
||||
Permissions: map[int64]map[string][]string{
|
||||
0: accesscontrol.GroupScopesByActionContext(context.Background(), tt.permissions),
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"github.com/grafana/authlib/claims"
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
||||
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
||||
"github.com/grafana/grafana/pkg/services/login"
|
||||
"github.com/grafana/grafana/pkg/services/org"
|
||||
@@ -32,18 +31,18 @@ import (
|
||||
// 404: notFoundError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetSignedInUser(c *contextmodel.ReqContext) response.Response {
|
||||
if !identity.IsIdentityType(c.GetID(), claims.TypeUser) {
|
||||
if !c.IsIdentityType(claims.TypeUser) {
|
||||
return response.JSON(http.StatusOK, user.UserProfileDTO{
|
||||
IsGrafanaAdmin: c.SignedInUser.GetIsGrafanaAdmin(),
|
||||
OrgID: c.SignedInUser.GetOrgID(),
|
||||
UID: c.SignedInUser.GetID().String(),
|
||||
UID: c.SignedInUser.GetID(),
|
||||
Name: c.SignedInUser.NameOrFallback(),
|
||||
Email: c.SignedInUser.GetEmail(),
|
||||
Login: c.SignedInUser.GetLogin(),
|
||||
})
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.GetID())
|
||||
userID, err := c.GetInternalID()
|
||||
if err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "Failed to parse user id", err)
|
||||
}
|
||||
@@ -278,7 +277,7 @@ func (hs *HTTPServer) handleUpdateUser(ctx context.Context, cmd user.UpdateUserC
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) StartEmailVerificaton(c *contextmodel.ReqContext) response.Response {
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return response.Error(http.StatusBadRequest, "Only users can verify their email", nil)
|
||||
}
|
||||
|
||||
@@ -287,7 +286,7 @@ func (hs *HTTPServer) StartEmailVerificaton(c *contextmodel.ReqContext) response
|
||||
return response.Respond(http.StatusNotModified, nil)
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "Got invalid user id", err)
|
||||
}
|
||||
@@ -505,12 +504,12 @@ func (hs *HTTPServer) ChangeActiveOrgAndRedirectToHome(c *contextmodel.ReqContex
|
||||
return
|
||||
}
|
||||
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
c.JsonApiErr(http.StatusForbidden, "Endpoint only available for users", nil)
|
||||
return
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
c.JsonApiErr(http.StatusInternalServerError, "Failed to parse user id", err)
|
||||
return
|
||||
@@ -630,11 +629,11 @@ func (hs *HTTPServer) ClearHelpFlags(c *contextmodel.ReqContext) response.Respon
|
||||
}
|
||||
|
||||
func getUserID(c *contextmodel.ReqContext) (int64, *response.NormalResponse) {
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return 0, response.Error(http.StatusForbidden, "Endpoint only available for users", nil)
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
return 0, response.Error(http.StatusInternalServerError, "Failed to parse user id", err)
|
||||
}
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"github.com/grafana/authlib/claims"
|
||||
"github.com/grafana/grafana/pkg/api/dtos"
|
||||
"github.com/grafana/grafana/pkg/api/response"
|
||||
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
||||
"github.com/grafana/grafana/pkg/infra/network"
|
||||
"github.com/grafana/grafana/pkg/services/auth"
|
||||
"github.com/grafana/grafana/pkg/services/authn"
|
||||
@@ -33,11 +32,11 @@ import (
|
||||
// 403: forbiddenError
|
||||
// 500: internalServerError
|
||||
func (hs *HTTPServer) GetUserAuthTokens(c *contextmodel.ReqContext) response.Response {
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return response.Error(http.StatusForbidden, "entity not allowed to get tokens", nil)
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "failed to parse user id", err)
|
||||
}
|
||||
@@ -63,11 +62,11 @@ func (hs *HTTPServer) RevokeUserAuthToken(c *contextmodel.ReqContext) response.R
|
||||
return response.Error(http.StatusBadRequest, "bad request data", err)
|
||||
}
|
||||
|
||||
if !identity.IsIdentityType(c.SignedInUser.GetID(), claims.TypeUser) {
|
||||
if !c.SignedInUser.IsIdentityType(claims.TypeUser) {
|
||||
return response.Error(http.StatusForbidden, "entity not allowed to revoke tokens", nil)
|
||||
}
|
||||
|
||||
userID, err := identity.UserIdentifier(c.SignedInUser.GetID())
|
||||
userID, err := c.SignedInUser.GetInternalID()
|
||||
if err != nil {
|
||||
return response.Error(http.StatusInternalServerError, "failed to parse user id", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user