Password policy (#82268)

* add password service interface * add password service implementation * add tests for password service * add password service wiring * add feature toggle * Rework from service interface to static function * Replace previous password validations * Add codeowners to password service * add error logs * update config files --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2025-02-25 18:55:37 -06:00 · 2024-02-16 04:58:05 -06:00
parent 846eadff63
commit ac84069071
27 changed files with 300 additions and 105 deletions
--- a/pkg/services/authn/clients/grafana.go
+++ b/pkg/services/authn/clients/grafana.go
@@ -100,7 +100,7 @@ func (c *Grafana) AuthenticatePassword(ctx context.Context, r *authn.Request, us
 	// user was found so set auth module in req metadata
 	r.SetMeta(authn.MetaKeyAuthModule, "grafana")

-	if ok := comparePassword(password, usr.Salt, usr.Password); !ok {
+	if ok := comparePassword(password, usr.Salt, string(usr.Password)); !ok {
 		return nil, errInvalidPassword.Errorf("invalid password")
 	}

--- a/pkg/services/authn/clients/grafana_test.go
+++ b/pkg/services/authn/clients/grafana_test.go
@@ -171,7 +171,7 @@ func TestGrafana_AuthenticatePassword(t *testing.T) {
 			hashed, _ := util.EncodePassword("password", "salt")
 			userService := &usertest.FakeUserService{
 				ExpectedSignedInUser: tt.expectedSignedInUser,
-				ExpectedUser:         &user.User{Password: hashed, Salt: "salt"},
+				ExpectedUser:         &user.User{Password: user.Password(hashed), Salt: "salt"},
 			}

 			if !tt.findUser {