IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 01:23:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): fixed login issue that was a potential for social engineering, fixes #6014

Browse Source
This commit is contained in:
Torkel Ödegaard 2016-09-21 15:03:14 +02:00
parent 4a1693196c
commit b4111d78e1
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/api/login_oauth.go
View File

@ -3,7 +3,6 @@ package api
import (
"errors"
"fmt"
"net/url"
"golang.org/x/oauth2"
@ -46,9 +45,9 @@ func OAuthLogin(ctx *middleware.Context) {
userInfo, err := connect.UserInfo(token)
if err != nil {
if err == social.ErrMissingTeamMembership {
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github team membership not fulfilled"))
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1000")
} else if err == social.ErrMissingOrganizationMembership {
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github organization membership not fulfilled"))
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1001")
} else {
ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err)
}
@ -60,7 +59,7 @@ func OAuthLogin(ctx *middleware.Context) {
// validate that the email is allowed to login to grafana
if !connect.IsEmailAllowed(userInfo.Email) {
ctx.Logger.Info("OAuth login attempt with unallowed email", "email", userInfo.Email)
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required email domain not fulfilled"))
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1002")
return
}

10
public/app/core/controllers/login_ctrl.js
View File

@ -6,6 +6,12 @@ define([
function (angular, coreModule, config) {
'use strict';
var failCodes = {
"1000": "Required Github team membership not fulfilled",
"1001": "Required Github organization membership not fulfilled",
"1002": "Required email domain not fulfilled",
};
coreModule.default.controller('LoginCtrl', function($scope, backendSrv, contextSrv, $location) {
$scope.formModel = {
user: '',
@ -31,8 +37,8 @@ function (angular, coreModule, config) {
$scope.$watch("loginMode", $scope.loginModeChanged);
var params = $location.search();
if (params.failedMsg) {
$scope.appEvent('alert-warning', ['Login Failed', params.failedMsg]);
if (params.failCode) {
$scope.appEvent('alert-warning', ['Login Failed', failCodes[params.failCode]]);
delete params.failedMsg;
$location.search(params);
}