IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthN: Fix url token auth when clientTokenRotation is enabled (#71073)

Browse Source 
* ContextSrv: No longer try to rotate token if we are using auth_token in url

Also extract the logic to check if we should schedule the job into its own function
This commit is contained in:
Karl Persson 2023-07-05 17:08:49 +02:00 committed by GitHub
parent f18a02149a
commit b9442c98ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
public/app/core/services/context_srv.ts
View File

@ -89,7 +89,7 @@ export class ContextSrv {
this.hasEditPermissionInFolders = this.user.hasEditPermissionInFolders; this.hasEditPermissionInFolders = this.user.hasEditPermissionInFolders;
this.minRefreshInterval = config.minRefreshInterval; this.minRefreshInterval = config.minRefreshInterval;
if (this.isSignedIn) { if (this.canScheduleRotation()) {
this.scheduleTokenRotationJob(); this.scheduleTokenRotationJob();
} }
} }
@ -206,10 +206,8 @@ export class ContextSrv {
// schedules a job to perform token ration in the background // schedules a job to perform token ration in the background
private scheduleTokenRotationJob() { private scheduleTokenRotationJob() {
const urlParams = new URLSearchParams(window.location.search); // check if we can schedula the token rotation job
const isRenderRequest = !!urlParams.get('render'); if (this.canScheduleRotation()) {
// only schedule job if feature toggle is enabled, user is signed in and it's not a render request
if (config.featureToggles.clientTokenRotation && this.isSignedIn && !isRenderRequest) {
// get the time token is going to expire // get the time token is going to expire
let expires = this.getSessionExpiry(); let expires = this.getSessionExpiry();
@ -241,6 +239,32 @@ export class ContextSrv {
} }
} }
private canScheduleRotation() {
// skip if user is not signed in, this happens on login page or when using anonymous auth
if (!this.isSignedIn) {
return false;
}
// skip if feature toggle is not enabled
if (!config.featureToggles.clientTokenRotation) {
return false;
}
const params = new URLSearchParams(window.location.search);
// skip if this is a render request
if (!!params.get('render')) {
return false;
}
// skip if we are using auth_token in url
if (!!params.get('auth_token')) {
return false;
}
return true;
}
private cancelTokenRotationJob() { private cancelTokenRotationJob() {
if (config.featureToggles.clientTokenRotation && this.tokenRotationJobId > 0) { if (config.featureToggles.clientTokenRotation && this.tokenRotationJobId > 0) {
clearTimeout(this.tokenRotationJobId); clearTimeout(this.tokenRotationJobId);