IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-12-28 18:01:40 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix active LDAP sync (#25321)

Browse Source 
* LDAP: sync only users with 'ldap' module as a most recent auth module

* LDAP: tests for searching ldap users
This commit is contained in:
Alexander Zobnin 2020-06-03 16:28:13 +03:00 committed by GitHub
parent 63463e0e46
commit c4eca530ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/services/sqlstore/user.go
View File

@ -468,13 +468,7 @@ func SearchUsers(query *models.SearchUsersQuery) error {
} }
if query.AuthModule != "" { if query.AuthModule != "" {
whereConditions = append( whereConditions = append(whereConditions, `auth_module=?`)
whereConditions,
`u.id IN (SELECT user_id
FROM user_auth
WHERE auth_module=?)`,
)
whereParams = append(whereParams, query.AuthModule) whereParams = append(whereParams, query.AuthModule)
} }
@ -494,6 +488,11 @@ func SearchUsers(query *models.SearchUsersQuery) error {
user := models.User{} user := models.User{}
countSess := x.Table("user").Alias("u") countSess := x.Table("user").Alias("u")
// Join with user_auth table if users filtered by auth_module
if query.AuthModule != "" {
countSess.Join("LEFT", "user_auth", joinCondition)
}
if len(whereConditions) > 0 { if len(whereConditions) > 0 {
countSess.Where(strings.Join(whereConditions, " AND "), whereParams...) countSess.Where(strings.Join(whereConditions, " AND "), whereParams...)
} }

51
pkg/services/sqlstore/user_test.go
View File

@ -454,7 +454,7 @@ func TestUserDataAccess(t *testing.T) {
// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
// Make the first log-in during the past // Make the first log-in during the past
getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test1", AuthId: "test1"} query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: "ldap0"}
err := GetUserByAuthInfo(query) err := GetUserByAuthInfo(query)
getTime = time.Now getTime = time.Now
@ -464,7 +464,7 @@ func TestUserDataAccess(t *testing.T) {
// Add a second auth module for this user // Add a second auth module for this user
// Have this module's last log-in be more recent // Have this module's last log-in be more recent
getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) }
query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test2", AuthId: "test2"} query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"}
err = GetUserByAuthInfo(query) err = GetUserByAuthInfo(query)
getTime = time.Now getTime = time.Now
@ -480,12 +480,12 @@ func TestUserDataAccess(t *testing.T) {
for _, user := range searchUserQuery.Result.Users { for _, user := range searchUserQuery.Result.Users {
if user.Login == login { if user.Login == login {
So(user.AuthModule, ShouldHaveLength, 1) So(user.AuthModule, ShouldHaveLength, 1)
So(user.AuthModule[0], ShouldEqual, "test2") So(user.AuthModule[0], ShouldEqual, "oauth")
} }
} }
// "log in" again with the first auth module // "log in" again with the first auth module
updateAuthCmd := &models.UpdateAuthInfoCommand{UserId: query.Result.Id, AuthModule: "test1", AuthId: "test1"} updateAuthCmd := &models.UpdateAuthInfoCommand{UserId: query.Result.Id, AuthModule: "ldap", AuthId: "ldap1"}
err = UpdateAuthInfo(updateAuthCmd) err = UpdateAuthInfo(updateAuthCmd)
So(err, ShouldBeNil) So(err, ShouldBeNil)
@ -496,7 +496,48 @@ func TestUserDataAccess(t *testing.T) {
for _, user := range searchUserQuery.Result.Users { for _, user := range searchUserQuery.Result.Users {
if user.Login == login { if user.Login == login {
So(user.AuthModule, ShouldHaveLength, 1) So(user.AuthModule, ShouldHaveLength, 1)
So(user.AuthModule[0], ShouldEqual, "test1") So(user.AuthModule[0], ShouldEqual, "ldap")
}
}
})
})
Convey("When searching LDAP users", func() {
for i := 0; i < 5; i++ {
// Find a user to set tokens on
login := fmt.Sprint("loginuser", i)
// Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table
// Make the first log-in during the past
getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) }
query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i)}
err := GetUserByAuthInfo(query)
getTime = time.Now
So(err, ShouldBeNil)
So(query.Result.Login, ShouldEqual, login)
}
// Log in first user with oauth
login := "loginuser0"
getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) }
query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"}
err := GetUserByAuthInfo(query)
getTime = time.Now
So(err, ShouldBeNil)
So(query.Result.Login, ShouldEqual, login)
Convey("Should only return users recently logged in with ldap when filtered by ldap auth module", func() {
searchUserQuery := &models.SearchUsersQuery{AuthModule: "ldap"}
err = SearchUsers(searchUserQuery)
So(err, ShouldBeNil)
So(searchUserQuery.Result.Users, ShouldHaveLength, 4)
for _, user := range searchUserQuery.Result.Users {
if user.Login == login {
So(user.AuthModule, ShouldHaveLength, 1)
So(user.AuthModule[0], ShouldEqual, "ldap")
} }
} }
}) })