IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthN: Make client params part of the identity (#61050)

Browse Source 
* AuthN: Change client params to be a return value of authenticate

* AuthN: move client params to be part of the identity
This commit is contained in:
Karl Persson
2023-01-05 20:17:41 +01:00
committed by GitHub
parent 183397194a
commit cdd7392f68
14 changed files with 91 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/services/authn/authnimpl/service.go
View File

@@ -98,9 +98,8 @@ func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Requ
return nil, true, err
}
params := c.ClientParams()
for _, hook := range s.postAuthHooks {
if err := hook(ctx, params, identity, r); err != nil {
if err := hook(ctx, identity, r); err != nil {
return nil, false, err
}
}

5
pkg/services/authn/authnimpl/usersync/orgsync.go
View File

@@ -27,9 +27,8 @@ type OrgSync struct {
log log.Logger
}
func (s *OrgSync) SyncOrgUser(ctx context.Context,
clientParams *authn.ClientParams, id *authn.Identity, _ *authn.Request) error {
if !clientParams.SyncUser {
func (s *OrgSync) SyncOrgUser(ctx context.Context, id *authn.Identity, _ *authn.Request) error {
if !id.ClientParams.SyncUser {
s.log.Debug("Not syncing org user", "auth_module", id.AuthModule, "auth_id", id.AuthID)
return nil
}

16
pkg/services/authn/authnimpl/usersync/orgsync_test.go
View File

@@ -50,9 +50,8 @@ func TestOrgSync_SyncOrgUser(t *testing.T) {
log log.Logger
}
type args struct {
ctx context.Context
clientParams *authn.ClientParams
id *authn.Identity
ctx context.Context
id *authn.Identity
}
tests := []struct {
name string
@@ -71,9 +70,6 @@ func TestOrgSync_SyncOrgUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
},
id: &authn.Identity{
ID: "user:1",
Login: "test",
@@ -86,6 +82,9 @@ func TestOrgSync_SyncOrgUser(t *testing.T) {
Email: ptrString("test"),
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
wantID: &authn.Identity{
@@ -101,6 +100,9 @@ func TestOrgSync_SyncOrgUser(t *testing.T) {
Email: ptrString("test"),
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
wantErr: false,
},
@@ -113,7 +115,7 @@ func TestOrgSync_SyncOrgUser(t *testing.T) {
accessControl: tt.fields.accessControl,
log: tt.fields.log,
}
if err := s.SyncOrgUser(tt.args.ctx, tt.args.clientParams, tt.args.id, nil); (err != nil) != tt.wantErr {
if err := s.SyncOrgUser(tt.args.ctx, tt.args.id, nil); (err != nil) != tt.wantErr {
t.Errorf("OrgSync.SyncOrgUser() error = %v, wantErr %v", err, tt.wantErr)
}

13
pkg/services/authn/authnimpl/usersync/usersync.go
View File

@@ -25,9 +25,8 @@ type UserSync struct {
}
// SyncUser syncs a user with the database
func (s *UserSync) SyncUser(ctx context.Context,
clientParams *authn.ClientParams, id *authn.Identity, _ *authn.Request) error {
if !clientParams.SyncUser {
func (s *UserSync) SyncUser(ctx context.Context, id *authn.Identity, _ *authn.Request) error {
if !id.ClientParams.SyncUser {
s.log.Debug("Not syncing user", "auth_module", id.AuthModule, "auth_id", id.AuthID)
return nil
}
@@ -39,7 +38,7 @@ func (s *UserSync) SyncUser(ctx context.Context,
}
if errors.Is(errUserInDB, user.ErrUserNotFound) {
if !clientParams.AllowSignUp {
if !id.ClientParams.AllowSignUp {
s.log.Warn("Not allowing login, user not found in internal user database and allow signup = false",
"auth_module", id.AuthModule)
return login.ErrSignupNotAllowed
@@ -54,7 +53,7 @@ func (s *UserSync) SyncUser(ctx context.Context,
}
// update user
if errUpdate := s.updateUserAttributes(ctx, clientParams, usr, id); errUpdate != nil {
if errUpdate := s.updateUserAttributes(ctx, usr, id); errUpdate != nil {
return errUpdate
}
@@ -99,7 +98,7 @@ func (s *UserSync) updateAuthInfo(ctx context.Context, id *authn.Identity) error
return s.authInfoService.UpdateAuthInfo(ctx, updateCmd)
}
func (s *UserSync) updateUserAttributes(ctx context.Context, clientParams *authn.ClientParams, usr *user.User, id *authn.Identity) error {
func (s *UserSync) updateUserAttributes(ctx context.Context, usr *user.User, id *authn.Identity) error {
// sync user info
updateCmd := &user.UpdateUserCommand{
UserID: usr.ID,
@@ -131,7 +130,7 @@ func (s *UserSync) updateUserAttributes(ctx context.Context, clientParams *authn
}
}
if usr.IsDisabled && clientParams.EnableDisabledUsers {
if usr.IsDisabled && id.ClientParams.EnableDisabledUsers {
usr.IsDisabled = false
if errDisableUser := s.userService.Disable(ctx,
&user.DisableUserCommand{

95
pkg/services/authn/authnimpl/usersync/usersync_test.go
View File

@@ -85,9 +85,8 @@ func TestUserSync_SyncUser(t *testing.T) {
log log.Logger
}
type args struct {
ctx context.Context
clientParams *authn.ClientParams
id *authn.Identity
ctx context.Context
id *authn.Identity
}
tests := []struct {
name string
@@ -106,11 +105,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: false,
AllowSignUp: false,
EnableDisabledUsers: false,
},
id: &authn.Identity{
ID: "",
Login: "test",
@@ -121,6 +115,7 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: ptrString("test"),
Login: nil,
},
ClientParams: authn.ClientParams{},
},
},
wantErr: false,
@@ -134,6 +129,7 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: ptrString("test"),
Login: nil,
},
ClientParams: authn.ClientParams{},
},
},
{
@@ -146,11 +142,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: false,
EnableDisabledUsers: false,
},
id: &authn.Identity{
ID: "",
Login: "test",
@@ -161,6 +152,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: ptrString("test"),
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
wantErr: false,
@@ -175,6 +169,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: ptrString("test"),
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
{
@@ -187,11 +184,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: false,
EnableDisabledUsers: false,
},
id: &authn.Identity{
ID: "",
Login: "test",
@@ -202,6 +194,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: ptrString("test"),
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
wantErr: false,
@@ -216,6 +211,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: ptrString("test"),
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
{
@@ -228,11 +226,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: false,
EnableDisabledUsers: false,
},
id: &authn.Identity{
ID: "",
Login: "test",
@@ -243,6 +236,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
wantErr: false,
@@ -257,6 +253,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
{
@@ -269,11 +268,7 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: false,
EnableDisabledUsers: false,
},
id: &authn.Identity{
ID: "",
Login: "test",
@@ -284,6 +279,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
wantErr: false,
@@ -298,6 +296,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
{
@@ -310,11 +311,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: false,
EnableDisabledUsers: false,
},
id: &authn.Identity{
ID: "",
Login: "test",
@@ -327,6 +323,9 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
},
},
},
wantErr: true,
@@ -341,11 +340,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: true,
EnableDisabledUsers: true,
},
id: &authn.Identity{
ID: "",
Login: "test_create",
@@ -359,6 +353,11 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: ptrString("test_create"),
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
AllowSignUp: true,
EnableDisabledUsers: true,
},
},
},
wantErr: false,
@@ -375,6 +374,11 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: ptrString("test_create"),
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
AllowSignUp: true,
EnableDisabledUsers: true,
},
},
},
{
@@ -387,11 +391,6 @@ func TestUserSync_SyncUser(t *testing.T) {
},
args: args{
ctx: context.Background(),
clientParams: &authn.ClientParams{
SyncUser: true,
AllowSignUp: false,
EnableDisabledUsers: true,
},
id: &authn.Identity{
ID: "",
Login: "test_mod",
@@ -404,6 +403,10 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
EnableDisabledUsers: true,
},
},
},
wantErr: false,
@@ -419,6 +422,10 @@ func TestUserSync_SyncUser(t *testing.T) {
Email: nil,
Login: nil,
},
ClientParams: authn.ClientParams{
SyncUser: true,
EnableDisabledUsers: true,
},
},
},
}
@@ -430,7 +437,7 @@ func TestUserSync_SyncUser(t *testing.T) {
quotaService: tt.fields.quotaService,
log: tt.fields.log,
}
err := s.SyncUser(tt.args.ctx, tt.args.clientParams, tt.args.id, nil)
err := s.SyncUser(tt.args.ctx, tt.args.id, nil)
if tt.wantErr {
require.Error(t, err)
return