mirror of
https://github.com/grafana/grafana.git
synced 2025-01-27 00:37:04 -06:00
AuthInfo: No mandatory auth_id in Auth Info service (#81335)
* fix auth info update not having mandatory auth_id * remove uneeded newline
This commit is contained in:
parent
29e8a355cb
commit
f3f36e37fa
docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth
pkg/services
@ -41,6 +41,7 @@ To follow this guide:
|
|||||||
|
|
||||||
- Ensure that you have access to the [Grafana configuration file]({{< relref "../../../configure-grafana#configuration-file-location" >}}).
|
- Ensure that you have access to the [Grafana configuration file]({{< relref "../../../configure-grafana#configuration-file-location" >}}).
|
||||||
- Ensure you know how to create an OAuth2 application with your OAuth2 provider. Consult the documentation of your OAuth2 provider for more information.
|
- Ensure you know how to create an OAuth2 application with your OAuth2 provider. Consult the documentation of your OAuth2 provider for more information.
|
||||||
|
- Ensure your identity provider returns OpenID UserInfo compatible information such as `sub` claim.
|
||||||
- If you are using refresh tokens, ensure you know how to set them up with your OAuth2 provider. Consult the documentation of your OAuth2 provider for more information.
|
- If you are using refresh tokens, ensure you know how to set them up with your OAuth2 provider. Consult the documentation of your OAuth2 provider for more information.
|
||||||
|
|
||||||
## Steps
|
## Steps
|
||||||
|
@ -147,6 +147,11 @@ func (c *OAuth) Authenticate(ctx context.Context, r *authn.Request) (*authn.Iden
|
|||||||
return nil, errOAuthUserInfo.Errorf("failed to get user info: %w", err)
|
return nil, errOAuthUserInfo.Errorf("failed to get user info: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Implement in Grafana 11
|
||||||
|
// if userInfo.Id == "" {
|
||||||
|
// return nil, errors.New("idP did not return a user id")
|
||||||
|
// }
|
||||||
|
|
||||||
if userInfo.Email == "" {
|
if userInfo.Email == "" {
|
||||||
return nil, errOAuthMissingRequiredEmail.Errorf("required attribute email was not provided")
|
return nil, errOAuthMissingRequiredEmail.Errorf("required attribute email was not provided")
|
||||||
}
|
}
|
||||||
|
@ -12,6 +12,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/services/login"
|
"github.com/grafana/grafana/pkg/services/login"
|
||||||
"github.com/grafana/grafana/pkg/services/secrets"
|
"github.com/grafana/grafana/pkg/services/secrets"
|
||||||
"github.com/grafana/grafana/pkg/services/user"
|
"github.com/grafana/grafana/pkg/services/user"
|
||||||
|
"github.com/grafana/grafana/pkg/util/errutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Service struct {
|
type Service struct {
|
||||||
@ -24,7 +25,7 @@ type Service struct {
|
|||||||
const remoteCachePrefix = "authinfo-"
|
const remoteCachePrefix = "authinfo-"
|
||||||
const remoteCacheTTL = 60 * time.Hour
|
const remoteCacheTTL = 60 * time.Hour
|
||||||
|
|
||||||
var errMissingParameters = errors.New("user ID and auth ID must be set")
|
var errMissingParameters = errutil.NewBase(errutil.StatusBadRequest, "auth-missing-parameters", errutil.WithPublicMessage("Missing parameters for auth info"))
|
||||||
|
|
||||||
func ProvideService(authInfoStore login.Store,
|
func ProvideService(authInfoStore login.Store,
|
||||||
remoteCache remotecache.CacheStorage,
|
remoteCache remotecache.CacheStorage,
|
||||||
@ -118,12 +119,12 @@ func generateCacheKey(query *login.GetAuthInfoQuery) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) UpdateAuthInfo(ctx context.Context, cmd *login.UpdateAuthInfoCommand) error {
|
func (s *Service) UpdateAuthInfo(ctx context.Context, cmd *login.UpdateAuthInfoCommand) error {
|
||||||
if cmd.UserId == 0 || cmd.AuthId == "" {
|
// Only update auth info if we have an (user id + auth module)
|
||||||
return errMissingParameters
|
if cmd.UserId == 0 || cmd.AuthModule == "" {
|
||||||
|
return errMissingParameters.Errorf("missing parameters for auth info %v", cmd)
|
||||||
}
|
}
|
||||||
|
|
||||||
err := s.authInfoStore.UpdateAuthInfo(ctx, cmd)
|
if err := s.authInfoStore.UpdateAuthInfo(ctx, cmd); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -137,12 +138,12 @@ func (s *Service) UpdateAuthInfo(ctx context.Context, cmd *login.UpdateAuthInfoC
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) SetAuthInfo(ctx context.Context, cmd *login.SetAuthInfoCommand) error {
|
func (s *Service) SetAuthInfo(ctx context.Context, cmd *login.SetAuthInfoCommand) error {
|
||||||
if cmd.UserId == 0 || cmd.AuthId == "" {
|
// Only set auth info if we have an (user id + auth module)
|
||||||
return errMissingParameters
|
if cmd.UserId == 0 || cmd.AuthModule == "" {
|
||||||
|
return errMissingParameters.Errorf("missing parameters for auth info %v", cmd)
|
||||||
}
|
}
|
||||||
|
|
||||||
err := s.authInfoStore.SetAuthInfo(ctx, cmd)
|
if err := s.authInfoStore.SetAuthInfo(ctx, cmd); err != nil {
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -172,6 +173,7 @@ func (s *Service) DeleteUserAuthInfo(ctx context.Context, userID int64) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) deleteUserAuthInfoInCache(ctx context.Context, query *login.GetAuthInfoQuery) {
|
func (s *Service) deleteUserAuthInfoInCache(ctx context.Context, query *login.GetAuthInfoQuery) {
|
||||||
|
if query.AuthId != "" {
|
||||||
err := s.remoteCache.Delete(ctx, generateCacheKey(&login.GetAuthInfoQuery{
|
err := s.remoteCache.Delete(ctx, generateCacheKey(&login.GetAuthInfoQuery{
|
||||||
AuthModule: query.AuthModule,
|
AuthModule: query.AuthModule,
|
||||||
AuthId: query.AuthId,
|
AuthId: query.AuthId,
|
||||||
@ -179,7 +181,9 @@ func (s *Service) deleteUserAuthInfoInCache(ctx context.Context, query *login.Ge
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Warn("failed to delete auth info from cache", "error", err)
|
s.logger.Warn("failed to delete auth info from cache", "error", err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if query.UserId != 0 {
|
||||||
errN := s.remoteCache.Delete(ctx, generateCacheKey(
|
errN := s.remoteCache.Delete(ctx, generateCacheKey(
|
||||||
&login.GetAuthInfoQuery{
|
&login.GetAuthInfoQuery{
|
||||||
UserId: query.UserId,
|
UserId: query.UserId,
|
||||||
@ -197,3 +201,4 @@ func (s *Service) deleteUserAuthInfoInCache(ctx context.Context, query *login.Ge
|
|||||||
s.logger.Warn("failed to delete user module auth info from cache", "error", errA)
|
s.logger.Warn("failed to delete user module auth info from cache", "error", errA)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user