IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Sessions: Remove invalid session cookie if it's invalid/expired/missing (#59556)

Browse Source 
only remove invalid session cookie if it's invalid/expired/missing
This commit is contained in:
Jo 2022-11-30 14:33:19 +00:00 committed by GitHub
parent 10a83714c8
commit fee50be1bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/models/usertoken/user_token.go
View File

@ -1,12 +1,23 @@
package usertoken package usertoken
import (
"errors"
"fmt"
)
var ErrInvalidSessionToken = errors.New("invalid session token")
type TokenRevokedError struct { type TokenRevokedError struct {
UserID int64 UserID int64
TokenID int64 TokenID int64
MaxConcurrentSessions int64 MaxConcurrentSessions int64
} }
func (e *TokenRevokedError) Error() string { return "user token revoked" } func (e *TokenRevokedError) Error() string {
return fmt.Sprintf("%s: user token revoked", ErrInvalidSessionToken)
}
func (e *TokenRevokedError) Unwrap() error { return ErrInvalidSessionToken }
// UserToken represents a user token // UserToken represents a user token
type UserToken struct { type UserToken struct {

15
pkg/services/auth/auth.go
View File

@ -3,6 +3,7 @@ package auth
import ( import (
"context" "context"
"errors" "errors"
"fmt"
"net" "net"
"github.com/grafana/grafana/pkg/models/usertoken" "github.com/grafana/grafana/pkg/models/usertoken"
@ -18,10 +19,14 @@ const (
// Typed errors // Typed errors
var ( var (
ErrUserTokenNotFound = errors.New("user token not found") ErrUserTokenNotFound = errors.New("user token not found")
ErrInvalidSessionToken = usertoken.ErrInvalidSessionToken
) )
type TokenRevokedError = usertoken.TokenRevokedError type (
TokenRevokedError = usertoken.TokenRevokedError
UserToken = usertoken.UserToken
)
// CreateTokenErr represents a token creation error; used in Enterprise // CreateTokenErr represents a token creation error; used in Enterprise
type CreateTokenErr struct { type CreateTokenErr struct {
@ -42,9 +47,11 @@ type TokenExpiredError struct {
TokenID int64 TokenID int64
} }
func (e *TokenExpiredError) Error() string { return "user token expired" } func (e *TokenExpiredError) Unwrap() error { return ErrInvalidSessionToken }
type UserToken = usertoken.UserToken func (e *TokenExpiredError) Error() string {
return fmt.Sprintf("%s: user token expired", ErrInvalidSessionToken)
}
type RevokeAuthTokenCmd struct { type RevokeAuthTokenCmd struct {
AuthTokenId int64 `json:"authTokenId"` AuthTokenId int64 `json:"authTokenId"`

9
pkg/services/contexthandler/contexthandler.go
View File

@ -429,9 +429,12 @@ func (h *ContextHandler) initContextWithToken(reqContext *models.ReqContext, org
token, err := h.AuthTokenService.LookupToken(ctx, rawToken) token, err := h.AuthTokenService.LookupToken(ctx, rawToken)
if err != nil { if err != nil {
reqContext.Logger.Warn("Failed to look up user based on cookie", "error", err) reqContext.Logger.Warn("failed to look up session from cookie", "error", err)
// Burn the cookie in case of failure if errors.Is(err, auth.ErrUserTokenNotFound) || errors.Is(err, auth.ErrInvalidSessionToken) {
reqContext.Resp.Before(h.deleteInvalidCookieEndOfRequestFunc(reqContext)) // Burn the cookie in case of invalid, expired or missing token
reqContext.Resp.Before(h.deleteInvalidCookieEndOfRequestFunc(reqContext))
}
reqContext.LookupTokenErr = err reqContext.LookupTokenErr = err
return false return false