IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14232 from SilverFire/security-password-reset

Browse Source 
Prevent password reset when login form is disabled or either LDAP or Auth Proxy is enabled
This commit is contained in:
Marcus Efraimsson 2018-12-03 06:02:29 -08:00 committed by GitHub
commit ffec795fab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/api/password.go
View File

@ -4,10 +4,18 @@ import (
"github.com/grafana/grafana/pkg/api/dtos" "github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util" "github.com/grafana/grafana/pkg/util"
) )
func SendResetPasswordEmail(c *m.ReqContext, form dtos.SendResetPasswordEmailForm) Response { func SendResetPasswordEmail(c *m.ReqContext, form dtos.SendResetPasswordEmailForm) Response {
if setting.LdapEnabled || setting.AuthProxyEnabled {
return Error(401, "Not allowed to reset password when LDAP or Auth Proxy is enabled", nil)
}
if setting.DisableLoginForm {
return Error(401, "Not allowed to reset password when login form is disabled", nil)
}
userQuery := m.GetUserByLoginQuery{LoginOrEmail: form.UserOrEmail} userQuery := m.GetUserByLoginQuery{LoginOrEmail: form.UserOrEmail}
if err := bus.Dispatch(&userQuery); err != nil { if err := bus.Dispatch(&userQuery); err != nil {

4
public/app/core/controllers/reset_password_ctrl.ts
View File

@ -1,4 +1,5 @@
import coreModule from '../core_module'; import coreModule from '../core_module';
import config from 'app/core/config';
export class ResetPasswordCtrl { export class ResetPasswordCtrl {
/** @ngInject */ /** @ngInject */
@ -6,6 +7,9 @@ export class ResetPasswordCtrl {
contextSrv.sidemenu = false; contextSrv.sidemenu = false;
$scope.formModel = {}; $scope.formModel = {};
$scope.mode = 'send'; $scope.mode = 'send';
$scope.ldapEnabled = config.ldapEnabled;
$scope.authProxyEnabled = config.authProxyEnabled;
$scope.disableLoginForm = config.disableLoginForm;
const params = $location.search(); const params = $location.search();
if (params.code) { if (params.code) {

2
public/app/partials/login.html
View File

@ -22,7 +22,7 @@
<button type="submit" class="btn btn-large p-x-2 btn-inverse btn-loading" ng-if="loggingIn"> <button type="submit" class="btn btn-large p-x-2 btn-inverse btn-loading" ng-if="loggingIn">
Logging In<span>.</span><span>.</span><span>.</span> Logging In<span>.</span><span>.</span><span>.</span>
</button> </button>
<div class="small login-button-forgot-password"> <div class="small login-button-forgot-password" ng-hide="ldapEnabled || authProxyEnabled">
<a href="user/password/send-reset-email"> <a href="user/password/send-reset-email">
Forgot your password? Forgot your password?
</a> </a>

9
public/app/partials/reset_password.html
View File

@ -3,7 +3,14 @@
<div class="page-container page-body"> <div class="page-container page-body">
<div class="signup"> <div class="signup">
<h3 class="p-b-1">Reset password</h3> <h3 class="p-b-1">Reset password</h3>
<form name="sendResetForm" class="login-form gf-form-group" ng-show="mode === 'send'">
<div ng-if="ldapEnabled || authProxyEnabled">
You cannot reset password when LDAP or Auth Proxy authentication is enabled.
</div>
<div ng-if="disableLoginForm">
You cannot reset password when login form is disabled.
</div>
<form name="sendResetForm" class="login-form gf-form-group" ng-show="mode === 'send'" ng-hide="ldapEnabled || authProxyEnabled || disableLoginForm">
<div class="gf-form"> <div class="gf-form">
<span class="gf-form-label width-7">User</span> <span class="gf-form-label width-7">User</span>
<input type="text" name="username" class="gf-form-input max-width-14" required ng-model='formModel.userOrEmail' placeholder="email or username"> <input type="text" name="username" class="gf-form-input max-width-14" required ng-model='formModel.userOrEmail' placeholder="email or username">