Commit Graph

99 Commits

Author SHA1 Message Date
Marcus Efraimsson
6768c6c059
Chore: Remove public vars in setting package (#81018)
Removes the public variable setting.SecretKey plus some other ones. 
Introduces some new functions for creating setting.Cfg.
2024-01-23 12:36:22 +01:00
Jo
814d62406e
User: Verify external user status for accessing certain user routes (#79909)
stricter user profile route checking
2023-12-29 14:23:05 +01:00
Misi
ce1450d4d3
Chore: Configure SkipOrgRoleSync from OAuthInfo for OAuth connectors (#79443)
* Configure SkipOrgRoleSync from OAuthInfo

* Remove skipOrgRoleSync from socialbase and connectors

* Add test to socialimpl.ProvideService

* Deprecate AuthSettings' fields

* clean up misleading init of frontendsettings.Auth
2023-12-15 10:58:08 +01:00
Karl Persson
87eba34745
User: remove empty email / username check from update in service (#77347)
User: remove empty email / username check from update in service
2023-10-30 10:44:26 +01:00
Karl Persson
1528d6f5c4
Authn: Prevent empty username and email during sync (#76330)
* Move errors to error file

* Move check for both empty username and email to user service

* Move check for empty email and username to user service Update

* Wrap inner error

* Set username in test
2023-10-11 14:27:43 +02:00
Jo
5eed495cce
Chore: Port user services to identity.Requester (#73851)
* port api key api to signedinuser

* port users to signed in user interface

* fix tests
2023-08-28 10:42:24 +02:00
Ieva
d3b481dac8
Auth: Lock down Grafana admin role updates if the role is externally synced (#72677)
* lock down server admin role updates on the frontend if the user is externally synced

* add tests

* lock Grafana Server admin role updates from the backend

* rename variables

* check that the user has auth info

* add LDAP to providers for which Grafana Server admin role can be synced

* linting
2023-08-01 16:39:08 +01:00
Sofia Papagiannaki
32ff712e98
Swagger: Fix response for the search users endpoint (#71272)
* Regenerate OpenAPI specs for fetching the latest changes

* Fix swagger annotations for search users API
2023-07-13 11:35:03 +03:00
Serge Zaitsev
46605a3791
Chore: Fix authinfo api after result field removal (#65487)
fix authinfo api after result field removal
2023-03-28 23:12:57 +03:00
Serge Zaitsev
a38f230d37
Chore: Remove result fields from login (#65136)
* remove result fields from login

* fix tests

* fix tests

* another shadowing
2023-03-28 20:32:21 +02:00
Eric Leijonmarck
3cd952b8ba
Auth: Fix orgrole picker disabled if isSynced user (#64033)
* fix: disable orgrolepicker if externaluser is synced

* add disable to role picker

* just took me 2 hours to center the icon

* wip

* fix: check externallySyncedUser for API call

* remove check from store

* add: tests

* refactor authproxy and made tests run

* add: feature toggle

* set feature toggle for tests

* add: IsProviderEnabled

* refactor: featuretoggle name

* IsProviderEnabled tests

* add specific tests for isProviderEnabled

* fix: org_user tests

* add: owner to featuretoggle

* add missing authlabels

* remove fmt

* feature toggle

* change config

* add test for a different authmodule

* test refactor

* gen feature toggle again

* fix basic auth user able to change the org role

* test for basic auth role

* make err.base to error

* lowered lvl of log and input mesg
2023-03-22 17:41:59 +00:00
Karl Persson
8484d0c4ef
Settings: Remove global variables for auth settings (#63795)
* Setting: Remove global DisableLoginForm and add it to cfg

* Setting: Remove unused BasicAuthEnabled global

* Setting: Remove global OAuthAutoLogin and use from cfg

* Setting: Remove global AnonymousEnabled

* Setting: Remove global values for AuthProxy settings
2023-02-27 15:28:49 +01:00
Eric Leijonmarck
91b5337600
Auth: Refactoring of frontend skipOrgRoleSync logic to backend (#62921)
* WIP

* refactor: add function in login for externSynced

* refactor: make function to make ExternalSyncedInfo

- adds tests
- refactors strings into consts

* remove: console.log

* remove: unnessecary comment

* added exhaustive tests

* refactor: labelname

* removed unused code

* missspelling

* refactor: based on review comments

* add: comment to functions about authinfo behavior

* Update pkg/services/login/authinfo.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* Update pkg/services/login/authinfo.go

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

* fix: tests

---------

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-02-08 20:11:46 +00:00
idafurjes
cbc10f9c5d
Chore: Delete password and search from models package (#62482)
* Chore: Delete password and search from models package

* Rename model to AdminCreateUserResponse
2023-01-31 11:04:55 +01:00
Kristin Laemmert
9256a520a4
chore: move user_auth models to (mostly) login service (#62269)
* chore: move user_auth models to (mostly) login service
2023-01-27 13:36:54 -05:00
idafurjes
6c5a573772
Chore: Move ReqContext to contexthandler service (#62102)
* Chore: Move ReqContext to contexthandler service

* Rename package to contextmodel

* Generate ngalert files

* Remove unused imports
2023-01-27 08:50:36 +01:00
idafurjes
f2ffce4351
Chore: Move team models to models pkg (#61262)
* Chore: Move team models to models pkg

* Fix ACL tests

* More ACL tests

* Change Id to ID in conflict user command test

* Remove team from models

* Fix ac test lint
2023-01-11 14:20:09 +01:00
idafurjes
bb35f37b66
Chore: Delete org model duplicates (#60940)
* Delete org model duplicates

* Fix lint

* Move OrgDetailsDTO to org pkg
2023-01-04 16:20:26 +01:00
idafurjes
325f7a789e
Chore: Delete duplicate models for user (#60906)
* Delete duplicate models for user

* Use new models in some tests

* Add auth model conversion back
2023-01-03 15:25:35 +01:00
Jo
121631daae
Fix: Email and username trimming and invitation validation (#58442)
* fix: email and username trimming and invitation validation

* Trim leading and trailing whitespaces from email and username on signup

* Check whether the provided email address is the same as where the invitation sent

* Align tests

Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
2022-11-14 13:11:26 +01:00
idafurjes
bc7a383252
Remove org methods from sqlstore interface (#56358)
* Remove org methods from sqlstore interface

* Remove some mocks

* Fix some tests
2022-10-05 15:47:56 +02:00
idafurjes
a45ef61d25
Chore: Remove GetUserByEmail and GetUserByLogin from sqlstore (#55903)
* Chore: Remove GetUserByEmail and GetUserByLogin from sqlstore
 Rename GetUserProfile to GetProfile

* Fix lint

* Skip test for mysql

* Add missing method to sqlstore mock
2022-09-28 13:18:19 +02:00
Kristin Laemmert
701f6d5436
UserService: use the UserService instead of calling sqlstore directly (#55745)
* UserService: update callers to use the UserService instead of calling sqlstore directly

There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 07:58:49 -04:00
Serge Zaitsev
305d494902
Chore: Switch over to team.Service instead of sqlstore (#55497)
* switch to using team service

* trying to fix tests

* more tests to fix

* add missing teamtest package
2022-09-20 18:58:04 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00
idafurjes
6afad51761
Move SignedInUser to user service and RoleType and Roles to org (#53445)
* Move SignedInUser to user service and RoleType and Roles to org

* Use go naming convention for roles

* Fix some imports and leftovers

* Fix ldap debug test

* Fix lint

* Fix lint 2

* Fix lint 3

* Fix type and not needed conversion

* Clean up messages in api tests

* Clean up api tests 2
2022-08-10 11:56:48 +02:00
Jo
1f8b1eef75
SAML: Do not SAML SLO if user is not SAML authenticated (#53418)
* Only SLO user if the user is using SAML

* only one source of truth for auth module info

* ensure SAML is also enabled and not only SLO

* move auth module naming to auth module login package

* use constants in other previously unused spots
2022-08-10 10:21:33 +02:00
Krzysztof Dąbrowski
2dab7ad890
Login: allow basic users to reset password when LDAP or Auth Proxy is enabled (#52331) 2022-08-08 05:12:39 +00:00
idafurjes
20f4191e56
Chore: Add user service method ChangePassword (#53303)
* Chore: Add user service method ChangePassword

* Fix lint
2022-08-04 15:05:05 +02:00
idafurjes
6fdb6ea6f6
Chore: Add user service method Update (#53300)
* Chore: Add user service method Update

* Remove UpdateUser from store interface
2022-08-04 14:22:44 +02:00
idafurjes
1ecbe22751
Chore: Add user service method GetByLogin (#53204)
* Add wrapper around sqlstore method GetUserByLogin

* Use new method from user service

* Fix lint

* Fix lint 2

* fix middleware basic auth test

* Fix grafana login returning a user by login

* Remove GetUserByLogin from store interface

* Merge commit
2022-08-04 13:22:43 +02:00
idafurjes
fab6c38c95
Chore: Split get user by ID (#52442)
* Remove user from preferences, stars, orguser, team member

* Fix lint

* Add Delete user from org and dashboard acl

* Delete user from user auth

* Add DeleteUser to quota

* Add test files and adjust user auth store

* Rename package in wire for user auth

* Import Quota Service interface in other services

* do the same in tests

* fix lint tests

* Fix tests

* Add some tests

* Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser

* Rename DeleteUser to DeleteByUser in quota

* changing a method name in few additional places

* Fix in other places

* Fix lint

* Fix tests

* Chore: Split Delete User method

* Add fakes for userauth

* Add mock for access control Delete User permossion, use interface

* Use interface for ream guardian

* Add simple fake for dashboard acl

* Add go routines, clean up, use interfaces

* fix lint

* Update pkg/services/user/userimpl/user_test.go

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>

* Update pkg/services/user/userimpl/user_test.go

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>

* Update pkg/services/user/userimpl/user_test.go

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>

* Split get user by ID

* Use new method in api

* Add tests

* Aplly emthod in auth info service

* Fix lint and some tests

* Fix get user by ID

* Fix lint
Remove unused fakes

* Use split get user id in admin users

* Use GetbyID in cli commands

* Clean up after merge

* Remove commented out code

* Clena up imports

* add back )

* Fix wire generation for runner after merge with main

Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 16:58:05 +02:00
Sofia Papagiannaki
7ba076de10
Chore: Move swagger definitions to the handlers (#52643) 2022-07-27 09:54:37 -04:00
idafurjes
d3d8fdd878
Chore: Move user errors to user service (#52460)
* Move user not found err to user service

* User ErrCaseInsensitive from user pkg

* User ErrUserAlreadyExists from user pkg

* User ErrLastGrafanaAdmin from user pkg

* Remove errors from model
2022-07-20 14:50:06 +02:00
idafurjes
6c43eb0b4d
Split Create User (#50502)
* Split Create User

* Use new create user and User from package user

* Add service to wire

* Making create user work

* Replace user from user pkg

* One more

* Move Insert to orguser Service/Store

* Remove unnecessary conversion

* Cleaunp

* Fix Get User and add fakes

* Fixing get org id for user logic, adding fakes and other adjustments

* Add some tests for ourguser service and store

* Fix insert org logic

* Add comment about deprecation

* Fix after merge with main

* Move orguser service/store to org service/store

* Remove orguser from wire

* Unimplement new Create user and use User from pkg user

* Fix wire generation

* Fix lint

* Fix lint - use only User and CrateUserCommand from user pkg

* Remove User and CreateUserCommand from models

* Fix lint 2
2022-06-28 14:32:25 +02:00
Jguer
0689c5839a
Auth: Add option for case insensitive login (#49262)
* add case insensitive option

* treat id as case insensitive

* Users: Add integration tests for case insensitive querying

* Prefer config struct to global variable

* change key to case_insensitive_login

* impede conflicting users from logging in

* add tests for impeding user retrieval if conflicting

* nits and picks

Co-authored-by: gamab <gabi.mabs@gmail.com>

* Add check in transaction for conflicting user

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* add update tests

* skip on mysql

* add custom messages for user admin view

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* nit: extra else

* linting mistake

Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2022-06-24 16:59:45 +02:00
Ieva
5dbea9996b
RBAC: Make RBAC action names more consistent (#49730)
* update action names

* correctly retrieve teams for signed in user

* remove test

* undo swagger changes

* undo swagger changes pt2

* add migration from old action names to the new ones

* rename from list to read

* linting

* also update alertign actions

* fix migration
2022-06-02 13:14:48 +01:00
ying-jeanne
7ddae870e7
fix status code 200 (#47818) 2022-04-15 08:01:58 -04:00
Gabriel MABILLE
3440e7c8f7
AccessControl: Fix locked role picker in orgs/edit page (#46539)
* AccessControl: Fix locked role picker in orgs/edit page

* Use correct org when computing metadata
2022-03-24 08:58:10 +01:00
Karl Persson
faf4a3f751
Access Control: Rename global users scope (#46794)
* Rename scope from global:users to global.users to match scope convention
2022-03-22 12:48:46 +01:00
Karl Persson
7ab1ef8d6e
Access Control: Support other attributes than id for resource permissions (#46727)
* Add option to set ResourceAttribute for a permissions service
* Use prefix in access control sql filter to parse scopes
* Use prefix in access control metadata to check access
2022-03-21 17:58:18 +01:00
Gabriel MABILLE
14bee49f9a
AccessControl: Compute metadata from context permissions (#45578)
* AccessControl: Compute metadata from context permissions

* Remove nil

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Check user permissions are set

Co-authored-by: Jguer <joao.guerreiro@grafana.com>
2022-02-18 11:27:00 +01:00
Gabriel MABILLE
6fbf346747
AccessControl: Add endpoint to get user permissions (#45309)
* AccessControl: Add endpoint to get user permissions

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>

* Fix SA tests

* Linter is wrong :p

* Wait I was wrong

* Adding the route for teams:creator too

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
2022-02-11 17:40:43 +01:00
idafurjes
58ee553634
Chore: Remove bus from user api (#44468)
* Chore: Remove bus from user api

* Adu authinfoservice interface

* User authinfoservice.Service instead of authinfoservice.Implementation in HTTPServer

* Rename Implementation to authInfoService
2022-01-26 20:24:05 +01:00
ying-jeanne
7422789ec7
Remove Macaron ParamsInt64 function from code base (#43810)
* draft commit

* change all calls

* Compilation errors
2022-01-15 00:55:57 +08:00
Gabriel MABILLE
92c568e9f7
AccessControl: Remove unused error from GetResourcesMetadata (#43710)
* AccessControl: Remove unused error from GetResourcesMetadata

Co-authored-by: J Guerreiro <joao.guerreiro@grafana.com>
2022-01-05 17:24:14 +01:00
J Guerreiro
056e143664
AccessControl: Present user edit actions according to AC metadata (#43602)
* AccessControl: Add user metadata to user detail view

* AccessControl: Do not present delete or disable buttons based on ac metadata in admin/users

* AccessControl: do not allow password changing or user editing without permission

* AccessControl: Fetch global:users scope for admin

* AccessControl: optimize org.user metadata fetch

* Chore: early return if ac metadata is not available
2022-01-05 09:59:17 +01:00
idafurjes
8e6d6af744
Rename DispatchCtx to Dispatch (#43563) 2021-12-28 17:36:22 +01:00
Serge Zaitsev
d9cdcb550e
Chore: Refactor api handlers to use web.Bind (#42199)
* Chore: Refactor api handlers to use web.Bind

* fix comments

* fix comment

* trying to fix most of the tests and force routing.Wrap type check

* fix library panels tests

* fix frontend logging tests

* allow passing nil as a response to skip writing

* return nil instead of the response

* rewrite login handler function types

* remove handlerFuncCtx

* make linter happy

* remove old bindings from the libraryelements

* restore comments
2021-11-29 10:18:01 +01:00
idafurjes
f4f0d74838
Chore: Add context to user (#39649)
* Add context to user

* Add context for enterprise

* Add context for UpdateUserLastSeenAtCommand

* Remove xorm
2021-10-04 15:46:09 +02:00