* Add function to get the namespaced id
* Add function to resolve an identity through authn.Service from org and namespace id
* Switch to resolve identity for re-authenticate in another org
* poc
* add logger, skip hook when user is not assigned to default org
* Add tests, move to hook folder
* docs
* Skip for OrgId < 1
* Address feedback
* Update docs/sources/setup-grafana/configure-grafana/_index.md
* lint
* Move the hook to org_sync.go
* Update pkg/services/authn/authnimpl/sync/org_sync.go
* Handle the case when GetUserOrgList returns error
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* fix LDAP users authenticated via auth proxy not being able to use ldap sync
* simplify id resolution at the cost of no fallthrough
* remove unused services
* remove unused cache key
* AuthN: Remove embedded oauth server
* Restore main
* go mod tidy
* Fix problem
* Remove permission intersection
* Fix test and lint
* Fix TestData test
* Revert to origin/main
* Update go.mod
* Update go.mod
* Update go.sum
* merge JSON search logic
* document public methods
* improve test coverage
* use separate JWT setting struct
* correct use of cfg.JWTAuth
* add group tests
* fix DynMap typing
* add settings to default ini
* add groups option to devenv path
* fix test
* lint
* revert jwt-proxy change
* remove redundant check
* fix parallel test
* Add AuthNSvc reload handling
* Working, need to add test
* Remove commented out code
* Add Reload implementation to connectors
* Align and add tests, refactor
* Add more tests, linting
* Add extra checks + tests to oauth client
* Clean up based on reviews
* Move config instantiation into newSocialBase
* Use specific error
* AuthnSync: Rename files and structures
* AuthnSync: register rbac cloud role sync if feature toggle is enabled
* RBAC: Add new sync function to service interface
* RBAC: add common prefix and role names for cloud fixed roles
* AuthnSync+RBAC: implement rbac cloud role sync
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Refactor to prevent cyclic dependencies
* Move list authorization to the API layer
* Init connectors using the SSO settings service in case the ssoSettingsApi feature toggle is enabled
* wip, need to handle the cyclic dep
* Remove cyclic dependency
* Align tests + refactor
* Move back OAuthInfo to social
* Delete pkg/login/social/constants
* Move reloadable registration to the social providers
* Rename connectors.Error to connectors.SocialError
* Move test to the db so we test the queries and not just testing the mock
* Remove unused function and dependencies
* Remove unused functions from the database
* Add some integration tests
* Use singleflight to prevent logging error if the token has already been refreshed
* Change order of error checks
* align tests, change error name
* Change sf key
* Update based on the review
* refactor
* Move rotate logic into its own function
* Move oauth token sync to session client
* Add user to the local cache if refresh tokens are not enabled for the provider so we can skip the check in other
requests
* Move errors to error file
* Move check for both empty username and email to user service
* Move check for empty email and username to user service Update
* Wrap inner error
* Set username in test
* remove API tagging method and authed tagging
* add anonstore
move debug to after cache
change test order
fix issue where mysql trims to second
* add old device cleanup
lint
utc-ize everything
trim whitespace
* remove dangling setting
* Add delete devices
* Move anonymous authnclient to anonimpl
* Add simple post login hook
* move registration of Background Service
cleanup
* add updated_at index
* do not untag device if login err
* add delete device integration test
* [LDAP] Disable removed users on login
* Fix tests
* Add test for user disabling
* Add tests for disabling user behind auth proxy
* Linting.
* Rename setup func
* Account for reviews comments
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Authn: Add interface for external identity sync
This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default
* Authn: Add SyncIdentity to fake and add a new mock
* Dashboards: Fix tests when authn broker is enabled.
StarService was not configured for tests, the call was guarded by !c.IsSignedIn
* Change default to be anon user to match expectations from tests
* OAuth: rewrite tests to work with authn.Service
* Setup template renderer by default
* Extract cookie options from cfg instead of relying on global variables
* Fix test to work with authn service
* Middleware: rewrite auth tests
* Remvoe session cookie if we cannot refresh access token
* fixed: added id token expiry check to oauth token sync
* use go-jose and id token in cache
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
* refactored getOAuthTokenCacheTTL and added unit tests
* Small changes to oauth_token_sync
* Remove unnecessary contexthandler changes
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
