* add anon sessions package
* add usage stat fn
* implement count for cache
* add anonservice to authn broker
* lint
* add tests for remote cache count
* move anon service to services
* wrap tagging in goroutine
* make func used
* structure dtos and private methods
* add basic LDAP service
* use LDAP service in ldap debug API
* lower non fatal error
* remove unused globals
* wip
* remove final globals
* fix tests to use cfg enabled
* restructure errors
* remove logger from globals
* use ldap service in authn
* use ldap service in context handler
* fix failed tests
* fix ldap middleware provides
* fix provides in auth_test.go
* API: Add reqSignedIn to router groups
* AuthN: Add fall through in context handler
* AuthN: Add IsAnonymous field
* AuthN: add priority to context aware clients
* ContextHandler: Add comment
* AuthN: Add a simple priority queue
* AuthN: Add Name to client interface
* AuthN: register clients with function
* AuthN: update mock and fake to implement interface
* AuthN: rewrite test without reflection
* AuthN: add comment
* AuthN: fix queue insert
* AuthN: rewrite tests
* AuthN: make the queue generic so we can reuse it for hooks
* ContextHandler: Add fixme for auth headers
* AuthN: remove unused variable
* AuthN: use multierror
* AuthN: write proper tests for queue
* AuthN: Add queue item that can store the value and priority
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* AUthN: Add last seen sync hooks for user / service account and move api
key last seen to own hook
* ContextHandler: only run sync for last seen if auth.Service is not
enabled
* AuthN: set up boilerplate for proxy client
* AuthN: Implement Test for proxy client
* AuthN: parse accept list in constructor
* AuthN: add proxy client interface
* AuthN: handle error
* AuthN: Implement the proxy client interface for ldap
* AuthN: change reciever name
* AuthN: add grafana as a proxy client
* AuthN: for error returned
* AuthN: add tests for grafana proxy auth
* AuthN: swap order of grafan and ldap auth
* AuthN: Parse additional proxy headers in proxy client and pass down
* AuthN: Add boilderplate for render auth client
* AuthN: Implement test function for render auth client
* AuthN: Implement Authenticate for render arender auth client
* ContextHandler: Perform render auth if flag is enabled
* AuthN: Add basic auth client boilerplate
* AuthN: Implement test function for basic auth client
* AuthN: Implement the authentication method for basic auth
* AuthN: Add tests for basic auth authentication
* ContextHandler: perform basic auth authentication through authn service
if feature toggle is enabled
* AuthN: Add providers for sync services and pass required dependencies
* AuthN: Add functionallity to test if auth client should be used
* AuthN: Add bolierplate client for api keys and register it
* AuthN: Add tests for api key client
* Inject service
* AuthN: Update client names
* ContextHandler: Set authn service
* AuthN: Implement authentication for api key client
* ContextHandler: Use authn service for api keys if flag is enabled
* AuthN: refactor authentication method to return additional value to
indicate if client could perform authentication
* update prefixes
* Add namespaced id to identity
* AuthN: Expand the Identity struct to include required fields from signed
in user
* Add error for disabled service account
* Add function to write error response based on errutil.Error
* Add error to log
* Return errors based on errutil.Error
* pass error
* update log message
* Fix namespaced ids
* Add tests
* Lint
* Add ApprovalForce to AuthCodeOptions
* Extract access token validity check to a function
* Refactor
* Oauth: set options internally instead of exposing new function
* Align tests
* Remove unused function
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Auth: move interface to its own file
* Auth: move to test package
* Auth: move quota consts to auth file
* Auth: move service to impl package
* Auth: move interfaces and related models to auth package
* Auth: Create sub package and type alias to avoid circular dependency
* add: IsServiceAccount to SignedInUser and IsRealUser
* fix: linting error
* refactor: add function IsServiceAccountUser()
By adding the function IsServiceAccountUser() we use it to identify for
ServiceAccounts in the HasUniqueID() since caching is built up on having
a uniqueID, see comment: https://github.com/grafana/grafana/pull/58015#discussion_r1011361880
* Plugins: Remove support for V1 manifests
* Plugins: Make proxy endpoints not leak sensitive HTTP headers
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 4539c33fce)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* chore: add alias for InitTestDB and Session
Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.
* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
* Chore: use org service methods
* fix tests
* fix errors
* adjust func signatures for getbyname
* 💩
* Use the same fake service to get the user in AC and in HS
* Fix middleware test
* Fix more middleware test
* Fix api tests
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
* UserService: update callers to use the UserService instead of calling sqlstore directly
There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
* feat: allow jwt role to be set
* chore: update documentation
* fix: cr suggestions
* fix: lint issues
* respect org auto assign and default org ID
* add server admin to devenv
Co-authored-by: jguer <joao.guerreiro@grafana.com>
