Commit Graph

76 Commits

Author SHA1 Message Date
idafurjes
b8852ef6a3
Chore: Remove context.TODO() (#43409)
* Remove context.TODO() from services

* Fix live test

* Remove context.TODO
2021-12-22 11:02:42 +01:00
Emil Tullstedt
12e0a94316
JWT: Split race-y test into two stable tests (#41950) 2021-11-19 12:05:04 +01:00
Emil Tullstedt
dbb8246b6b
JWT: Increase distance from now in tests (#41794) 2021-11-17 12:03:56 +01:00
Guillaume GILL
7c5de96503
Auth: Omit all base64 paddings in JWT tokens for the JWT auth (#35602)
Omitting all base64 paddings (=) in JWT tokens.

Fixes #34496
2021-10-27 18:50:30 +02:00
Serge Zaitsev
995afa2221
Chore: Refactor GoConvey in auth package (#40850)
* refactor goconvey in auth package

* make linter happy
2021-10-27 16:08:21 +02:00
idafurjes
f4f0d74838
Chore: Add context to user (#39649)
* Add context to user

* Add context for enterprise

* Add context for UpdateUserLastSeenAtCommand

* Remove xorm
2021-10-04 15:46:09 +02:00
Arve Knudsen
78596a6756
Migrate to Wire for dependency injection (#32289)
Fixes #30144

Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2021-08-25 15:11:22 +02:00
Carl Bergquist
a10fa5cad3
Instrumentation: Start tracing database requests (#34572)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-05-27 13:55:33 +02:00
Vladimir Kochnev
39a3b0d0b0
Auth: support JWT Authentication (#29995) 2021-03-31 08:40:44 -07:00
Joan López de la Franca Beltran
610999cfa2
Auth: Allow soft token revocation (#31601)
* Add revoked_at field to user auth token to allow soft revokes

* Allow soft token revocations

* Update token revocations and tests

* Return error info on revokedTokenErr

* Override session cookie only when no revokedErr nor API request

* Display modal on revoked token error

* Feedback: Refactor TokenRevokedModal to FC

* Add GetUserRevokedTokens into UserTokenService

* Backendsrv: adds tests and refactors soft token path

* Apply feedback

* Write redirect cookie on token revoked error

* Update TokenRevokedModal style

* Return meaningful error info

* Some UI changes

* Update backend_srv tests

* Minor style fix on backend_srv tests

* Replace deprecated method usage to publish events

* Fix backend_srv tests

* Apply suggestions from code review

Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Minor style fix after PR suggestion commit

* Apply suggestions from code review

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Prettier fixes

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 17:44:02 +01:00
Carl Bergquist
5114fa39ce
we should never log unhashed tokens (#31432)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-02-24 10:04:25 +01:00
Agnès Toulet
2a70c73025
Auth: add expired token error and update CreateToken function (#30203)
* Auth: add error for expired token

* Auth: save token error into context data

* Auth: send full user and req context to CreateToken

* Auth: add token ID in context

* add TokenExpiredError struct

* update auth tests

* remove most of the changes to CreateToken func

* clean up

* Login: add requestURI in CreateToken ctx

* update RequestURIKey comment
2021-01-19 17:55:53 +01:00
Arve Knudsen
25048ebdf8
Chore: Add CloudWatch HTTP API tests (#29691)
* CloudWatch: Add HTTP API tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-07 11:36:13 +01:00
Arve Knudsen
12661e8a9d
Move middleware context handler logic to service (#29605)
* middleware: Move context handler to own service

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 11:44:44 +01:00
taciomcosta
10ff4eecef
Backend: fix IPv6 address parsing erroneous (#28585)
* Backend: Fix parsing of client IP address

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-25 07:55:22 +01:00
Arve Knudsen
b5379c5335
Chore: Fix SQL related Go variable naming (#28887)
* Chore: Fix variable naming

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-11 06:21:08 +01:00
Arve Knudsen
676d393ec9
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866)
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Apply suggestions from code review

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 15:37:11 +01:00
Arve Knudsen
a078e40238
Settings: Rename constants/variables to follow Go naming standards (#28002)
* settings: Rename constants/variables to follow Go naming standards
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-02 15:45:45 +02:00
Hansuuuuuuuuuu
8d971ab2f2
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150)
Allows login_maximum_inactive_lifetime_duration and 
login_maximum_lifetime_duration to be configured using 
time.Duration-compatible values while retaining backward compatibility.

Fixes #17554

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-09-14 15:57:38 +02:00
Arve Knudsen
41d432b5ae
Chore: Enable whitespace linter (#25903)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-07-06 20:17:28 +02:00
Arve Knudsen
2a78d2a61c
pkg/services: Check errors (#19712)
* pkg/services: Check errors
* pkg/services: Don't treat context.Canceled|context.DeadlineExceeded as error
2019-10-22 14:08:18 +02:00
Arve Knudsen
b858a5f496
Don't truncate IPv6 addresses (#19573)
* Bugfix: Fix parsing of IPv6 addresses

Make sure that IPv6 addresses aren't truncated when parsing. Fixes #18924
* util: Change network address parsing funcs to return error
* pkg/api: Return NetworkAddress instead of host/port
2019-10-09 08:58:45 +02:00
Leonard Gram
d71043609e
Testing: Include BatchRevoke for all tokens in the fake. (#17728) 2019-07-02 09:42:35 +02:00
Alexander Zobnin
60ddad8fdb
Batch disable users (#17254)
* batch disable users

* batch revoke users tokens

* split batch disable user and revoke token

* fix tests for batch disable users

* Chore: add BatchDisableUsers() to the bus
2019-05-31 13:22:22 +03:00
zhulongcheng
2fff8f77dc move log package to /infra (#17023)
ref #14679

Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>
2019-05-13 08:45:54 +02:00
Carl Bergquist
9660356638
Auth: Enable retries and transaction for some db calls for auth tokens (#16785)
the WithSession wrapper handles retries and connection
management so the caller dont have to worry about it.
2019-04-30 14:42:01 +02:00
Carl Bergquist
490515aec6
build: partially replace gometalinter with golangci-lint (#16610)
we still use gometalinter for goconst since it doesn't 
report errors for duplicated in test files
2019-04-16 10:27:07 +02:00
Marcus Efraimsson
8029e48588
support get user tokens/revoke all user tokens in UserTokenService 2019-03-08 15:15:17 +01:00
bergquist
7754c37a1f reduce loglevel to debug 2019-02-19 08:22:33 +01:00
bergquist
e163aadfe4 use authtoken for session quota restrictions
closes #15360
2019-02-12 15:10:55 +01:00
bergquist
170783c292 make hourly cleanup the default behavior 2019-02-07 10:51:35 +01:00
Marcus Efraimsson
1a140ee199
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00
Marcus Efraimsson
8ae066ab5d
move authtoken package into auth package 2019-02-06 17:02:57 +01:00
Marcus Efraimsson
8678620730
move UserToken and UserTokenService to models package 2019-02-06 16:55:12 +01:00
Marcus Efraimsson
a60124a88c
change UserToken from interface to struct 2019-02-06 16:30:50 +01:00
Marcus Efraimsson
d8658a765c
enhanced expiration logic for lookup token
tokens are not expired if created_at > now - LoginMaxLifetimeDays and
rotated_at > now - LoginMaxInactiveLifetimeDays
2019-02-06 08:30:14 +01:00
Marcus Efraimsson
9483506590
auth token clean up job now runs on schedule and deletes all expired tokens
delete tokens having created_at <= LoginMaxLifetimeDays or
rotated_at <= LoginMaxInactiveLifetimeDays
2019-02-05 21:20:11 +01:00
Marcus Efraimsson
0915f931ae
change configuration settings in auth package 2019-02-05 21:12:30 +01:00
Marcus Efraimsson
7cd3cd6cd4
auth package refactoring
moving middleware/hooks away from package
exposing public struct UserToken accessible from other packages
fix debug log lines so the same order and naming are used
2019-02-05 00:10:56 +01:00
Marcus Efraimsson
fb3c510178
Merge branch 'master' into delete_session_on_logout 2019-02-04 20:23:05 +01:00
bergquist
a6bd2c73a0 introduce samesite setting for login cookie
ref #15067
2019-02-01 11:47:21 +01:00
bergquist
a1b3986532 always delete session cookie even if db delete fails 2019-02-01 09:59:53 +01:00
bergquist
91bd908e03 adds more tests signing out session 2019-01-31 22:24:04 +01:00
bergquist
11c4967bdc changes some info logging to debug 2019-01-31 21:51:14 +01:00
bergquist
88ca54eba9 renames signout function 2019-01-31 16:26:36 +01:00
bergquist
43ac79685a delete auth token on signout 2019-01-31 16:13:35 +01:00
bergquist
75760aa892 dont specify domain for auth cookies 2019-01-25 10:40:50 +01:00
bergquist
d6edaa1328 moves cookie https setting to [security] 2019-01-24 19:04:58 +01:00
bergquist
516037fbdd makes sure rotation is always higher than urgent rotation 2019-01-24 13:54:45 +01:00
bergquist
fd0f9f2dd2 fixes broken test 2019-01-24 12:06:44 +01:00