* Auth: consistently return same basic auth errors
* Put repeated errors in consts and return only those consts as error strings
* Add tests for errors basic auth cases and moves tests to separate test-case.
Also names test cases consistently
* Add more error logs and makes their messages consistent
* A bit of code style
* Add additional test helper
* Auth: do not expose even incorrect password
* Auth: address review comments
Use `Debug` for the cases when it's an user error
The `oauth_state` cookie used to be created with the SameSite value set
according to the `cookie_samesite` configuration.
However, due to a Safari bug SameSite=None or SameSite=invalid are treated
as Strict which results in "missing saved state" OAuth login failures
because the cookie is not sent with the redirect requests to the OAuth
provider.
This commit always creates the `oauth_state` cookie with SameSite=Lax
to compensate for this.
* Imperative mood
The English language suggests that when giving out instructions or considerations is best to use imperative mood as the writing style. Done as part of this commit:
- some worth smithing to match this style
- changed the format to match the fact that this is commonly read as part of a text box when opening up your PRs
- and extended a few descriptions to make it more friendly for newcomers
* Auth Proxy: Include additional headers as part of the cache key
Auth proxy has support to send additional user attributes as part of the
authentication flow. These attributes (e.g. Groups) need to be monitored
as part of the process in case of change.
This commit changes the way we compute the cache key to include all of the
attributes sent as part of the authentication request. That way, if we
change any user attributes we'll upsert the user information.
Allow non admins to see plugins list but only with readme. Any config tabs are hidden from the plugin page. Also plugin panel does not show action buttons (like Enable) for non admins.
This changes trigger-docs-update job so that the docs build goes to production.
There is no additional risk to push a broken site in production. The docs build process is to publish to staging, then wait for a manual approval before publishing to prod.
* LDAP: improve POSIX support
* Correctly abtain DN attributes result
* Allow more flexibility with comparison mapping between POSIX group & user
* Add devenv for POSIX LDAP server
* Correct the docs
Fixes#18140
* Update defaults.ini and sample.ini with the SAML assertion mapping
fields
* Document Grafana's ability to map ACS attributes while a Grafana user is created
