* db: add login attempt migrations
* db: add possibility to create login attempts
* db: add possibility to retrieve login attempt count per username
* auth: validation and update of login attempts for invalid credentials
If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login
* db: add possibility to delete expired login attempts
* cleanup: Delete login attempts older than 10 minutes
The cleanup job are running continuously and triggering each 10 minute
* fix typo: rename consequent to consequent
* auth: enable login attempt validation for ldap logins
* auth: disable login attempts validation by configuration
Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616
* auth: don't run cleanup of login attempts if feature is disabled
#7616
* auth: rename settings.go to ldap_settings.go
* auth: refactor AuthenticateUser
Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616
* auth: rename login attempt validation to brute force login protection
Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
* cloudwatch: fix ebs_volume_ids by create a client-session before call ec2:DescribeInstances.
* cloudwatch: add support for multi instanceIds on call ebs_volume_ids.
* check upn field if email address isn't present, support for adfs
* correctly set login to the user's email address if not specified by the oauth server
* break up GenericOAuth.UserInfo into helper functions
dashboard json cannot contain fixed id when importing from
disk. We used to override this but it didnt caught all problems
so now we block dashboards from beeing imported instead.
closes#10504
* master: (117 commits)
fix: share snapshot controller was missing ngInject comment, fixes#10511
Use URLEncoding instead of StdEncoding to be sure state value will be corectly decoded (#10512)
Optimize metrics and notifications docs
Optimize cli and provisioning docs
docs: Guide for IIS reverse proxy
changelog: adds note about closing #9645
telegram: Send notifications with an inline image
telegram: Switch to using multipart form rather than JSON as a body
telegram: Fix a typo in variable name
fix: alert list pause/start toggle was not working properly
fix template variable selector overlap by the panel (#10493)
dashboard: Close/hide 'Add Panel' before saving a dashboard (#10482)
fix: removed unused param
Fix variables values passing when both repeat rows and panels is used (#10488)
moved angular-mocks out of dependencies
ux: minor change to alert list page
ux: minor word change to alert list
fix: updated snapshot test
Add eu-west-3 in cloudwatch datasource default's region (#10477)
fix: Make sure orig files are not added to git again #10289
...
