Commit Graph

31 Commits

Author SHA1 Message Date
Marcus Efraimsson
53cd39fde5 Shouldn't be able to overwrite a dashboard if you don't have permissions (#10900)
* dashboards: new command for validating dashboard before update

Removes validation logic from saveDashboard and later on use the new command for validating
dashboard before saving a dashboard. This due to the fact that we need to validate permissions
for overwriting other dashboards by uid and title.

* dashboards: use the new command for validating dashboard before saving

Had to refactor dashboard provisioning a bit to be able to sidetrack the permission validation
in a somewhat reasonable way.
Adds some initial tests of the dashboard repository, but needs to be extended later. At least
now you can mock the dashboard guardian

* dashboards: removes validation logic in the save dashboard api layer

Use the dashboard repository solely for create/update dashboards and let it do all
the validation. One exception regarding quota validation which still is in api layer
since that logic is in a macaron middleware.
Need to move out-commented api tests later.

* dashboards: fix database tests for validate and saving dashboards

* dashboards: rename dashboard repository to dashboard service

Split the old dashboard repository interface in two new interfaces, IDashboardService and
IDashboardProvisioningService. Makes it more explicit when using it from the provisioning package
and there's no possibility of calling an incorrect method for saving a dashboard.

* database: make the InitTestDB function available to use from other packages

* dashboards: rename ValidateDashboardForUpdateCommand and some refactoring

* dashboards: integration tests of dashboard service

* dashboard: fix sqlstore test due to folder exist validation

* dashboards: move dashboard service integration tests to sqlstore package

Had to move it to the sqlstore package due to concurrency problems when running
against mysql and postgres. Using InitTestDB from two packages added conflicts
when clearing and running migrations on the test database

* dashboards: refactor how to find id to be used for save permission check

* dashboards: remove duplicated dashboard tests

* dashboards: cleanup dashboard service integration tests

* dashboards: handle save dashboard errors and return correct http status

* fix: remove log statement

* dashboards: import dashboard should use dashboard service

Had to move alerting commands to models package due to problems with import cycles of packages.

* dashboards: cleanup dashboard api tests and add some tests for post dashboard

* dashboards: rename dashboard service interfaces

* dashboards: rename dashboard guardian interface
2018-02-19 11:12:56 +01:00
bergquist
651103bdda chore: adds comment for exported function 2018-02-15 15:06:03 +01:00
bergquist
8954559cbd dashboard: whitelist allowed chars for uid 2018-02-15 09:56:13 +01:00
Marcus Efraimsson
4829ea0e9f util: remove retry logic in shortid_generator
Use shortid.MustGenerate() instead of shortid.Generate(). Instead
of returning errors it will panic.
2018-01-30 23:18:34 +01:00
Marcus Efraimsson
e229f8aea8 dashboards: extract short uid generator to util package. #7883 2018-01-30 23:18:34 +01:00
jomenxiao
3f95180c98 fix render http[get] params error 2017-11-28 22:20:22 +08:00
Carl Bergquist
56fe1308ce
Merge pull request #9826 from agnivade/hexencoding
Use hex.EncodeToString to encode to hex
2017-11-09 17:58:35 +01:00
bergquist
d4e8e22fda test: adds tests for password encodiing 2017-11-09 17:55:12 +01:00
Agniva De Sarker
143b56b5ac Use hex.EncodeToString to encode to hex
Using the EncodeToString function from the encoding/hex package
is much faster than calling the fmt.Sprintf with %x

Benchmark results below with the following code

func BenchmarkHexPrint(b *testing.B) {
  data := []byte("hellothere")
  for n := 0; n < b.N; n++ {
    // _ = fmt.Sprintf("%x", data)
    _ = hex.EncodeToString(data)
  }
}

name        old time/op    new time/op    delta
HexPrint-4     188ns ± 1%      99ns ± 1%  -47.40%  (p=0.008 n=5+5)

name        old alloc/op   new alloc/op   delta
HexPrint-4     64.0B ± 0%     64.0B ± 0%     ~     (all equal)

name        old allocs/op  new allocs/op  delta
HexPrint-4      2.00 ± 0%      2.00 ± 0%     ~     (all equal)
2017-11-08 22:44:31 +05:30
Daniel Lee
b1506a2b09 securejson: decrypt should not modify src
When decrypting a source securejson byte array, should not
modify the source and now passes back a new dest byte array.
2017-09-08 10:19:07 +02:00
Torkel Ödegaard
e8a20643d6 feat: store last seen date for users and present in stats and user lists, closes #9007 2017-08-09 10:36:41 +02:00
Dan Cech
b489e93d94 Config Array Syntax (#8204)
* refactor util encryption library so it doesn't have to import log

* add util.SplitString to handle space and/or comma-separated config lines

* go fmt
2017-04-25 09:14:29 +02:00
bergquist
961c31a747 test(util): add unit test for string util 2016-06-03 15:06:54 +02:00
Daker Fernandes Pinheiro
2d09dfd34f Using variadic argument to StringFallback implementation 2016-06-02 01:46:18 -03:00
bergquist
00dd0e8a9d fix(plugins): fixes missed dist loading for plugindir
closes #4230
2016-03-03 11:04:26 +01:00
bergquist
4c83dba183 go fmt.... 2016-03-02 17:32:54 +01:00
bergquist
eb79436ab7 feat(plugins): mounts dist folder if exists in plugin
closes #4230
2016-03-02 15:13:19 +01:00
Torkel Ödegaard
12460af0ec Merge pull request #3830 from raintank/apiPlugin
Add secureJsonData field to appSettings model
2016-01-29 17:17:37 -05:00
Daniel Lee
74decb4bdc fix(dataproxy): no trailing slash if proxypath is empty
The JoinUrlFragments function adds a trailing slash if to the proxy url
if the proxy path is an empty string. This fix removes that trailing
slash. Fixes #3847
2016-01-29 18:44:33 +01:00
Anthony Woods
c8c337cead use PBKDF2 to esnure key is 23bytes. 2016-01-26 05:15:29 +08:00
Anthony Woods
092bb69c41 instead of padding with 0's, cycle through the secret. 2016-01-26 04:18:44 +08:00
Anthony Woods
ab3b586838 add encryption util functions 2016-01-23 03:15:39 +08:00
Julien Maitrehenry
4bb656b704 #2834 - follow symlink 2015-10-08 00:22:09 -04:00
Torkel Ödegaard
775e044e69 feat(invite): progress on invite feature, #2353 2015-08-10 13:47:06 +02:00
Torkel Ödegaard
6088f83408 feat(invite): inital pass on sending new user invite email, #2353 2015-07-18 17:39:12 +02:00
Torkel Ödegaard
ae0f8c77d1 Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 09:37:52 +02:00
Torkel Ödegaard
89418a155a More work on email and notification infra #1456 2015-06-05 11:08:19 +02:00
Torkel Ödegaard
ad2065afc7 Began work on deb and rpm packaging, #1476 2015-03-02 15:50:03 +01:00
Torkel Ödegaard
9710771f16 Added basic auth to data source edit/create, add support for basic auth in data source proxy code, Closes #1510 2015-03-02 09:58:35 +01:00
Torkel Ödegaard
257519490a Worked on login remember cookie, and redirect after login 2015-01-27 12:05:23 +01:00
Torkel Ödegaard
3226a3a58e Fixed hashing of passwords, Closes #3 2015-01-08 09:00:00 +01:00