* Move SignedInUser to user service and RoleType and Roles to org
* Use go naming convention for roles
* Fix some imports and leftovers
* Fix ldap debug test
* Fix lint
* Fix lint 2
* Fix lint 3
* Fix type and not needed conversion
* Clean up messages in api tests
* Clean up api tests 2
* Only SLO user if the user is using SAML
* only one source of truth for auth module info
* ensure SAML is also enabled and not only SLO
* move auth module naming to auth module login package
* use constants in other previously unused spots
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: Prefer pointer to struct in lookup
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: user email for ldap
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: Use only login for lookup in LDAP
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: use user email for ldap
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
fix remaining test
fix nit picks
* Split Create User
* Use new create user and User from package user
* Add service to wire
* Making create user work
* Replace user from user pkg
* One more
* Move Insert to orguser Service/Store
* Remove unnecessary conversion
* Cleaunp
* Fix Get User and add fakes
* Fixing get org id for user logic, adding fakes and other adjustments
* Add some tests for ourguser service and store
* Fix insert org logic
* Add comment about deprecation
* Fix after merge with main
* Move orguser service/store to org service/store
* Remove orguser from wire
* Unimplement new Create user and use User from pkg user
* Fix wire generation
* Fix lint
* Fix lint - use only User and CrateUserCommand from user pkg
* Remove User and CreateUserCommand from models
* Fix lint 2
* wip
* Auth Info: refactored out into it's own service
* Auth: adds extension point where users are being mapped
* Update pkg/services/login/authinfoservice/service.go
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Update pkg/services/login/authinfoservice/service.go
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Auth: simplified code
* moved most authinfo stuff to its own package
* added back code
* linter
* simplified
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
* Auth: add error for expired token
* Auth: save token error into context data
* Auth: send full user and req context to CreateToken
* Auth: add token ID in context
* add TokenExpiredError struct
* update auth tests
* remove most of the changes to CreateToken func
* clean up
* Login: add requestURI in CreateToken ctx
* update RequestURIKey comment
* Add fake TeamSyncService
* Change SyncTeams dispatch to direct method call
* Remove SyncTeamsCommand struct
* Move TeamSyncService to a separate package
* Remove context from SyncTeams args
* Add comments to teamsyncgroup package
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Replace TeamSyncService with TeamSyncFunc
* Remove unnecessary error check
* Add a test
* Fix test input
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* middleware: Move context handler to own service
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
* API: first version to send events about login actions
* API: improve login actions events
* Login: update auth test with new behavior
* Login: update auth test for auth module
* Login OAuth: improve functions structure
* API: make struct public to use for saml
* API: add send login log tests for grafana and ldap login
* API: remove log from tests
* Login API: fix test linting
* Update pkg/api/login_oauth.go
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Login API: refactor using defer
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs.
This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
* enable ee build on pr/master
* step1: of including group sync
* disable commit pinning for now
* fixes broken build
* enable team to ldap group sync
* avoid returning error for missing external handler
* services: allow routes to be added before http server start
* services: allows services to add their own migrations
* moves db migrations to ee code base
* build using master branch in ee
* disable enterprise build in .bra.toml
[skip ci]
* removes team sync extensions
* removes commented line
