Commit Graph

465 Commits

Author SHA1 Message Date
Jo
d4cfbd9fd3
LDAP: Move LDAP globals to Config (#63255)
* structure dtos and private methods

* add basic LDAP service

* use LDAP service in ldap debug API

* lower non fatal error

* remove unused globals

* wip

* remove final globals

* fix tests to use cfg enabled

* restructure errors

* remove logger from globals

* use ldap service in authn

* use ldap service in context handler

* fix failed tests

* fix ldap middleware provides

* fix provides in auth_test.go
2023-02-10 19:01:55 +01:00
Carl Bergquist
b88206d98f
Cache: Refactor cache clients to use byte array (#62930)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-02-08 10:30:20 +01:00
idafurjes
982939111b
Rename Id to ID for annotation models (#62886)
* Rename Id to ID for annotation models

* Add xorm tags

* Rename Id to ID for API key models

* Add xorm tags
2023-02-03 17:23:09 +01:00
Kyle Brandt
27d429e3b1
API: Permit Cache-Control (browser caching) for datasource resources (#62033)
* Start work on allowing certain resources to pass through Cache-Control headers.
---------

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2023-02-02 20:34:55 +00:00
Karl Persson
ce5e067d28
ContextHandler: add all configured auth header to context (#62775)
* ContextHandler: Always store list of possible auth headers in context
and remove individual calls
2023-02-02 16:25:46 +01:00
Misi
7c1d9769ca
Auth: Rotate token patch (#62676)
* Use singleflight.Group

* Align tests

* Cleanup
2023-02-02 14:36:16 +01:00
Josh Hunt
138575cbe9
Config: Refactor frontend settings to struct (#61990)
* Config: Make frontend settings a struct rather than map

remove frontend settings to setting package

remove frontend settings struct to dtos package

rearrange structs to avoid cycles

rename getFrontendSettings fn

omitempty

fix login test

fix middleware test

* wip some enterprise types

* cleanup, moved structs from enterprise

* ci
2023-01-31 19:14:15 +00:00
Serge Zaitsev
aebcecf538
Chore: Fix goimports grouping in other backend platform packages (#62422)
* fix goimports

* fix goimports order

* fix goimports order

* fix goimports order

* fix goimports order

* fix goimports order
2023-01-30 08:26:42 +00:00
Kristin Laemmert
9256a520a4
chore: move user_auth models to (mostly) login service (#62269)
* chore: move user_auth models to (mostly) login service
2023-01-27 13:36:54 -05:00
idafurjes
6c5a573772
Chore: Move ReqContext to contexthandler service (#62102)
* Chore: Move ReqContext to contexthandler service

* Rename package to contextmodel

* Generate ngalert files

* Remove unused imports
2023-01-27 08:50:36 +01:00
Karl Persson
95ea4bad6f
AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705)
* API: Add reqSignedIn to router groups

* AuthN: Add fall through in context handler

* AuthN: Add IsAnonymous field

* AuthN: add priority to context aware clients

* ContextHandler: Add comment

* AuthN: Add a simple priority queue

* AuthN: Add Name to client interface

* AuthN: register clients with function

* AuthN: update mock and fake to implement interface

* AuthN: rewrite test without reflection

* AuthN: add comment

* AuthN: fix queue insert

* AuthN: rewrite tests

* AuthN: make the queue generic so we can reuse it for hooks

* ContextHandler: Add fixme for auth headers

* AuthN: remove unused variable

* AuthN: use multierror

* AuthN: write proper tests for queue

* AuthN: Add queue item that can store the value and priority

Co-authored-by: Jo <joao.guerreiro@grafana.com>
2023-01-26 10:50:44 +01:00
Kyle Brandt
13de1afcbe
API: Change how Cache-Control and related headers are set (#62021)
- change Cache-Control from no-cache to no-store
- do not set (and remove if set) older Pragma/Expires
2023-01-25 09:09:27 -05:00
idafurjes
421976e919
Chore: Remove folders from models pkg (#61853) 2023-01-25 09:14:32 +01:00
Kristin Laemmert
cd08f2575a
chore: move jwt models into auth/jwt (#61862)
* chore: move jwt models into auth/jwt
2023-01-20 13:11:06 -05:00
Misi
b8b08ea292
Auth: Add sub claim check to JWT Auth pre-checks (#61417)
* Auth: Add sub claim check to JWT Auth pre-checks

* Add #nosec annotation to the test tokens
2023-01-16 10:50:34 +01:00
idafurjes
f2ffce4351
Chore: Move team models to models pkg (#61262)
* Chore: Move team models to models pkg

* Fix ACL tests

* More ACL tests

* Change Id to ID in conflict user command test

* Remove team from models

* Fix ac test lint
2023-01-11 14:20:09 +01:00
Carl Bergquist
a5ace56be8
Plugins: Add username to datasource plugin logging (#59893)
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2022-12-07 13:15:42 +01:00
Karl Persson
22be025284
Auth: Add anonymous authn client (#59637)
* Authn: Add Client interface and Reqeust and Identity structures

* Authn: Implement Authenticate method in service

* Authn: Add tracing

* Authn: Add logger

* AuthN: Implement Anonymous client
2022-12-02 15:10:03 +01:00
João Calisto
bba42b113c
Middleware: Add Custom Headers to HTTP responses (#59018)
* Middleware: Add Custom Headers to HTTP responses

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update conf/defaults.ini

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update conf/sample.ini

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update _index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2022-11-30 17:12:34 +00:00
Jack Westbrook
207b2993b2
Plugins Catalog: Only allow admins to access plugins catalog (#57101)
* feat(plugins-catalog): only allow admins to access plugins catalog routes

* add backend check

* fix(plugins-catalog): update route role access to include server admins

Co-authored-by: Will Browne <will.browne@grafana.com>
2022-11-30 09:41:28 +01:00
Karl Persson
062c5b805c
Auth: Merge ActiveAuthTokenService into UserAuthTokenService (#59032)
* Auth: Merge UserTokenService and ActiveAuthTokenService

* Auth: Rename function
2022-11-22 10:58:59 +01:00
Karl Persson
fef1e1d5bc
Auth: Refactor auth package (#58920)
* Auth: move interface to its own file

* Auth: move to test package

* Auth: move quota consts to auth file

* Auth: move service to impl package

* Auth: move interfaces and related models to auth package

* Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 09:56:06 +01:00
Sofia Papagiannaki
ab36252c86
Quota: Fix failure when checking session limits (#58865) 2022-11-17 00:30:27 +01:00
João Calisto
f254a37d35
Middleware: Add CSP Report Only support (#58074)
* Middleware: Add CSP Report Only support

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update csp documentation wording

* Update conf/sample.ini

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

* Update pkg/middleware/csp.go

Co-authored-by: Dave Henderson <dave.henderson@grafana.com>

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2022-11-16 17:11:26 +00:00
Sofia Papagiannaki
9855e74b92
Chore: Refactor quota service (#58643)
Chore: Refactor quota service (#57586)

* Chore: refactore quota service

* Apply suggestions from code review
2022-11-14 21:08:10 +02:00
Misi
4915d21c25
OAuth: Feature toggle for access token expiration check and docs (#58179)
* Add feature toggle for access token expiration check

* Add docs for configuring refresh tokens

* Update docs

* Update docs based on review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Improve documentation

* Change access_type default to Offline

* Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update pkg/services/featuremgmt/registry.go

Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>

* Regenerate toggles

* Update Generic OAuth docs

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
2022-11-14 16:47:46 +01:00
Sofia Papagiannaki
96cdf77995
Revert "Chore: Refactor quota service (#57586)" (#58394)
This reverts commit 326ea86a57.
2022-11-08 11:52:07 +02:00
Sofia Papagiannaki
326ea86a57
Chore: Refactor quota service (#57586)
* Chore: refactore quota service

* Apply suggestions from code review
2022-11-08 10:25:34 +02:00
Kristina
5d7d54d076
Auth: Write the redirect cookie if denied - do not write a blank redirect (#57381)
* Write the redirect cookie if denied - do not write a blank redirect

* Remove redundant code, reverse polarity
2022-10-21 09:53:17 -05:00
Marcus Efraimsson
6f8fcae01b
[main] Plugin fixes (#57399)
* Plugins: Remove support for V1 manifests

* Plugins: Make proxy endpoints not leak sensitive HTTP headers

* Security: Fix do not forward login cookie in outgoing requests

(cherry picked from commit 4539c33fce)

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2022-10-21 13:54:55 +02:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
Misi
9c954d06ab
Auth: Refresh OAuth access_token automatically using the refresh_token (#56076)
* Verify OAuth token expiration for oauth users in the ctx handler middleware

* Use refresh token to get a new access token

* Refactor oauth_token.go

* Add tests for the middleware changes

* Align other tests

* Add tests, wip

* Add more tests

* Add InvalidateOAuthTokens method

* Fix ExpiryDate update to default

* Invalidate OAuth tokens during logout

* Improve logout

* Add more comments

* Cleanup

* Fix import order

* Add error to HasOAuthEntry return values

* add dev debug logs

* Fix tests

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-10-18 18:17:28 +02:00
Misi
1de0f4453e
Chore: Make NewCookieOptions exported in cookies.go (#56476) 2022-10-06 20:00:54 +02:00
idafurjes
bc7a383252
Remove org methods from sqlstore interface (#56358)
* Remove org methods from sqlstore interface

* Remove some mocks

* Fix some tests
2022-10-05 15:47:56 +02:00
Kat Yang
7715672fb3
Chore: use org service methods (#55768)
* Chore: use org service methods

* fix tests

* fix errors

* adjust func signatures for getbyname

* 💩

* Use the same fake service to get the user in AC and in HS

* Fix middleware test

* Fix more middleware test

* Fix api tests

Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
2022-10-04 14:48:02 -04:00
Torkel Ödegaard
e31cb93ec0
NavTree: Make it possible to configure where in nav tree plugins live (#55484)
* NewIA: Plugin nav config

* progress

* Progress

* Things are working

* Add monitoring node

* Add alerts and incidents

* added experiment with standalone page

* Refactoring by adding a type for navtree root

* First test working

* More tests

* more tests

* Progress on richer config and sorting

* Sort weight working

* Path config

* Improving logic for not including admin or cfg nodes, making it the last step so that enterprise can add admin nodes without having to worry about the section not existing

* fixed index routes

* removed file

* Fixes

* Fixing tests

* Fixing more tests and adding support for weight config

* Updates

* Remove unused fake

* More fixes

* Minor tweak

* Minor fix

* Can now control position using sortweight even when existing items have no sortweight

* Added tests for frontend standalone page logic

* more tests

* Remove unused fake and fixed lint issue

* Moving reading settings to navtree impl package

* remove nav_id setting prefix

* Remove old test file

* Fix trailing newline

* Fixed bug with adding nil node

* fixing lint issue

* remove some code we have to rethink

* move read settings to PrivideService and switch to util.SplitString
2022-09-28 08:29:35 +02:00
Kristin Laemmert
701f6d5436
UserService: use the UserService instead of calling sqlstore directly (#55745)
* UserService: update callers to use the UserService instead of calling sqlstore directly

There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 07:58:49 -04:00
Torkel Ödegaard
09f4068849
NavTree: Refactor out the navtree building from api/index.go and into it's own service (#55552) 2022-09-22 22:04:48 +02:00
Sofia Papagiannaki
55ef34bee4
Instrumentation: Add api/health to the unnamed handlers (#55478) 2022-09-22 13:03:20 +03:00
Serge Zaitsev
305d494902
Chore: Switch over to team.Service instead of sqlstore (#55497)
* switch to using team service

* trying to fix tests

* more tests to fix

* add missing teamtest package
2022-09-20 18:58:04 +02:00
Marcus Efraimsson
862a6a2fa6
Logging: Introduce API for contextual logging (#55198)
Introduces a FromContext method on the log.Logger interface that 
allows contextual key/value pairs to be attached, e.g. per request, 
so that any logger using this API will automatically get the per request 
context attached. The proposal makes the traceID available for 
contextual logger , if available, and would allow logs originating from 
a certain HTTP request to be correlated with traceID.
In addition, when tracing not enabled, skip adding
traceID=00000000000000000000000000000000
to logs.
2022-09-20 18:32:06 +02:00
Domas
b5c67fe0dd
Frontend logging: handle logging endpoints without expensive middleware (#54960) 2022-09-12 13:04:43 +03:00
Nicholas Wiersma
faf8eb3afb
JWT: Allow conventional bearer token in Authorization header (#54821)
* fix: allow JWT to accept standard bearer token

* fix: linter issues

* fix: linter gosec false positive

* fix: refactor logic into JWT handler

* fix: move bearer trimming earlier
2022-09-09 11:05:58 +02:00
Nicholas Wiersma
9e704fec3c
JWT: Add support for assigning org roles (#54277)
* feat: allow jwt role to be set

* chore: update documentation

* fix: cr suggestions

* fix: lint issues

* respect org auto assign and default org ID

* add server admin to devenv

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-09-07 14:00:33 +02:00
Carl Bergquist
78978048c3
Instrumentation: log the total number of db queries per request (#54647)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2022-09-05 07:39:22 +02:00
Serge Zaitsev
927ddf9376
Chore: Move login attempt methods to separate service (#54479)
* Chore: Move login attempt methods to separate service

* attempt to fix tests

* fix syntax

* better time mocking

* initialise now func
2022-09-01 18:08:42 +02:00
Carl Bergquist
ab59f3cb1a
metrics: add operation name used in metrics/tracing for middlewares (#53949)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2022-08-25 10:11:27 +02:00
idafurjes
fa2e74cd6e
Chore: Remove GetSignedInUserWithCacheCtx from store interface (#53734)
* Remove delete suer from store interface

* Remove get signed in user with cache ctx from store interface

* Support options when setting up access control tests

* Fix broken tests

* Fix lint

* Add user fake to middleware

* Fix middleware tests, remove usertest being initialised twice

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-08-16 16:08:59 +02:00
zhichli
806fb8ab7a
Tracing: Fix OpenTelemetry Jaeger context propagation (#53269)
* fix otel jaeger context propagation

* add back launch.json

* add back launch.json
2022-08-11 16:11:34 +02:00
idafurjes
a14621fff6
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343)
* Chore: Add user service method SetUsingOrg

* Chore: Add user service method GetSignedInUserWithCacheCtx

* Use method GetSignedInUserWithCacheCtx from user service

* Fix lint after rebase

* Fix lint

* Fix lint error

* roll back some changes

* Roll back changes in api and middleware

* Add xorm tags to SignedInUser ID fields
2022-08-11 13:28:55 +02:00