* Search sql filter draft, unfinished
* Search works for empty roles
* Add current AuthModule to SignedInUser
* clean up, changes to the search
* Use constant prefixes
* Change AuthModule to AuthenticatedBy
* Add tests for using the permissions from the SignedInUser
* Refactor and simplify code
* Fix sql generation for pg and mysql
* Fixes, clean up
* Add test for empty permission list
* Fix
* Fix any vs all in case of edit permission
* Update pkg/services/authn/authn.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/sqlstore/permissions/dashboard_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Fixes, changes based on the review
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* split queries and merge responses
* increase concurrency again
* update unit test to verify the headers are merged
* fix lint issue
* fix race condition in unit test
* Fix function name and add a bit more documentation about how the func should be used
* update function call after rename
* check for duplicate header vals
* make concurrent query limit configurable
* Update conf/sample.ini
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
---------
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Append analytics identifier upon authenticate session
* Add id and module upon syncing user to identity
* Add authModule & id to `IdentityFromSignedInUser`
* Allow req calls in test to use basic auth
* Add `intercom_secret` to grafana config in tests
* Add test for analytics render in html view
* define initial service and add to wire
* update caching service interface
* add skipQueryCache header handler and update metrics query function to use it
* add caching service as a dependency to query service
* working caching impl
* propagate cache status to frontend in response
* beginning of improvements suggested by Lean - separate caching logic from query logic.
* more changes to simplify query function
* Decided to revert renaming of function
* Remove error status from cache request
* add extra documentation
* Move query caching duration metric to query package
* add a little bit of documentation
* wip: convert resource caching
* Change return type of query service QueryData to a QueryDataResponse with Headers
* update codeowners
* change X-Cache value to const
* use resource caching in endpoint handlers
* write resource headers to response even if it's not a cache hit
* fix panic caused by lack of nil check
* update unit test
* remove NONE header - shouldn't show up in OSS
* Convert everything to use the plugin middleware
* revert a few more things
* clean up unused vars
* start reverting resource caching, start to implement in plugin middleware
* revert more, fix typo
* Update caching interfaces - resource caching now has a separate cache method
* continue wiring up new resource caching conventions - still in progress
* add more safety to implementation
* remove some unused objects
* remove some code that I left in by accident
* add some comments, fix codeowners, fix duplicate registration
* fix source of panic in resource middleware
* Update client decorator test to provide an empty response object
* create tests for caching middleware
* fix unit test
* Update pkg/services/caching/service.go
Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com>
* improve error message in error log
* quick docs update
* Remove use of mockery. Update return signature to return an explicit hit/miss bool
* create unit test for empty request context
* rename caching metrics to make it clear they pertain to caching
* Update pkg/services/pluginsintegration/clientmiddleware/caching_middleware.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Add clarifying comments to cache skip middleware func
* Add comment pointing to the resource cache update call
* fix unit tests (missing dependency)
* try to fix mystery syntax error
* fix a panic
* Caching: Introduce feature toggle to caching service refactor (#66323)
* introduce new feature toggle
* hide calls to new service behind a feature flag
* remove licensing flag from toggle (misunderstood what it was for)
* fix unit tests
* rerun toggle gen
---------
Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* fix: disable orgrolepicker if externaluser is synced
* add disable to role picker
* just took me 2 hours to center the icon
* wip
* fix: check externallySyncedUser for API call
* remove check from store
* add: tests
* refactor authproxy and made tests run
* add: feature toggle
* set feature toggle for tests
* add: IsProviderEnabled
* refactor: featuretoggle name
* IsProviderEnabled tests
* add specific tests for isProviderEnabled
* fix: org_user tests
* add: owner to featuretoggle
* add missing authlabels
* remove fmt
* feature toggle
* change config
* add test for a different authmodule
* test refactor
* gen feature toggle again
* fix basic auth user able to change the org role
* test for basic auth role
* make err.base to error
* lowered lvl of log and input mesg
* add anon sessions package
* add usage stat fn
* implement count for cache
* add anonservice to authn broker
* lint
* add tests for remote cache count
* move anon service to services
* wrap tagging in goroutine
* make func used
* structure dtos and private methods
* add basic LDAP service
* use LDAP service in ldap debug API
* lower non fatal error
* remove unused globals
* wip
* remove final globals
* fix tests to use cfg enabled
* restructure errors
* remove logger from globals
* use ldap service in authn
* use ldap service in context handler
* fix failed tests
* fix ldap middleware provides
* fix provides in auth_test.go
* API: Add reqSignedIn to router groups
* AuthN: Add fall through in context handler
* AuthN: Add IsAnonymous field
* AuthN: add priority to context aware clients
* ContextHandler: Add comment
* AuthN: Add a simple priority queue
* AuthN: Add Name to client interface
* AuthN: register clients with function
* AuthN: update mock and fake to implement interface
* AuthN: rewrite test without reflection
* AuthN: add comment
* AuthN: fix queue insert
* AuthN: rewrite tests
* AuthN: make the queue generic so we can reuse it for hooks
* ContextHandler: Add fixme for auth headers
* AuthN: remove unused variable
* AuthN: use multierror
* AuthN: write proper tests for queue
* AuthN: Add queue item that can store the value and priority
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* Add new config option
* Add frontend control
* Condition new auth broker with config option
* Condition old auth broker with config option
Co-authored-by: Jo <joao.guerreiro@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* AUthN: Add last seen sync hooks for user / service account and move api
key last seen to own hook
* ContextHandler: only run sync for last seen if auth.Service is not
enabled
* AuthN: set up boilerplate for proxy client
* AuthN: Implement Test for proxy client
* AuthN: parse accept list in constructor
* AuthN: add proxy client interface
* AuthN: handle error
* AuthN: Implement the proxy client interface for ldap
* AuthN: change reciever name
* AuthN: add grafana as a proxy client
* AuthN: for error returned
* AuthN: add tests for grafana proxy auth
* AuthN: swap order of grafan and ldap auth
* AuthN: Parse additional proxy headers in proxy client and pass down
* AuthN: Add boilderplate for render auth client
* AuthN: Implement test function for render auth client
* AuthN: Implement Authenticate for render arender auth client
* ContextHandler: Perform render auth if flag is enabled
