* fix: revoked tokens within last hours
adds check for unlimited sessions out of index
adds a function for specifing the hours to look back when revoking users tokens, otherwise we "assume" the clean up takes care of them adds a index for the `user_auth_token` - `revoked_at` for faster queries when using `revoked_at`
* fix: sqllite datetime conversion with unixtimestamps
* fix: postgres dialect
* fix: mysql dialect
* fix: mysql dialect missing closing )
* refactor: delete revoked tokens directly
* fix: tests for sqlite
* AuthToken: Simplify DeleteUserRevokedTokens and add test
* fix: linting newline
* Reset get time after test
* fix: test order by revoked
* fix: order by different db
* ascending
* test with seen at
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* add token count
* wip
* user count method for tag reporting
* remove non functioning mysql clientFoundRows check
* Update pkg/services/auth/authtest/testing.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* add user ID guard
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* move access control api to SignedInUser interface
* remove unused code
* add logic for reading perms from a specific org
* move the specific org logic to org_user.go
* add a comment
---------
Co-authored-by: IevaVasiljeva <ieva.vasiljeva@grafana.com>
* wip
* scope active user to 1 org
* remove TODOs
* add render auth namespace
* import cycle fix
* make condition more readable
* convert Evaluate to user Requester
* only use active OrgID for SearchUserPermissions
* add cache key to interface definition
* change final SignedInUsers to interface
* fix api key managed roles fetch
* fix anon auth id parsing
* Update pkg/services/accesscontrol/acimpl/accesscontrol.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
---------
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Auth: move interface to its own file
* Auth: move to test package
* Auth: move quota consts to auth file
* Auth: move service to impl package
* Auth: move interfaces and related models to auth package
* Auth: Create sub package and type alias to avoid circular dependency
* chore: add alias for InitTestDB and Session
Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.
* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
* SQLStore: Ensure that sessions are always closed
Delete `NewSession()` in favour of `WithDbSession()`
* Add WithDbSessionForceNewSession to the interface
* Apply suggestions from code review
Introduces a FromContext method on the log.Logger interface that
allows contextual key/value pairs to be attached, e.g. per request,
so that any logger using this API will automatically get the per request
context attached. The proposal makes the traceID available for
contextual logger , if available, and would allow logs originating from
a certain HTTP request to be correlated with traceID.
In addition, when tracing not enabled, skip adding
traceID=00000000000000000000000000000000
to logs.
* WIP
* Set public_suffix to a pre Ruby 2.6 version
* we don't need to install python
* Stretch->Buster
* Bump versions in lib.star
* Manually update linter
Sort of messy, but the .mod-file need to contain all dependencies that
use 1.16+ features, otherwise they're assumed to be compiled with
-lang=go1.16 and cannot access generics et al.
Bingo doesn't seem to understand that, but it's possible to manually
update things to get Bingo happy.
* undo reformatting
* Various lint improvements
* More from the linter
* goimports -w ./pkg/
* Disable gocritic
* Add/modify linter exceptions
* lint + flatten nested list
Go 1.19 doesn't support nested lists, and there wasn't an obvious workaround.
https://go.dev/doc/comment#lists
* Split Create User
* Use new create user and User from package user
* Add service to wire
* Making create user work
* Replace user from user pkg
* One more
* Move Insert to orguser Service/Store
* Remove unnecessary conversion
* Cleaunp
* Fix Get User and add fakes
* Fixing get org id for user logic, adding fakes and other adjustments
* Add some tests for ourguser service and store
* Fix insert org logic
* Add comment about deprecation
* Fix after merge with main
* Move orguser service/store to org service/store
* Remove orguser from wire
* Unimplement new Create user and use User from pkg user
* Fix wire generation
* Fix lint
* Fix lint - use only User and CrateUserCommand from user pkg
* Remove User and CreateUserCommand from models
* Fix lint 2
