Commit Graph

16 Commits

Author SHA1 Message Date
Karl Persson
9977258d04
AuthN: Set uid during authentication (#87797)
* Identity: Remove GetNamespacedUID and use GetUID instead

* Authn: Set uid for users and service accounts
2024-05-14 14:13:50 +02:00
Dan Cech
41bee274fd
Chore: Fix error handling in postDashboard, remove UserDisplayDTO, fix live redis client initialization (#87206)
* clean up error handling in postDashboard and remove UserDisplayDTO

* replace GetUserUID with GetUID and GetNamespacedUID, enforce namespace constant type

* lint fix

* lint fix

* more lint fixes
2024-05-06 14:17:34 -04:00
Karl Persson
d8fbbdefea
Identity: Use typed namespace id (#87121)
* Use typed namespace id
2024-05-02 14:50:56 +02:00
Karl Persson
cd724d74aa
Authn: move namespace id type (#86853)
* Use RoleType from org package

* Move to identity package and re-export from authn

* Replace usage of top level functions for identity

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-04-25 12:54:36 +02:00
Karl Persson
0fa983ad8e
AuthN: Use typed namespace id inside authn package (#86048)
* authn: Use typed namespace id inside package
2024-04-24 09:57:34 +02:00
Karl Persson
73fecc8d80
Authn: Identity resolvers (#85930)
* AuthN: Add NamespaceID struct. We should replace the usage of encoded namespaceID with this one

* AuthN: Add optional interface that clients can implement to be able to resolve identity for a namespace

* Authn: Implement IdentityResolverClient for api keys

* AuthN: use idenity resolvers

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-04-12 11:38:20 +02:00
Karl Persson
895222725c
Session: set authID and authenticatedBy (#85806)
* Authn: Resolve authenticate by and auth id when fethcing signed in user

* Change logout client interface to only take Requester interface

* Session: Fetch external auth info when authenticating sessions

* Use authenticated by from identity

* Move call to get auth-info into session client and use GetAuthenticatedBy in various places
2024-04-11 10:25:29 +02:00
Karl Persson
ba41954854
Email: trigger email verification flow (#85587)
* Add email and email_verified to id token if identity is a user

* Add endpoint to trigger email verification for user

* Add function to clear stored id tokens and use it when email verification is completed
2024-04-05 12:05:46 +02:00
Jo
5340a6e548
Auth: Extended JWT client for OBO and Service Authentication (#83814)
* reenable ext-jwt-client

* fixup settings struct

* add user and service auth

* lint up

* add user auth to grafana ext

* fixes

* Populate token permissions

Co-authored-by: jguer <joao.guerreiro@grafana.com>

* fix tests

* fix lint

* small prealloc

* small prealloc

* use special namespace for access policies

* fix access policy auth

* fix tests

* fix uncalled settings expander

* add feature toggle

* small feedback fixes

* rename entitlements to permissions

* add authlibn

* allow viewing the signed in user info for non user namespace

* fix invalid namespacedID

* use authlib as verifier for tokens

* Update pkg/services/authn/clients/ext_jwt.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Update pkg/services/authn/clients/ext_jwt_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* fix parameter names

* change asserts to normal package

* add rule for assert

* fix ownerships

* Local diff

* test and lint

* Fix test

* Fix ac test

* Fix pluginproxy test

* Revert testdata changes

* Force revert on test data

---------

Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2024-04-02 17:45:15 +02:00
Karl Persson
152cb47692
AuthN: Add IsAuthenticatedBy to identity interface and replace checks (#85262)
Add IsAuthenticatedBy to identity interface and replace checks
2024-03-27 15:22:13 +01:00
Karl Persson
d4e802dd47
Authn: Add function to resolve identity from org and namespace id (#84555)
* Add function to get the namespaced id

* Add function to resolve an identity through authn.Service from org and namespace id

* Switch to resolve identity for re-authenticate in another org
2024-03-15 15:08:15 +01:00
Gabriel MABILLE
3df0611f81
RBAC: Fix authorize in org (#81552)
* RBAC: Fix authorize in org

* Implement option 2

* Fix typo

* Fix alerting test

* Add test to cover the not member case
2024-02-01 12:37:01 +01:00
Vardan Torosyan
63cd5a5625
Chore: Cleanup namespace and ID resolution (#79360)
* Chore: Cleanup namespace ID resolution

* Check for negative userID when relevant

* Reuse existing function for parsing ID as int

* Fix imports
2023-12-21 20:42:05 +01:00
Karl Persson
7a38090bc0
AuthN: Fix namespaces for anonymous and render (#75661)
* AuthN: remove IsAnonymous from identity struct and set correct namespace for anonymous and render

* Don't parse user id for render namespace
2023-09-29 09:10:33 +02:00
Karl Persson
fd2235b5ad
AuthN: Implement requester interface for identity (#75618)
* AuthN: Implement identity.Requester interface for authn.Identity

* AuthN: Replace OrgRole with GetOrgRole

* IDForwarding: skip converting to SignedInUser

* Pass identity directly in permission sync hook
2023-09-28 16:37:32 +02:00
Karl Persson
b9b4246432
IDForwarding: Add auth hook to generate id token (#75555)
* AuthN: Move identity struct to its own file

* IDForwarding: Add IDToken property to usr and identity structs and add GetIDToken to requester interface

* Inject IDService into background services

* IDForwarding: Register post auth hook when feature toggle is enabled
2023-09-28 09:22:05 +02:00