Commit Graph

102 Commits

Author SHA1 Message Date
Carl Bergquist
eb507dca89
Remotecache: rename setbytearray/getbytearray to set/get and remove codec (#64470)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-03-10 13:57:29 +01:00
Jo
45fde4235b
Deps: Replace go-jose v2 with go-jose v3 (#64228)
replace go-jose v2 with go-jose v3
2023-03-06 15:12:51 +01:00
Carl Bergquist
b88206d98f
Cache: Refactor cache clients to use byte array (#62930)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-02-08 10:30:20 +01:00
Carl Bergquist
64c2032c2b
Auth: removes temporary cache of user session token (#62730)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2023-02-06 13:51:12 +01:00
Misi
7c1d9769ca
Auth: Rotate token patch (#62676)
* Use singleflight.Group

* Align tests

* Cleanup
2023-02-02 14:36:16 +01:00
Serge Zaitsev
7dbd2cd139
Chore: Fix goimports grouping (#62426)
fix goimports ordering
2023-01-30 09:34:18 +01:00
Kristin Laemmert
9256a520a4
chore: move user_auth models to (mostly) login service (#62269)
* chore: move user_auth models to (mostly) login service
2023-01-27 13:36:54 -05:00
Kristin Laemmert
cd08f2575a
chore: move jwt models into auth/jwt (#61862)
* chore: move jwt models into auth/jwt
2023-01-20 13:11:06 -05:00
Misi
b8b08ea292
Auth: Add sub claim check to JWT Auth pre-checks (#61417)
* Auth: Add sub claim check to JWT Auth pre-checks

* Add #nosec annotation to the test tokens
2023-01-16 10:50:34 +01:00
Jo
0c8ad80575
Authn: JWT client (#61157)
* add jwt client

* alias JWT verifier

* debug implementation

* add tests for jwt client

* add constant for JWT module

* Feedback

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
2023-01-10 15:08:52 +01:00
Jo
df4f0343e5
Auth: Session cache [main] (#59935)
* Auth: Session cache [v9.2.x] (#59907)

* add cache wrapper

only cache token if not to rotate

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

anticipate next rotation

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 07a4b2343d)

* FeatureToggle: for storing sessions in a Remote Cache

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
(cherry picked from commit b8a8c15148)

* use feature flag for session cache

* ensure ttl is minimum 1 second

Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* ensure 2 ttl window to prevent caching of tokens near rotation

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>

* fix description of toggle

Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 2919588a82)

* fix broken quota test
2022-12-07 10:55:48 +01:00
Jo
fee50be1bb
Sessions: Remove invalid session cookie if it's invalid/expired/missing (#59556)
only remove invalid session cookie if it's invalid/expired/missing
2022-11-30 15:33:19 +01:00
Karl Persson
062c5b805c
Auth: Merge ActiveAuthTokenService into UserAuthTokenService (#59032)
* Auth: Merge UserTokenService and ActiveAuthTokenService

* Auth: Rename function
2022-11-22 10:58:59 +01:00
Karl Persson
fef1e1d5bc
Auth: Refactor auth package (#58920)
* Auth: move interface to its own file

* Auth: move to test package

* Auth: move quota consts to auth file

* Auth: move service to impl package

* Auth: move interfaces and related models to auth package

* Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 09:56:06 +01:00
Sofia Papagiannaki
9855e74b92
Chore: Refactor quota service (#58643)
Chore: Refactor quota service (#57586)

* Chore: refactore quota service

* Apply suggestions from code review
2022-11-14 21:08:10 +02:00
Sofia Papagiannaki
96cdf77995
Revert "Chore: Refactor quota service (#57586)" (#58394)
This reverts commit 326ea86a57.
2022-11-08 11:52:07 +02:00
Sofia Papagiannaki
326ea86a57
Chore: Refactor quota service (#57586)
* Chore: refactore quota service

* Apply suggestions from code review
2022-11-08 10:25:34 +02:00
Kristin Laemmert
05709ce411
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087)
* chore: add alias for InitTestDB and Session

Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store.

* next pass of removing sqlstore imports
* last little bit
* remove mockstore where possible
2022-10-19 09:02:15 -04:00
Misi
9c954d06ab
Auth: Refresh OAuth access_token automatically using the refresh_token (#56076)
* Verify OAuth token expiration for oauth users in the ctx handler middleware

* Use refresh token to get a new access token

* Refactor oauth_token.go

* Add tests for the middleware changes

* Align other tests

* Add tests, wip

* Add more tests

* Add InvalidateOAuthTokens method

* Fix ExpiryDate update to default

* Invalidate OAuth tokens during logout

* Improve logout

* Add more comments

* Cleanup

* Fix import order

* Add error to HasOAuthEntry return values

* add dev debug logs

* Fix tests

Co-authored-by: jguer <joao.guerreiro@grafana.com>
2022-10-18 18:17:28 +02:00
Sofia Papagiannaki
8b77ee2734
SQLStore: Ensure that sessions are always closed (#55864)
* SQLStore: Ensure that sessions are always closed

Delete `NewSession()` in favour of `WithDbSession()`

* Add WithDbSessionForceNewSession to the interface

* Apply suggestions from code review
2022-09-29 15:55:47 +03:00
Marcus Efraimsson
862a6a2fa6
Logging: Introduce API for contextual logging (#55198)
Introduces a FromContext method on the log.Logger interface that 
allows contextual key/value pairs to be attached, e.g. per request, 
so that any logger using this API will automatically get the per request 
context attached. The proposal makes the traceID available for 
contextual logger , if available, and would allow logs originating from 
a certain HTTP request to be correlated with traceID.
In addition, when tracing not enabled, skip adding
traceID=00000000000000000000000000000000
to logs.
2022-09-20 18:32:06 +02:00
Emil Tullstedt
b287047052
Chore: Upgrade Go to 1.19.1 (#54902)
* WIP

* Set public_suffix to a pre Ruby 2.6 version

* we don't need to install python

* Stretch->Buster

* Bump versions in lib.star

* Manually update linter

Sort of messy, but the .mod-file need to contain all dependencies that
use 1.16+ features, otherwise they're assumed to be compiled with
-lang=go1.16 and cannot access generics et al.

Bingo doesn't seem to understand that, but it's possible to manually
update things to get Bingo happy.

* undo reformatting

* Various lint improvements

* More from the linter

* goimports -w ./pkg/

* Disable gocritic

* Add/modify linter exceptions

* lint + flatten nested list

Go 1.19 doesn't support nested lists, and there wasn't an obvious workaround.
https://go.dev/doc/comment#lists
2022-09-12 12:03:49 +02:00
Ieva
de6584b976
Auth: Extend auth token errors with user ID (#54633)
* add user ID to user token errors

* remove colon

* move user ID to debug log, so it wouldn't accidentally be added in response
2022-09-02 14:38:25 +01:00
Jo
062d255124
Handle ioutil deprecations (#53526)
* replace ioutil.ReadFile -> os.ReadFile

* replace ioutil.ReadAll -> io.ReadAll

* replace ioutil.TempFile -> os.CreateTemp

* replace ioutil.NopCloser -> io.NopCloser

* replace ioutil.WriteFile -> os.WriteFile

* replace ioutil.TempDir -> os.MkdirTemp

* replace ioutil.Discard -> io.Discard
2022-08-10 15:37:51 +02:00
Selene
085ae014cd
Sync: Move ActiveTokenCount to a new service (#52991)
* Move ActiveTokenCount to a new service

* Fixing tests

* fix `RootSystem`

Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>
2022-07-29 16:30:46 +02:00
idafurjes
6c43eb0b4d
Split Create User (#50502)
* Split Create User

* Use new create user and User from package user

* Add service to wire

* Making create user work

* Replace user from user pkg

* One more

* Move Insert to orguser Service/Store

* Remove unnecessary conversion

* Cleaunp

* Fix Get User and add fakes

* Fixing get org id for user logic, adding fakes and other adjustments

* Add some tests for ourguser service and store

* Fix insert org logic

* Add comment about deprecation

* Fix after merge with main

* Move orguser service/store to org service/store

* Remove orguser from wire

* Unimplement new Create user and use User from pkg user

* Fix wire generation

* Fix lint

* Fix lint - use only User and CrateUserCommand from user pkg

* Remove User and CreateUserCommand from models

* Fix lint 2
2022-06-28 14:32:25 +02:00
idafurjes
b8852ef6a3
Chore: Remove context.TODO() (#43409)
* Remove context.TODO() from services

* Fix live test

* Remove context.TODO
2021-12-22 11:02:42 +01:00
Emil Tullstedt
12e0a94316
JWT: Split race-y test into two stable tests (#41950) 2021-11-19 12:05:04 +01:00
Emil Tullstedt
dbb8246b6b
JWT: Increase distance from now in tests (#41794) 2021-11-17 12:03:56 +01:00
Guillaume GILL
7c5de96503
Auth: Omit all base64 paddings in JWT tokens for the JWT auth (#35602)
Omitting all base64 paddings (=) in JWT tokens.

Fixes #34496
2021-10-27 18:50:30 +02:00
Serge Zaitsev
995afa2221
Chore: Refactor GoConvey in auth package (#40850)
* refactor goconvey in auth package

* make linter happy
2021-10-27 16:08:21 +02:00
idafurjes
f4f0d74838
Chore: Add context to user (#39649)
* Add context to user

* Add context for enterprise

* Add context for UpdateUserLastSeenAtCommand

* Remove xorm
2021-10-04 15:46:09 +02:00
Arve Knudsen
78596a6756
Migrate to Wire for dependency injection (#32289)
Fixes #30144

Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
2021-08-25 15:11:22 +02:00
Carl Bergquist
a10fa5cad3
Instrumentation: Start tracing database requests (#34572)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-05-27 13:55:33 +02:00
Vladimir Kochnev
39a3b0d0b0
Auth: support JWT Authentication (#29995) 2021-03-31 08:40:44 -07:00
Joan López de la Franca Beltran
610999cfa2
Auth: Allow soft token revocation (#31601)
* Add revoked_at field to user auth token to allow soft revokes

* Allow soft token revocations

* Update token revocations and tests

* Return error info on revokedTokenErr

* Override session cookie only when no revokedErr nor API request

* Display modal on revoked token error

* Feedback: Refactor TokenRevokedModal to FC

* Add GetUserRevokedTokens into UserTokenService

* Backendsrv: adds tests and refactors soft token path

* Apply feedback

* Write redirect cookie on token revoked error

* Update TokenRevokedModal style

* Return meaningful error info

* Some UI changes

* Update backend_srv tests

* Minor style fix on backend_srv tests

* Replace deprecated method usage to publish events

* Fix backend_srv tests

* Apply suggestions from code review

Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Minor style fix after PR suggestion commit

* Apply suggestions from code review

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Prettier fixes

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 17:44:02 +01:00
Carl Bergquist
5114fa39ce
we should never log unhashed tokens (#31432)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-02-24 10:04:25 +01:00
Agnès Toulet
2a70c73025
Auth: add expired token error and update CreateToken function (#30203)
* Auth: add error for expired token

* Auth: save token error into context data

* Auth: send full user and req context to CreateToken

* Auth: add token ID in context

* add TokenExpiredError struct

* update auth tests

* remove most of the changes to CreateToken func

* clean up

* Login: add requestURI in CreateToken ctx

* update RequestURIKey comment
2021-01-19 17:55:53 +01:00
Arve Knudsen
25048ebdf8
Chore: Add CloudWatch HTTP API tests (#29691)
* CloudWatch: Add HTTP API tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-07 11:36:13 +01:00
Arve Knudsen
12661e8a9d
Move middleware context handler logic to service (#29605)
* middleware: Move context handler to own service

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 11:44:44 +01:00
taciomcosta
10ff4eecef
Backend: fix IPv6 address parsing erroneous (#28585)
* Backend: Fix parsing of client IP address

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-25 07:55:22 +01:00
Arve Knudsen
b5379c5335
Chore: Fix SQL related Go variable naming (#28887)
* Chore: Fix variable naming

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-11 06:21:08 +01:00
Arve Knudsen
676d393ec9
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866)
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Apply suggestions from code review

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 15:37:11 +01:00
Arve Knudsen
a078e40238
Settings: Rename constants/variables to follow Go naming standards (#28002)
* settings: Rename constants/variables to follow Go naming standards
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-02 15:45:45 +02:00
Hansuuuuuuuuuu
8d971ab2f2
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150)
Allows login_maximum_inactive_lifetime_duration and 
login_maximum_lifetime_duration to be configured using 
time.Duration-compatible values while retaining backward compatibility.

Fixes #17554

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-09-14 15:57:38 +02:00
Arve Knudsen
41d432b5ae
Chore: Enable whitespace linter (#25903)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-07-06 20:17:28 +02:00
Arve Knudsen
2a78d2a61c
pkg/services: Check errors (#19712)
* pkg/services: Check errors
* pkg/services: Don't treat context.Canceled|context.DeadlineExceeded as error
2019-10-22 14:08:18 +02:00
Arve Knudsen
b858a5f496
Don't truncate IPv6 addresses (#19573)
* Bugfix: Fix parsing of IPv6 addresses

Make sure that IPv6 addresses aren't truncated when parsing. Fixes #18924
* util: Change network address parsing funcs to return error
* pkg/api: Return NetworkAddress instead of host/port
2019-10-09 08:58:45 +02:00
Leonard Gram
d71043609e
Testing: Include BatchRevoke for all tokens in the fake. (#17728) 2019-07-02 09:42:35 +02:00
Alexander Zobnin
60ddad8fdb
Batch disable users (#17254)
* batch disable users

* batch revoke users tokens

* split batch disable user and revoke token

* fix tests for batch disable users

* Chore: add BatchDisableUsers() to the bus
2019-05-31 13:22:22 +03:00