* Chore: Add user service method SetUsingOrg
* Chore: Add user service method GetSignedInUserWithCacheCtx
* Use method GetSignedInUserWithCacheCtx from user service
* Fix lint after rebase
* Fix lint
* Fix lint error
* roll back some changes
* Roll back changes in api and middleware
* Add xorm tags to SignedInUser ID fields
* Move SignedInUser to user service and RoleType and Roles to org
* Use go naming convention for roles
* Fix some imports and leftovers
* Fix ldap debug test
* Fix lint
* Fix lint 2
* Fix lint 3
* Fix type and not needed conversion
* Clean up messages in api tests
* Clean up api tests 2
* Only SLO user if the user is using SAML
* only one source of truth for auth module info
* ensure SAML is also enabled and not only SLO
* move auth module naming to auth module login package
* use constants in other previously unused spots
* move apikey store into a separate service
* add apikey service to wire graph
* fix linter
* switch api to use apikey service
* fix provideservice in tests
* add apikey service test double
* try different sql syntax
* rolling back the dialect
* trigger drone
* trigger drone
* Auth: check of auth_token in url and resolve user if present
* check if auth_token is passed in url
* Auth: Pass auth_token for request if present in path
* no need to decode token in index
* temp
* use loadURLToken and set authorization header
* cache token in memory and strip it from url
* Use loadURLToken
* Keep token in url
* strip sensitive query strings from url used by context logger
* adapt login by url to jwt token
* add jwt iframe devenv
* add jwt iframe devenv instructions
* add access note
* add test for cleaning request
* ensure jwt token is not carried into handlers
* do not reshuffle queries, might be important
* add correct db dump location
* prefer set token instead of cached token
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Move user not found err to user service
* User ErrCaseInsensitive from user pkg
* User ErrUserAlreadyExists from user pkg
* User ErrLastGrafanaAdmin from user pkg
* Remove errors from model
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: Prefer pointer to struct in lookup
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: user email for ldap
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: Use only login for lookup in LDAP
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Fix: use user email for ldap
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
fix remaining test
fix nit picks
* Split Create User
* Use new create user and User from package user
* Add service to wire
* Making create user work
* Replace user from user pkg
* One more
* Move Insert to orguser Service/Store
* Remove unnecessary conversion
* Cleaunp
* Fix Get User and add fakes
* Fixing get org id for user logic, adding fakes and other adjustments
* Add some tests for ourguser service and store
* Fix insert org logic
* Add comment about deprecation
* Fix after merge with main
* Move orguser service/store to org service/store
* Remove orguser from wire
* Unimplement new Create user and use User from pkg user
* Fix wire generation
* Fix lint
* Fix lint - use only User and CrateUserCommand from user pkg
* Remove User and CreateUserCommand from models
* Fix lint 2
* pkg/web: store http.Handler internally
* pkg/web: remove injection
Removes any injection code from pkg/web.
It already was no longer functional, as we already only injected into
`http.Handler`, meaning we only inject ctx.Req and ctx.Resp.
Any other types (*Context, *ReqContext) were already accessed using the
http.Request.Context.Value() method.
* *: remove type mappings
Removes any call to the previously removed TypeMapper, as those were
non-functional already.
* pkg/web: remove Context.Invoke
was no longer used outside of pkg/web and also no longer functional
* Add prefixed API key gen.
* Retrieve API Key by hash
* Handle prefixed API keys for login
* Add placeholder key generator
* fix spelling
* add get by hash sqlstore test
* reformat query
* quote usage of reserved keyword key
* use constant
* improve error handling and pre-select key type
Co-authored-by: Victor Cinaglia <victor@grafana.com>
* nits
Co-authored-by: Victor Cinaglia <victor@grafana.com>
Makes `pkg/web` only accept handles from the following set:
```go
handlerStd = func(http.ResponseWriter, *http.Request)
handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context)
handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
handlerReqCtx = func(*models.ReqContext)
handlerReqCtxRes = func(*models.ReqContext) Response
handlerCtx = func(*web.Context)
```
This is a first step to reducing above set to only `http.Handler`.
---
Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
* use common traceID context value for opentracing and opentelemetry
* support sampled trace IDs as well
* inject traceID into NormalResponse on errors
* Finally the test passed
* fix the test
* fix linter
* change the function parameter
Co-authored-by: Ying WANG <ying.wang@grafana.com>
* Update golangci-lint to v1.45.2
Version 1.45.0 added support for Go 1.18:
https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md#v1450
Signed-off-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
* Linter: fix some lints issue for golangci-lint version 1.45.2
Co-authored-by: Marcelo E. Magallon <marcelo.magallon@grafana.com>
Co-authored-by: Gábor Farkas <gabor.farkas@gmail.com>
* ServiceAccounts: move token handlers to specific file
* ServiceAccounts: move Add API key to Service account
* APIKeys: api keys can still be used even when service accounts are enabled
* APIKeys: legacy endpoint can't be used to add SA tokens
* ServiceAccount: add tests for creation with nil and non-nil service account ids
* ServiceAccounts: fix unnasigned cfg and AC typo
* Test: test service account token adding
* fix linting error
* ServiceAccounts: Handle Token deletion
* rename token funcs
* rename token funcs and api wrapping
* add token deletion tests
* review
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* remove bus
* Update pkg/api/apikey.go
Co-authored-by: eleijonmarck <eric.leijonmarck@gmail.com>
* Separate Tracer interface to TracerService and Tracer
* Fix lint
* Fix:Make it possible to start spans for both opentracing and opentelemetry in ds proxy
* Add span methods, use span interface for rest of tracing
* Fix logs in tracing
* Fix tests that are related to tracing
* Fix resourcepermissions test
* Fix some tests
* Fix more tests
* Add TracingService to wire cli runner
* Remove GlobalTracer from bus
* Renaming test function
* Remove GlobalTracer from TSDB
* Replace GlobalTracer in api
* Adjust tests to the InitializeForTests func
* Remove GlobalTracer from services
* Remove GlobalTracer
* Remove bus.NewTest
* Remove Tracer interface
* Add InitializeForBus
* Simplify tests
* Clean up tests
* Rename TracerService to Tracer
* Update pkg/middleware/request_tracing.go
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Initialize tracer before passing it to SQLStore initialization in commands
* Remove tests for opentracing
* Set span attributes correctly, remove unnecessary trace initiliazation form test
* Add tracer instance to newSQLStore
* Fix changes due to rebase
* Add modified tracing middleware test
* Fix opentracing implementation tags
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* Add extra fields to OSS types to support enterprise
* Create a service account at the same time as the API key
* Use service account credentials when accessing API with APIkey
* Add GetRole to service, merge RoleDTO and Role structs
This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons:
1. Makes switching between OSS and Enterprise easier
2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise
* If API key is not linked to a service account, continue login as usual
* Fallback to old auth if no service account linked to key
* Add CloneUserToServiceAccount
* Adding LinkAPIKeyToServiceAccount
* Handle api key link error
* Better error messages for OSS accesscontrol
* Set an invalid user id as default
* Re-arrange field names
* ServiceAccountId is integer
* Better error messages
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* update loki
* install openssl from alpine's edge repository
* extracttraceid moved to tracing package
* remove exit if warning limit is exceeded
* disable flaky libraryelements test
Fixes#30144
Co-authored-by: dsotirakis <sotirakis.dim@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Ida Furjesova <ida.furjesova@grafana.com>
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Leon Sorokin <leeoniya@gmail.com>
Co-authored-by: Andrej Ocenas <mr.ocenas@gmail.com>
Co-authored-by: spinillos <selenepinillos@gmail.com>
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
Co-authored-by: Leonard Gram <leo@xlson.com>
