* Use singleflight to prevent logging error if the token has already been refreshed
* Change order of error checks
* align tests, change error name
* Change sf key
* Update based on the review
* refactor
* Move rotate logic into its own function
* Move oauth token sync to session client
* Add user to the local cache if refresh tokens are not enabled for the provider so we can skip the check in other
requests
* Move errors to error file
* Move check for both empty username and email to user service
* Move check for empty email and username to user service Update
* Wrap inner error
* Set username in test
* Dashboards: Fix tests when authn broker is enabled.
StarService was not configured for tests, the call was guarded by !c.IsSignedIn
* Change default to be anon user to match expectations from tests
* OAuth: rewrite tests to work with authn.Service
* Setup template renderer by default
* Extract cookie options from cfg instead of relying on global variables
* Fix test to work with authn service
* Middleware: rewrite auth tests
* Remvoe session cookie if we cannot refresh access token
* fixed: added id token expiry check to oauth token sync
* use go-jose and id token in cache
* Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go
* refactored getOAuthTokenCacheTTL and added unit tests
* Small changes to oauth_token_sync
* Remove unnecessary contexthandler changes
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* make sure LastSeen hook has information to decide if update is necessary
* make user service check if it should update the user's last seen
* do not run last seen hook if is a login request
* make service return error when last seen is up to date
* fix err
* Update pkg/services/contexthandler/contexthandler.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* fix golint
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* First changes
* WIP docs
* Align current tests
* Add test for UseRefreshToken
* Update docs
* Fix
* Remove unnecessary AuthCodeURL from generic_oauth
* Change GitHub to disable use_refresh_token by default
* Search sql filter draft, unfinished
* Search works for empty roles
* Add current AuthModule to SignedInUser
* clean up, changes to the search
* Use constant prefixes
* Change AuthModule to AuthenticatedBy
* Add tests for using the permissions from the SignedInUser
* Refactor and simplify code
* Fix sql generation for pg and mysql
* Fixes, clean up
* Add test for empty permission list
* Fix
* Fix any vs all in case of edit permission
* Update pkg/services/authn/authn.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/sqlstore/permissions/dashboard_test.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Fixes, changes based on the review
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Append analytics identifier upon authenticate session
* Add id and module upon syncing user to identity
* Add authModule & id to `IdentityFromSignedInUser`
* Allow req calls in test to use basic auth
* Add `intercom_secret` to grafana config in tests
* Add test for analytics render in html view
* AuthN: Add flag to control org role syncs
* JWT: Only sync org roles if the skip flag for jwt is false
* LDAP: Only sync org role if skip flag for ldap is false
* OAuth: Skip org roles sync if no roles were provided by upstream service
* Grafana: Set SyncOrgRoles to true for authentication through proxy with grafana as backend
* AuthN: Update comments for ClientParams
* AuthN: Update flag name from SyncTeamMembers to SyncTeams
* UserSync: rename function and fix order of parameters so it is correct
* UserSync: Fix so we skip check if no authModule or authID is passed
* UserSync: move quota check to create user function
* UserSync: Move FetchSyncedUserHook to UserSync
* UserSync: Move last seen user hook to user sync service
* ApiKey: Implement last seen hook as a client hook instead
