Commit Graph

68 Commits

Author SHA1 Message Date
Vladimir Kochnev
39a3b0d0b0
Auth: support JWT Authentication (#29995) 2021-03-31 08:40:44 -07:00
Joan López de la Franca Beltran
610999cfa2
Auth: Allow soft token revocation (#31601)
* Add revoked_at field to user auth token to allow soft revokes

* Allow soft token revocations

* Update token revocations and tests

* Return error info on revokedTokenErr

* Override session cookie only when no revokedErr nor API request

* Display modal on revoked token error

* Feedback: Refactor TokenRevokedModal to FC

* Add GetUserRevokedTokens into UserTokenService

* Backendsrv: adds tests and refactors soft token path

* Apply feedback

* Write redirect cookie on token revoked error

* Update TokenRevokedModal style

* Return meaningful error info

* Some UI changes

* Update backend_srv tests

* Minor style fix on backend_srv tests

* Replace deprecated method usage to publish events

* Fix backend_srv tests

* Apply suggestions from code review

Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>

* Minor style fix after PR suggestion commit

* Apply suggestions from code review

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Prettier fixes

Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-03-16 17:44:02 +01:00
Carl Bergquist
5114fa39ce
we should never log unhashed tokens (#31432)
Signed-off-by: bergquist <carl.bergquist@gmail.com>
2021-02-24 10:04:25 +01:00
Agnès Toulet
2a70c73025
Auth: add expired token error and update CreateToken function (#30203)
* Auth: add error for expired token

* Auth: save token error into context data

* Auth: send full user and req context to CreateToken

* Auth: add token ID in context

* add TokenExpiredError struct

* update auth tests

* remove most of the changes to CreateToken func

* clean up

* Login: add requestURI in CreateToken ctx

* update RequestURIKey comment
2021-01-19 17:55:53 +01:00
Arve Knudsen
25048ebdf8
Chore: Add CloudWatch HTTP API tests (#29691)
* CloudWatch: Add HTTP API tests

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-07 11:36:13 +01:00
Arve Knudsen
12661e8a9d
Move middleware context handler logic to service (#29605)
* middleware: Move context handler to own service

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-12-11 11:44:44 +01:00
taciomcosta
10ff4eecef
Backend: fix IPv6 address parsing erroneous (#28585)
* Backend: Fix parsing of client IP address

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-25 07:55:22 +01:00
Arve Knudsen
b5379c5335
Chore: Fix SQL related Go variable naming (#28887)
* Chore: Fix variable naming

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-11 06:21:08 +01:00
Arve Knudsen
676d393ec9
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866)
* Chore: Fix issues reported by staticcheck

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Apply suggestions from code review

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 15:37:11 +01:00
Arve Knudsen
a078e40238
Settings: Rename constants/variables to follow Go naming standards (#28002)
* settings: Rename constants/variables to follow Go naming standards
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-02 15:45:45 +02:00
Hansuuuuuuuuuu
8d971ab2f2
Auth: Replace maximum inactive/lifetime settings of days to duration (#27150)
Allows login_maximum_inactive_lifetime_duration and 
login_maximum_lifetime_duration to be configured using 
time.Duration-compatible values while retaining backward compatibility.

Fixes #17554

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-09-14 15:57:38 +02:00
Arve Knudsen
41d432b5ae
Chore: Enable whitespace linter (#25903)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-07-06 20:17:28 +02:00
Arve Knudsen
2a78d2a61c
pkg/services: Check errors (#19712)
* pkg/services: Check errors
* pkg/services: Don't treat context.Canceled|context.DeadlineExceeded as error
2019-10-22 14:08:18 +02:00
Arve Knudsen
b858a5f496
Don't truncate IPv6 addresses (#19573)
* Bugfix: Fix parsing of IPv6 addresses

Make sure that IPv6 addresses aren't truncated when parsing. Fixes #18924
* util: Change network address parsing funcs to return error
* pkg/api: Return NetworkAddress instead of host/port
2019-10-09 08:58:45 +02:00
Leonard Gram
d71043609e
Testing: Include BatchRevoke for all tokens in the fake. (#17728) 2019-07-02 09:42:35 +02:00
Alexander Zobnin
60ddad8fdb
Batch disable users (#17254)
* batch disable users

* batch revoke users tokens

* split batch disable user and revoke token

* fix tests for batch disable users

* Chore: add BatchDisableUsers() to the bus
2019-05-31 13:22:22 +03:00
zhulongcheng
2fff8f77dc move log package to /infra (#17023)
ref #14679

Signed-off-by: zhulongcheng <zhulongcheng.me@gmail.com>
2019-05-13 08:45:54 +02:00
Carl Bergquist
9660356638
Auth: Enable retries and transaction for some db calls for auth tokens (#16785)
the WithSession wrapper handles retries and connection
management so the caller dont have to worry about it.
2019-04-30 14:42:01 +02:00
Carl Bergquist
490515aec6
build: partially replace gometalinter with golangci-lint (#16610)
we still use gometalinter for goconst since it doesn't 
report errors for duplicated in test files
2019-04-16 10:27:07 +02:00
Marcus Efraimsson
8029e48588
support get user tokens/revoke all user tokens in UserTokenService 2019-03-08 15:15:17 +01:00
bergquist
7754c37a1f reduce loglevel to debug 2019-02-19 08:22:33 +01:00
bergquist
e163aadfe4 use authtoken for session quota restrictions
closes #15360
2019-02-12 15:10:55 +01:00
bergquist
170783c292 make hourly cleanup the default behavior 2019-02-07 10:51:35 +01:00
Marcus Efraimsson
1a140ee199
run token cleanup job when grafana starts, then each hour 2019-02-06 22:27:08 +01:00
Marcus Efraimsson
8ae066ab5d
move authtoken package into auth package 2019-02-06 17:02:57 +01:00
Marcus Efraimsson
8678620730
move UserToken and UserTokenService to models package 2019-02-06 16:55:12 +01:00
Marcus Efraimsson
a60124a88c
change UserToken from interface to struct 2019-02-06 16:30:50 +01:00
Marcus Efraimsson
d8658a765c
enhanced expiration logic for lookup token
tokens are not expired if created_at > now - LoginMaxLifetimeDays and
rotated_at > now - LoginMaxInactiveLifetimeDays
2019-02-06 08:30:14 +01:00
Marcus Efraimsson
9483506590
auth token clean up job now runs on schedule and deletes all expired tokens
delete tokens having created_at <= LoginMaxLifetimeDays or
rotated_at <= LoginMaxInactiveLifetimeDays
2019-02-05 21:20:11 +01:00
Marcus Efraimsson
0915f931ae
change configuration settings in auth package 2019-02-05 21:12:30 +01:00
Marcus Efraimsson
7cd3cd6cd4
auth package refactoring
moving middleware/hooks away from package
exposing public struct UserToken accessible from other packages
fix debug log lines so the same order and naming are used
2019-02-05 00:10:56 +01:00
Marcus Efraimsson
fb3c510178
Merge branch 'master' into delete_session_on_logout 2019-02-04 20:23:05 +01:00
bergquist
a6bd2c73a0 introduce samesite setting for login cookie
ref #15067
2019-02-01 11:47:21 +01:00
bergquist
a1b3986532 always delete session cookie even if db delete fails 2019-02-01 09:59:53 +01:00
bergquist
91bd908e03 adds more tests signing out session 2019-01-31 22:24:04 +01:00
bergquist
11c4967bdc changes some info logging to debug 2019-01-31 21:51:14 +01:00
bergquist
88ca54eba9 renames signout function 2019-01-31 16:26:36 +01:00
bergquist
43ac79685a delete auth token on signout 2019-01-31 16:13:35 +01:00
bergquist
75760aa892 dont specify domain for auth cookies 2019-01-25 10:40:50 +01:00
bergquist
d6edaa1328 moves cookie https setting to [security] 2019-01-24 19:04:58 +01:00
bergquist
516037fbdd makes sure rotation is always higher than urgent rotation 2019-01-24 13:54:45 +01:00
bergquist
fd0f9f2dd2 fixes broken test 2019-01-24 12:06:44 +01:00
bergquist
ff483f3782 removes old cookie auth configuration 2019-01-24 10:55:10 +01:00
bergquist
56a521b264 makes auth token rotation time configurable 2019-01-24 10:50:18 +01:00
Carl Bergquist
766122856b
Merge pull request #14995 from bergquist/token_oauth
Stores hashed state code in cookie for OAuth logins.
2019-01-23 10:39:12 +01:00
bergquist
c3ff3d644c fixes nil ref in tests 2019-01-22 16:16:32 +01:00
bergquist
64124b5042 add setting for how to long we should keep expired tokens 2019-01-22 15:31:43 +01:00
bergquist
12f8338977 stores hashed state code in cookie 2019-01-22 15:22:24 +01:00
bergquist
d3ec8e1ccb creates new config section for login settings 2019-01-22 15:22:11 +01:00
Marcus Efraimsson
4096449aec
extract auth token interface and remove auth token from context 2019-01-22 12:00:33 +01:00