package api import ( "github.com/grafana/grafana/pkg/api/dtos" "github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/infra/metrics" m "github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/util" ) func AdminCreateUser(c *m.ReqContext, form dtos.AdminCreateUserForm) { cmd := m.CreateUserCommand{ Login: form.Login, Email: form.Email, Password: form.Password, Name: form.Name, } if len(cmd.Login) == 0 { cmd.Login = cmd.Email if len(cmd.Login) == 0 { c.JsonApiErr(400, "Validation error, need specify either username or email", nil) return } } if len(cmd.Password) < 4 { c.JsonApiErr(400, "Password is missing or too short", nil) return } if err := bus.Dispatch(&cmd); err != nil { c.JsonApiErr(500, "failed to create user", err) return } metrics.M_Api_Admin_User_Create.Inc() user := cmd.Result result := m.UserIdDTO{ Message: "User created", Id: user.Id, } c.JSON(200, result) } func AdminUpdateUserPassword(c *m.ReqContext, form dtos.AdminUpdateUserPasswordForm) { userID := c.ParamsInt64(":id") if len(form.Password) < 4 { c.JsonApiErr(400, "New password too short", nil) return } userQuery := m.GetUserByIdQuery{Id: userID} if err := bus.Dispatch(&userQuery); err != nil { c.JsonApiErr(500, "Could not read user from database", err) return } passwordHashed := util.EncodePassword(form.Password, userQuery.Result.Salt) cmd := m.ChangeUserPasswordCommand{ UserId: userID, NewPassword: passwordHashed, } if err := bus.Dispatch(&cmd); err != nil { c.JsonApiErr(500, "Failed to update user password", err) return } c.JsonOK("User password updated") } // PUT /api/admin/users/:id/permissions func AdminUpdateUserPermissions(c *m.ReqContext, form dtos.AdminUpdateUserPermissionsForm) { userID := c.ParamsInt64(":id") cmd := m.UpdateUserPermissionsCommand{ UserId: userID, IsGrafanaAdmin: form.IsGrafanaAdmin, } if err := bus.Dispatch(&cmd); err != nil { if err == m.ErrLastGrafanaAdmin { c.JsonApiErr(400, m.ErrLastGrafanaAdmin.Error(), nil) return } c.JsonApiErr(500, "Failed to update user permissions", err) return } c.JsonOK("User permissions updated") } func AdminDeleteUser(c *m.ReqContext) { userID := c.ParamsInt64(":id") cmd := m.DeleteUserCommand{UserId: userID} if err := bus.Dispatch(&cmd); err != nil { c.JsonApiErr(500, "Failed to delete user", err) return } c.JsonOK("User deleted") } // POST /api/admin/users/:id/logout func (server *HTTPServer) AdminLogoutUser(c *m.ReqContext) Response { userID := c.ParamsInt64(":id") if c.UserId == userID { return Error(400, "You cannot logout yourself", nil) } return server.logoutUserFromAllDevicesInternal(userID) } // GET /api/admin/users/:id/auth-tokens func (server *HTTPServer) AdminGetUserAuthTokens(c *m.ReqContext) Response { userID := c.ParamsInt64(":id") return server.getUserAuthTokensInternal(c, userID) } // POST /api/admin/users/:id/revoke-auth-token func (server *HTTPServer) AdminRevokeUserAuthToken(c *m.ReqContext, cmd m.RevokeAuthTokenCmd) Response { userID := c.ParamsInt64(":id") return server.revokeUserAuthTokenInternal(c, userID, cmd) }