mirror of
https://github.com/grafana/grafana.git
synced 2024-12-01 13:09:22 -06:00
610999cfa2
* Add revoked_at field to user auth token to allow soft revokes * Allow soft token revocations * Update token revocations and tests * Return error info on revokedTokenErr * Override session cookie only when no revokedErr nor API request * Display modal on revoked token error * Feedback: Refactor TokenRevokedModal to FC * Add GetUserRevokedTokens into UserTokenService * Backendsrv: adds tests and refactors soft token path * Apply feedback * Write redirect cookie on token revoked error * Update TokenRevokedModal style * Return meaningful error info * Some UI changes * Update backend_srv tests * Minor style fix on backend_srv tests * Replace deprecated method usage to publish events * Fix backend_srv tests * Apply suggestions from code review Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> * Minor style fix after PR suggestion commit * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Prettier fixes Co-authored-by: Hugo Häggmark <hugo.haggmark@gmail.com> Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
76 lines
2.0 KiB
Go
76 lines
2.0 KiB
Go
package models
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"net"
|
|
)
|
|
|
|
// Typed errors
|
|
var (
|
|
ErrUserTokenNotFound = errors.New("user token not found")
|
|
)
|
|
|
|
// CreateTokenErr represents a token creation error; used in Enterprise
|
|
type CreateTokenErr struct {
|
|
StatusCode int
|
|
InternalErr error
|
|
ExternalErr string
|
|
}
|
|
|
|
func (e *CreateTokenErr) Error() string {
|
|
if e.InternalErr != nil {
|
|
return e.InternalErr.Error()
|
|
}
|
|
return "failed to create token"
|
|
}
|
|
|
|
type TokenExpiredError struct {
|
|
UserID int64
|
|
TokenID int64
|
|
}
|
|
|
|
func (e *TokenExpiredError) Error() string { return "user token expired" }
|
|
|
|
type TokenRevokedError struct {
|
|
UserID int64
|
|
TokenID int64
|
|
MaxConcurrentSessions int64
|
|
}
|
|
|
|
func (e *TokenRevokedError) Error() string { return "user token revoked" }
|
|
|
|
// UserToken represents a user token
|
|
type UserToken struct {
|
|
Id int64
|
|
UserId int64
|
|
AuthToken string
|
|
PrevAuthToken string
|
|
UserAgent string
|
|
ClientIp string
|
|
AuthTokenSeen bool
|
|
SeenAt int64
|
|
RotatedAt int64
|
|
CreatedAt int64
|
|
UpdatedAt int64
|
|
RevokedAt int64
|
|
UnhashedToken string
|
|
}
|
|
|
|
type RevokeAuthTokenCmd struct {
|
|
AuthTokenId int64 `json:"authTokenId"`
|
|
}
|
|
|
|
// UserTokenService are used for generating and validating user tokens
|
|
type UserTokenService interface {
|
|
CreateToken(ctx context.Context, user *User, clientIP net.IP, userAgent string) (*UserToken, error)
|
|
LookupToken(ctx context.Context, unhashedToken string) (*UserToken, error)
|
|
TryRotateToken(ctx context.Context, token *UserToken, clientIP net.IP, userAgent string) (bool, error)
|
|
RevokeToken(ctx context.Context, token *UserToken, soft bool) error
|
|
RevokeAllUserTokens(ctx context.Context, userId int64) error
|
|
ActiveTokenCount(ctx context.Context) (int64, error)
|
|
GetUserToken(ctx context.Context, userId, userTokenId int64) (*UserToken, error)
|
|
GetUserTokens(ctx context.Context, userId int64) ([]*UserToken, error)
|
|
GetUserRevokedTokens(ctx context.Context, userId int64) ([]*UserToken, error)
|
|
}
|