mirror of
https://github.com/grafana/grafana.git
synced 2025-02-20 11:48:34 -06:00
20bb0a3ab1
* Add AuthNSvc reload handling * Working, need to add test * Remove commented out code * Add Reload implementation to connectors * Align and add tests, refactor * Add more tests, linting * Add extra checks + tests to oauth client * Clean up based on reviews * Move config instantiation into newSocialBase * Use specific error
95 lines
4.1 KiB
Go
95 lines
4.1 KiB
Go
package strategies
|
|
|
|
import (
|
|
"context"
|
|
"maps"
|
|
|
|
"github.com/grafana/grafana/pkg/login/social"
|
|
"github.com/grafana/grafana/pkg/services/ssosettings"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
type OAuthStrategy struct {
|
|
cfg *setting.Cfg
|
|
settingsByProvider map[string]map[string]any
|
|
}
|
|
|
|
var _ ssosettings.FallbackStrategy = (*OAuthStrategy)(nil)
|
|
|
|
func NewOAuthStrategy(cfg *setting.Cfg) *OAuthStrategy {
|
|
oauthStrategy := &OAuthStrategy{
|
|
cfg: cfg,
|
|
settingsByProvider: make(map[string]map[string]any),
|
|
}
|
|
|
|
oauthStrategy.loadAllSettings()
|
|
return oauthStrategy
|
|
}
|
|
|
|
func (s *OAuthStrategy) IsMatch(provider string) bool {
|
|
_, ok := s.settingsByProvider[provider]
|
|
return ok
|
|
}
|
|
|
|
func (s *OAuthStrategy) GetProviderConfig(_ context.Context, provider string) (map[string]any, error) {
|
|
providerConfig := s.settingsByProvider[provider]
|
|
result := make(map[string]any, len(providerConfig))
|
|
maps.Copy(result, providerConfig)
|
|
return result, nil
|
|
}
|
|
|
|
func (s *OAuthStrategy) loadAllSettings() {
|
|
allProviders := append(ssosettings.AllOAuthProviders, social.GrafanaNetProviderName)
|
|
for _, provider := range allProviders {
|
|
settings := s.loadSettingsForProvider(provider)
|
|
if provider == social.GrafanaNetProviderName {
|
|
provider = social.GrafanaComProviderName
|
|
}
|
|
s.settingsByProvider[provider] = settings
|
|
}
|
|
}
|
|
|
|
func (s *OAuthStrategy) loadSettingsForProvider(provider string) map[string]any {
|
|
section := s.cfg.Raw.Section("auth." + provider)
|
|
|
|
return map[string]any{
|
|
"client_id": section.Key("client_id").Value(),
|
|
"client_secret": section.Key("client_secret").Value(),
|
|
"scopes": section.Key("scopes").Value(),
|
|
"empty_scopes": section.Key("empty_scopes").MustBool(false),
|
|
"auth_style": section.Key("auth_style").Value(),
|
|
"auth_url": section.Key("auth_url").Value(),
|
|
"token_url": section.Key("token_url").Value(),
|
|
"api_url": section.Key("api_url").Value(),
|
|
"teams_url": section.Key("teams_url").Value(),
|
|
"enabled": section.Key("enabled").MustBool(false),
|
|
"email_attribute_name": section.Key("email_attribute_name").Value(),
|
|
"email_attribute_path": section.Key("email_attribute_path").Value(),
|
|
"role_attribute_path": section.Key("role_attribute_path").Value(),
|
|
"role_attribute_strict": section.Key("role_attribute_strict").MustBool(false),
|
|
"groups_attribute_path": section.Key("groups_attribute_path").Value(),
|
|
"team_ids_attribute_path": section.Key("team_ids_attribute_path").Value(),
|
|
"allowed_domains": section.Key("allowed_domains").Value(),
|
|
"hosted_domain": section.Key("hosted_domain").Value(),
|
|
"allow_sign_up": section.Key("allow_sign_up").MustBool(false),
|
|
"name": section.Key("name").Value(),
|
|
"icon": section.Key("icon").Value(),
|
|
"skip_org_role_sync": section.Key("skip_org_role_sync").MustBool(false),
|
|
"tls_client_cert": section.Key("tls_client_cert").Value(),
|
|
"tls_client_key": section.Key("tls_client_key").Value(),
|
|
"tls_client_ca": section.Key("tls_client_ca").Value(),
|
|
"tls_skip_verify_insecure": section.Key("tls_skip_verify_insecure").MustBool(false),
|
|
"use_pkce": section.Key("use_pkce").MustBool(false),
|
|
"use_refresh_token": section.Key("use_refresh_token").MustBool(false),
|
|
"allow_assign_grafana_admin": section.Key("allow_assign_grafana_admin").MustBool(false),
|
|
"auto_login": section.Key("auto_login").MustBool(false),
|
|
"allowed_groups": section.Key("allowed_groups").Value(),
|
|
"signout_redirect_url": section.Key("signout_redirect_url").Value(),
|
|
"allowed_organizations": section.Key("allowed_organizations").Value(),
|
|
"id_token_attribute_name": section.Key("id_token_attribute_name").Value(),
|
|
"login_attribute_path": section.Key("login_attribute_path").Value(),
|
|
"name_attribute_path": section.Key("name_attribute_path").Value(),
|
|
"team_ids": section.Key("team_ids").Value(),
|
|
}
|
|
}
|