IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-26 02:40:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
2782ad0955
grafana/pkg/api
History
Marcus Efraimsson 3d1c624c12 WIP: Protect against brute force (frequent) login attempts (#10031) 
* db: add login attempt migrations

* db: add possibility to create login attempts

* db: add possibility to retrieve login attempt count per username

* auth: validation and update of login attempts for invalid credentials

If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login

* db: add possibility to delete expired login attempts

* cleanup: Delete login attempts older than 10 minutes

The cleanup job are running continuously and triggering each 10 minute

* fix typo: rename consequent to consequent

* auth: enable login attempt validation for ldap logins

* auth: disable login attempts validation by configuration

Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616

* auth: don't run cleanup of login attempts if feature is disabled

#7616

* auth: rename settings.go to ldap_settings.go

* auth: refactor AuthenticateUser

Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616

* auth: rename login attempt validation to brute force login protection

Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
2018-01-26 10:41:41 +01:00
..
avatar fix missing profile icon (#10469) 2018-01-09 13:58:03 +01:00
dtos Add avatar to team and team members page (#10305) 2017-12-20 21:20:12 +01:00
live refactor(http): refactoring http server 2016-12-21 14:36:32 +01:00
pluginproxy proxyds: delete cookies except those listed in keepCookies 2017-12-14 11:46:44 +01:00
static feat(macaron): upgrades macaron version 2016-01-13 15:11:23 +01:00
admin_users.go convert old metrics to prom metrics 2017-09-14 14:26:32 +02:00
admin.go Fixed api bugs, stats endpoint working 2016-01-24 21:18:17 -08:00
alerting.go tech: alert list react migration progress 2017-12-31 14:16:19 +01:00
annotations.go fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 2017-11-21 11:28:17 +01:00
api.go Add avatar to team and team members page (#10305) 2017-12-20 21:20:12 +01:00
apikey.go More work on email and notification infra #1456 2015-06-05 11:08:19 +02:00
app_routes.go Merge pull request #9378 from mattbostock/verify_tls 2017-10-12 11:11:02 +02:00
common.go fix(api): fixed issue with api content-type in api success messages, fixes #6160 2016-10-01 16:52:52 +02:00
dashboard_acl_test.go refactor: format files by gofmt 2017-12-11 19:46:05 +03:00
dashboard_acl.go refactor: format files by gofmt 2017-12-11 19:46:05 +03:00
dashboard_snapshot.go convert old metrics to prom metrics 2017-09-14 14:26:32 +02:00
dashboard_test.go fix: viewers can edit now works correctly 2017-12-15 14:19:49 +01:00
dashboard.go Merge remote-tracking branch 'origin/master' into develop 2017-12-13 19:18:10 +01:00
dataproxy.go dataproxy: added caching of datasources when doing data proxy requests, #9078 2017-08-23 13:31:26 +02:00
datasources_test.go WIP: delete permission in API 2017-06-12 15:49:09 +02:00
datasources.go api: fix so that datasources functions returns Response 2017-11-16 16:29:05 +01:00
frontendsettings.go Merge branch 'master' into develop 2017-09-18 12:32:29 +02:00
grafana_com_proxy.go Always verify TLS unless explicitly told otherwise 2017-10-06 17:09:27 +01:00
http_server.go imguploader: Add support for new internal image store (#6922) 2018-01-12 21:40:12 +01:00
index.go menu: fixed create default url 2017-12-15 15:17:05 +01:00
login_oauth.go refactor: minor refactoring of PR #10560 2018-01-23 13:03:44 +01:00
login.go WIP: Protect against brute force (frequent) login attempts (#10031) 2018-01-26 10:41:41 +01:00
metrics.go follow go idiom and return error as second param 2017-09-21 18:04:16 +02:00
org_invite.go ux: org user management changes 2017-12-13 13:16:44 +01:00
org_users.go users view update 2017-08-18 08:17:35 +02:00
org.go convert old metrics to prom metrics 2017-09-14 14:26:32 +02:00
password.go security: fixed returning info on weither user exists or not in password reset call, fixes #7619 2017-04-11 16:50:16 +02:00
playlist_play.go WIP: move guardian logic for search into the sql query 2017-06-17 02:34:05 +02:00
playlist.go WIP: move guardian logic for search into the sql query 2017-06-17 02:34:05 +02:00
plugins.go gzip: plugin readme content set explicitly 2017-10-09 10:17:45 +02:00
preferences.go feat(preferences): theme and home dashbord settings now work work on profile and org settings page 2016-04-02 13:54:06 -07:00
quota.go fix getting default quota as map[string]int64 2015-09-15 20:31:58 +08:00
render.go renderer: avoid calling Handle twice 2017-12-28 14:37:10 +01:00
route_register_test.go bug: enable HEAD requests again 2017-09-20 09:45:00 +02:00
route_register.go removes invalid comment 2017-11-16 16:55:02 +01:00
search.go working on dashboard search 2017-11-20 12:47:03 +01:00
signup.go convert old metrics to prom metrics 2017-09-14 14:26:32 +02:00
stars.go Api handler refactoring using the wrap and response func/type, fixed small issue in influxdb 0.9 response handling 2015-05-20 14:59:38 +02:00
team_members.go Add avatar to team and team members page (#10305) 2017-12-20 21:20:12 +01:00
team_test.go teams: add team count when searching for team 2017-12-15 11:08:06 +01:00
team.go Add avatar to team and team members page (#10305) 2017-12-20 21:20:12 +01:00
user_test.go admin: adds paging to global user list 2017-02-13 12:59:36 +01:00
user.go minor user avatar stuff 2017-08-18 14:49:04 +02:00