mirror of
https://github.com/grafana/grafana.git
synced 2024-11-27 03:11:01 -06:00
382b24742a
* FeatureToggle: Add toggle to use a new way of rotating tokens * API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd * Auth: Aling not authorized handling between auth middleware and access control middleware * API: add utility function to get redirect for login * API: Handle token rotation redirect for login page * Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request * ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated * Cookies: Add option NotHttpOnly * AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated * AuthN: Add function to delete session cookie and set expiry cookie Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
42 lines
1.0 KiB
Go
42 lines
1.0 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/mail"
|
|
|
|
"github.com/grafana/grafana/pkg/middleware/cookies"
|
|
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
|
)
|
|
|
|
func (hs *HTTPServer) GetRedirectURL(c *contextmodel.ReqContext) string {
|
|
redirectURL := hs.Cfg.AppSubURL + "/"
|
|
if redirectTo := c.GetCookie("redirect_to"); len(redirectTo) > 0 {
|
|
if err := hs.ValidateRedirectTo(redirectTo); err == nil {
|
|
redirectURL = redirectTo
|
|
} else {
|
|
hs.log.FromContext(c.Req.Context()).Debug("Ignored invalid redirect_to cookie value", "redirect_to", redirectTo)
|
|
}
|
|
cookies.DeleteCookie(c.Resp, "redirect_to", hs.CookieOptionsFromCfg)
|
|
}
|
|
return redirectURL
|
|
}
|
|
|
|
func jsonMap(data []byte) (map[string]string, error) {
|
|
jsonMap := make(map[string]string)
|
|
err := json.Unmarshal(data, &jsonMap)
|
|
return jsonMap, err
|
|
}
|
|
|
|
func ValidateAndNormalizeEmail(email string) (string, error) {
|
|
if email == "" {
|
|
return "", nil
|
|
}
|
|
|
|
e, err := mail.ParseAddress(email)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return e.Address, nil
|
|
}
|