mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
12b1170631
* Validation fixes * Add URL validations + tests * Add ApiUrl validation * Refactor validators * lint * Clean up * Improvements
70 lines
2.3 KiB
Go
70 lines
2.3 KiB
Go
package validation
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/grafana/grafana/pkg/login/social"
|
|
"github.com/grafana/grafana/pkg/services/auth/identity"
|
|
"github.com/grafana/grafana/pkg/services/ssosettings"
|
|
)
|
|
|
|
func AllowAssignGrafanaAdminValidator(info *social.OAuthInfo, requester identity.Requester) error {
|
|
if info.AllowAssignGrafanaAdmin && !requester.GetIsGrafanaAdmin() {
|
|
return ssosettings.ErrInvalidOAuthConfig("Allow assign Grafana Admin can only be updated by Grafana Server Admins.")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func SkipOrgRoleSyncAllowAssignGrafanaAdminValidator(info *social.OAuthInfo, requester identity.Requester) error {
|
|
if info.AllowAssignGrafanaAdmin && info.SkipOrgRoleSync {
|
|
return ssosettings.ErrInvalidOAuthConfig("Allow assign Grafana Admin and Skip org role sync are both set thus Grafana Admin role will not be synced. Consider setting one or the other.")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func RequiredValidator(value string, name string) ssosettings.ValidateFunc[social.OAuthInfo] {
|
|
return func(info *social.OAuthInfo, requester identity.Requester) error {
|
|
if value == "" {
|
|
return ssosettings.ErrInvalidOAuthConfig(fmt.Sprintf("%s is required.", name))
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func UrlValidator(value string, name string) ssosettings.ValidateFunc[social.OAuthInfo] {
|
|
return func(info *social.OAuthInfo, requester identity.Requester) error {
|
|
if !isValidUrl(value) {
|
|
return ssosettings.ErrInvalidOAuthConfig(fmt.Sprintf("%s is an invalid URL.", name))
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func RequiredUrlValidator(value string, name string) ssosettings.ValidateFunc[social.OAuthInfo] {
|
|
return func(info *social.OAuthInfo, requester identity.Requester) error {
|
|
if err := RequiredValidator(value, name)(info, requester); err != nil {
|
|
return err
|
|
}
|
|
return UrlValidator(value, name)(info, requester)
|
|
}
|
|
}
|
|
|
|
func MustBeEmptyValidator(value string, name string) ssosettings.ValidateFunc[social.OAuthInfo] {
|
|
return func(info *social.OAuthInfo, requester identity.Requester) error {
|
|
if value != "" {
|
|
return ssosettings.ErrInvalidOAuthConfig(fmt.Sprintf("%s must be empty.", name))
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func isValidUrl(actual string) bool {
|
|
parsed, err := url.ParseRequestURI(actual)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return strings.HasPrefix(parsed.Scheme, "http") && parsed.Host != ""
|
|
}
|