mirror of
https://github.com/grafana/grafana.git
synced 2025-02-16 02:23:31 -06:00
35f227de11
* incapsulates multipleldap logic under one module * abstracts users upsert and get logic * changes some of the text error messages and import sort sequence * heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour * integrates affected auth_proxy module and their tests * refactoring of the auth_proxy logic
64 lines
1.3 KiB
Go
64 lines
1.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"github.com/grafana/grafana/pkg/infra/remotecache"
|
|
authproxy "github.com/grafana/grafana/pkg/middleware/auth_proxy"
|
|
m "github.com/grafana/grafana/pkg/models"
|
|
)
|
|
|
|
const (
|
|
|
|
// cachePrefix is a prefix for the cache key
|
|
cachePrefix = authproxy.CachePrefix
|
|
)
|
|
|
|
func initContextWithAuthProxy(store *remotecache.RemoteCache, ctx *m.ReqContext, orgID int64) bool {
|
|
auth := authproxy.New(&authproxy.Options{
|
|
Store: store,
|
|
Ctx: ctx,
|
|
OrgID: orgID,
|
|
})
|
|
|
|
// Bail if auth proxy is not enabled
|
|
if !auth.IsEnabled() {
|
|
return false
|
|
}
|
|
|
|
// If the there is no header - we can't move forward
|
|
if !auth.HasHeader() {
|
|
return false
|
|
}
|
|
|
|
// Check if allowed to continue with this IP
|
|
if result, err := auth.IsAllowedIP(); !result {
|
|
ctx.Handle(407, err.Error(), err.DetailsError)
|
|
return true
|
|
}
|
|
|
|
// Try to log in user from various providers
|
|
id, err := auth.Login()
|
|
if err != nil {
|
|
ctx.Handle(500, err.Error(), err.DetailsError)
|
|
return true
|
|
}
|
|
|
|
// Get full user info
|
|
user, err := auth.GetSignedUser(id)
|
|
if err != nil {
|
|
ctx.Handle(500, err.Error(), err.DetailsError)
|
|
return true
|
|
}
|
|
|
|
// Add user info to context
|
|
ctx.SignedInUser = user
|
|
ctx.IsSignedIn = true
|
|
|
|
// Remember user data it in cache
|
|
if err := auth.Remember(id); err != nil {
|
|
ctx.Handle(500, err.Error(), err.DetailsError)
|
|
return true
|
|
}
|
|
|
|
return true
|
|
}
|