IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-11 16:15:42 -06:00
Code Issues Packages Projects Releases Wiki Activity
fd73b75ef7
grafana/pkg/services/authn/clients/render.go
Karl Persson 7a38090bc0
AuthN: Fix namespaces for anonymous and render (#75661) 
* AuthN: remove IsAnonymous from identity struct and set correct namespace for anonymous and render

* Don't parse user id for render namespace
2023-09-29 09:10:33 +02:00

85 lines
2.2 KiB
Go
Raw Blame History

package clients
import (
"context"
"time"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/login"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/rendering"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/util/errutil"
)
var (
errInvalidRenderKey = errutil.Unauthorized("render-auth.invalid-key", errutil.WithPublicMessage("Invalid Render Key"))
)
const (
renderCookieName = "renderKey"
)
var _ authn.ContextAwareClient = new(Render)
func ProvideRender(userService user.Service, renderService rendering.Service) *Render {
return &Render{userService, renderService}
}
type Render struct {
userService user.Service
renderService rendering.Service
}
func (c *Render) Name() string {
return authn.ClientRender
}
func (c *Render) Authenticate(ctx context.Context, r *authn.Request) (*authn.Identity, error) {
key := getRenderKey(r)
renderUsr, ok := c.renderService.GetRenderUser(ctx, key)
if !ok {
return nil, errInvalidRenderKey.Errorf("found no render user for key: %s", key)
}
var identity *authn.Identity
if renderUsr.UserID <= 0 {
identity = &authn.Identity{
ID: authn.NamespacedID(authn.NamespaceRenderService, 0),
OrgID: renderUsr.OrgID,
OrgRoles: map[int64]org.RoleType{renderUsr.OrgID: org.RoleType(renderUsr.OrgRole)},
ClientParams: authn.ClientParams{SyncPermissions: true},
}
} else {
usr, err := c.userService.GetSignedInUserWithCacheCtx(ctx, &user.GetSignedInUserQuery{UserID: renderUsr.UserID, OrgID: renderUsr.OrgID})
if err != nil {
return nil, err
}
identity = authn.IdentityFromSignedInUser(authn.NamespacedID(authn.NamespaceUser, usr.UserID), usr, authn.ClientParams{SyncPermissions: true}, login.RenderModule)
}
identity.LastSeenAt = time.Now()
identity.AuthenticatedBy = login.RenderModule
return identity, nil
}
func (c *Render) Test(ctx context.Context, r *authn.Request) bool {
if r.HTTPRequest == nil {
return false
}
return getRenderKey(r) != ""
}
func (c *Render) Priority() uint {
return 10
}
func getRenderKey(r *authn.Request) string {
cookie, err := r.HTTPRequest.Cookie(renderCookieName)
if err != nil {
return ""
}
return cookie.Value
}
Reference in New Issue View Git Blame Copy Permalink