public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
25,709 Commits 655 Branches 650 Tags
073f46e289e450421c97ef3e75e25cfd9357b79e
Commit Graph

37 Commits

Author SHA1 Message Date
Arve Knudsen ea2bb7036c Auth proxy: Ignore stale cache entries (#23979) 
* Auth proxy: Retry without cache if failing to get user
 2020-06-17 18:43:16 +02:00
Carl Bergquist f2f2722bb1 chore: avoid aliasing models in middleware (#22484) 2020-02-28 12:50:58 +01:00
Torkel Ödegaard be2bf1a297 AuthProxy: Can now login with auth proxy and get a login token (#20175) 
* AuthProxy: Can now login with auth proxy and get a login token

* added unit tests

* renamed setting and updated docs

* AuthProxy: minor tweak

* Fixed tests and namings

* spellfix

* fix

* remove unused setting, probably from merge conflict

* fix
 2019-11-07 17:48:56 +01:00
Oleg Gaidarenko 6ca1a6c8da Auth: change the error HTTP status codes (#18584) 
* Auth: change the error HTTP status codes

* Use 407 HTTP status code for incorrect credentials error

* Improve proxy auth logs

* Remove no longer needed TODO comment

Fixes #18439
 2019-08-20 20:13:27 +03:00
Marcus Efraimsson b9181df212 Auth Proxy: Log any error in middleware (#17275) 
Fixes so that errors happening in auth proxy middleware is logged.

Ref #17247
 2019-05-27 10:38:17 +02:00
Oleg Gaidarenko 35f227de11 Feature: LDAP refactoring (#16950) 
* incapsulates multipleldap logic under one module

* abstracts users upsert and get logic

* changes some of the text error messages and import sort sequence

* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour

* integrates affected auth_proxy module and their tests

* refactoring of the auth_proxy logic
 2019-05-17 14:57:26 +03:00
Oleg Gaidarenko 79ac3fd699 Chore: remove use of == false (#17036) 
Interestingly enough, golint or revive doesn't not prohibit
the use that construction :)

Ref #17035
 2019-05-14 10:18:28 +03:00
Oleg Gaidarenko 318182ccc9 Chore: refactor auth proxy (#16504) 
* Chore: refactor auth proxy

Introduced the helper struct for auth_proxy middleware.
Added couple unit-tests, but it seems "integration" tests already cover
most of the code paths.

Although it might be good idea to test every bit of it, hm.
Haven't refactored the extraction of the header logic that much

Fixes #16147

* Fix: make linters happy
 2019-04-16 14:09:18 +02:00
Oleg Gaidarenko 67cbc7d4cf Chore: use remote cache instead of session storage (#16114) 
Replaces session storage in auth_proxy middleware with remote cache

Fixes #15161
 2019-04-08 14:31:46 +03:00
bergquist 9ae306e417 use defer to make sure we always release session data 2019-01-24 13:48:36 +01:00
bergquist f257101c41 removes unused/commented code 2019-01-24 11:26:45 +01:00
bergquist 5998646da5 restrict session usage to auth_proxy 2019-01-23 14:56:48 +01:00
bergquist c3ff3d644c fixes nil ref in tests 2019-01-22 16:16:32 +01:00
Jacob Richard 0b50582b56 Adding CIDR capability to auth_proxy whitelist 2018-12-17 23:43:14 -06:00
bergquist 12c9860882 string formating fixes 2018-08-28 22:33:38 +02:00
Marcus Efraimsson 8af5da7383 Revert "auth proxy: use real ip when validating white listed ip's" 2018-06-28 15:43:33 +02:00
Marcus Efraimsson b418e14bd9 make sure to use real ip when validating white listed ip's 2018-06-15 15:29:43 +02:00
Dan Cech 543c7fe587 support additional fields in authproxy (#11661) 2018-05-07 10:39:16 +02:00
Dan Cech 3fedcb1e4b cleanup, make sure users are always synced with ldap 2018-04-17 17:48:56 -04:00
Dan Cech 52503d9cb5 refactor authproxy & ldap integration, address comments 2018-04-17 14:06:25 -04:00
Dan Cech d837be91ec switch to passing ReqContext as a property 2018-04-17 14:06:25 -04:00
Dan Cech e53315dce8 cleanup 2018-04-17 14:06:25 -04:00
Dan Cech a1b1d2fe80 switch to Result 2018-04-17 14:06:25 -04:00
Dan Cech d5dd1c9bca update auth proxy 2018-04-17 14:06:25 -04:00
Dan Cech 1c5afa731f shared library for managing external user accounts 2018-04-17 14:06:25 -04:00
Julian Kornberger 391868c5d6 Use net.SplitHostPort to support IPv6 
- Add some tests
- Make error message more helpful
 2018-03-26 02:48:25 +02:00
Julian Kornberger 0a415c50d0 Make golint happier 2018-03-22 22:38:44 +01:00
Dan Cech c0ecdee375 rename Context to ReqContext 2018-03-07 11:54:50 -05:00
Dan Cech 338655dd37 move Context and session out of middleware 2018-03-06 18:16:49 -05:00
wangguoliang 652fce7e76 Optimize some wrong usage and spelling 
Signed-off-by: wgliang <liangcszzu@163.com>
 2017-09-07 17:50:11 +08:00
Dan Cech f490c5f12c use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 15:47:39 +02:00
Seuf ae27c17c68 Auth Proxy improvements 
- adds the option to use ldap groups for authorization in combination with an auth proxy
- adds an option to limit where auth proxy requests come from by configure a list of ip's
- fixes a security issue, session could be reused
 2016-12-12 09:43:17 +01:00
Dmitry Smirnov 3fd6ae597d minor spelling corrections 
Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
 2016-02-16 12:12:04 +11:00
Torkel Ödegaard 7072af7c14 fix(auth proxy): Fix for server side rendering of panel when using auth proxy, fixes #2568 2015-08-21 07:49:49 +02:00
Torkel Ödegaard 66e60357dc Set email when creating user from auth_proxy header, Fixes #2156 2015-06-13 20:14:44 +02:00
Torkel Ödegaard 38fc85d619 Final tweaks to auth proxy feature 2015-05-02 12:30:53 +02:00
Torkel Ödegaard be589d81c7 Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921 2015-05-02 12:06:58 +02:00