public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,332 Commits 655 Branches 650 Tags
659a01903e3bf6963da17029cd2b4304f5554bd7
Commit Graph

11 Commits

Author SHA1 Message Date
Misi 5efc3386d3 AuthZ: Extend /api/search to work with self-contained permissions (#70749) 
* Search sql filter draft, unfinished

* Search works for empty roles

* Add current AuthModule to SignedInUser

* clean up, changes to the search

* Use constant prefixes

* Change AuthModule to AuthenticatedBy

* Add tests for using the permissions from the SignedInUser

* Refactor and simplify code

* Fix sql generation for pg and mysql

* Fixes, clean up

* Add test for empty permission list

* Fix

* Fix any vs all in case of edit permission

* Update pkg/services/authn/authn.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Update pkg/services/sqlstore/permissions/dashboard_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Fixes, changes based on the review

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2023-07-12 12:31:36 +02:00
Jo 96fdbbee90 AuthJWT: Fix JWT query param leak (CVE-2023-1387) (#825) 
fix JWT query param leak

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
 2023-04-27 14:40:44 +03:00
Misi 6543259a7d Auth: Add SyncPermissions post auth hook (#64205) 
* Add SyncPermissionsFromDB post auth hook

* Delete FromDB prefix

* Align tests

* Fixes

* Change SyncPermissionsHook prio
 2023-03-08 13:35:54 +01:00
Karl Persson 207a55be66 AuthN: add flag for org roles sync (#63507) 
* AuthN: Add flag to control org role syncs

* JWT: Only sync org roles if the skip flag for jwt is false

* LDAP: Only sync org role if skip flag for ldap is false

* OAuth: Skip org roles sync if no roles were provided by upstream service

* Grafana: Set SyncOrgRoles to true for authentication through proxy with grafana as backend
 2023-02-22 10:27:48 +01:00
Karl Persson 180a587f70 AuthN: fetch final state of signed in user (#62854) 
* AuthN: add a hook we can use to fetch final state of user
 2023-02-03 14:14:38 +01:00
Kristin Laemmert 9256a520a4 chore: move user_auth models to (mostly) login service (#62269) 
* chore: move user_auth models to (mostly) login service
 2023-01-27 13:36:54 -05:00
Eric Leijonmarck 5531e22f46 Auth: Add disable of team sync for JWT Authentication (#62191) 
* fix: disable team sync for JWT Authentication

* add: comment to test

* change test to conform to new expected behavior

* fix: spelling

* formatting
 2023-01-27 16:05:25 +01:00
Kristin Laemmert cd08f2575a chore: move jwt models into auth/jwt (#61862) 
* chore: move jwt models into auth/jwt
 2023-01-20 13:11:06 -05:00
linoman 56c2755b3b Fix JWT claims request (#61650) 
* Fix JWT claims request

* Add test scenarios for missing config options
 2023-01-19 16:03:09 +01:00
Misi b8b08ea292 Auth: Add sub claim check to JWT Auth pre-checks (#61417) 
* Auth: Add sub claim check to JWT Auth pre-checks

* Add #nosec annotation to the test tokens
 2023-01-16 10:50:34 +01:00
Jo 0c8ad80575 Authn: JWT client (#61157) 
* add jwt client

* alias JWT verifier

* debug implementation

* add tests for jwt client

* add constant for JWT module

* Feedback

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
 2023-01-10 15:08:52 +01:00