* AuthProxy: Fixes bug where long username could not be cached (#22926)
(cherry picked from commit 6c9d833602)
* Server: Exit with 0 if no error (#23312)
Make grafana-server exit with 0 if no error occurred.
(cherry picked from commit 5645d74cbc)
* Dashboard: Save json should preserve folderId (#23314)
(cherry picked from commit 7e3b43eabb)
* TimeSrv: Try to parse 8 and 15 digit numbers as timestamps if parsing as date fails (#21694)
* Try to parse 8 and 15 digit numbers as timestamps if parsing as date fails
Fixes#19738
* Add tests
(cherry picked from commit c89ad9b038)
* BackendSrv: include credentials when withCredentials option is set (#23380)
The fetch() API won't send cookies or other type of credentials unless
you set the credentials init option. Some datasources like Prometheus
and Elasticsearch have `withCredentials` option in Browser access mode,
but this option is not currently getting passed in the fetch() API.
Fixes#23338.
(cherry picked from commit afd8ffde69)
* Dashlist: Fixed dashlist broken in edit mode (#23426)
(cherry picked from commit 363bf7506d)
* Admin: Fix Synced via LDAP message for non-LDAP external users (#23477)
* UserAdmin: remove Synced via LDAP message for non-LDAP users
* UserAdmin: show "Synced via <provider>" message for external users
(cherry picked from commit 4d81cec34f)
* Graphite: Fixed cannot read finally of undefiend (#23512)
(cherry picked from commit 61460ea3a2)
* Hangouts: fixes notifications for alerts with empty message (#23559)
* Hangouts: fixes notifications for alerts with empty message
* Update pkg/services/alerting/notifiers/googlechat.go
Co-Authored-By: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
(cherry picked from commit 2661054fe8)
* Variables: fixes error when setting adhoc variables values (#23580)
(cherry picked from commit 0091885b13)
* Release 6.7.3
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* ci-metrics-publisher.sh: Fix linting issue
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
* TablePanel: Fix XSS issue in header column rename (backport) (#23814)
* escaping html when rendering table header alias.
* fixed tooltip.
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
* Security: Fix annotation popup XSS vulnerability (#23813)
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
(cherry picked from commit 3955e8cbad)
Co-authored-by: Jon McKenzie <jcmcken@gmail.com>
Co-authored-by: Peter Holmberg <peterholmberg@users.noreply.github.com>
Co-authored-by: Jesse Tan <jessetan@users.noreply.github.com>
Co-authored-by: Tuan Anh Hoang-Vu <hvtuananh@gmail.com>
Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
* Renamed ttl config in code to be more consistent with behaviour
* Introduced new setting `sync_ttl` in .ini file
* Keeping the old setting `ldap_sync_ttl` in the .ini file as fallback and compatibility.
* Move the ReloadLDAPCfg function to the debug file
Appears to be a better suite place for this.
* LDAP: Return the server information when we find a specific user
We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things:
- Understand in which server we found the user
- Have access the groups specified as part of the server configuration
* LDAP: Adds the /api/admin/ldap/:username endpoint
This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration.
No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
* Auth: change the error HTTP status codes
* Use 407 HTTP status code for incorrect credentials error
* Improve proxy auth logs
* Remove no longer needed TODO comment
Fixes#18439
* Auth Proxy: Include additional headers as part of the cache key
Auth proxy has support to send additional user attributes as part of the
authentication flow. These attributes (e.g. Groups) need to be monitored
as part of the process in case of change.
This commit changes the way we compute the cache key to include all of the
attributes sent as part of the authentication request. That way, if we
change any user attributes we'll upsert the user information.
* OAuth: github team sync POC
* OAuth: minor refactor of github module
* OAuth: able to use team shorthands for github team sync
* support passing a list of groups via auth-proxy header
* LDAP: use only one struct
* Use only models.ExternalUserInfo
* Add additional helper method :/
* Move all the helpers to one module
* LDAP: refactoring
* Rename some of the public methods and change their behaviour
* Remove outdated methods
* Simplify logic
* More tests
There is no and never were tests for settings.go, added tests for helper
methods (cover is now about 100% for them). Added tests for the main
LDAP logic, but there is some stuff to add. Dial() is not tested and not
decoupled. It might be a challenge to do it properly
* Restructure tests:
* they wouldn't depend on external modules
* more consistent naming
* logical division
* More guards for erroneous paths
* Login: make login service an explicit dependency
* LDAP: remove no longer needed test helper fns
* LDAP: remove useless import
* LDAP: Use new interface in multildap module
* LDAP: corrections for the groups of multiple users
* In case there is several users their groups weren't detected correctly
* Simplify helpers module
* incapsulates multipleldap logic under one module
* abstracts users upsert and get logic
* changes some of the text error messages and import sort sequence
* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour
* integrates affected auth_proxy module and their tests
* refactoring of the auth_proxy logic
* Feature: add cron setting for the ldap settings
* Move ldap configuration read to special function
* Introduce cron setting (no docs for it yet, pending approval)
* Chore: duplicate ldap module as a service
* Feature: implement active sync
This is very early preliminary implementation of active sync.
There is only one thing that's going right for this code - it works.
Aside from that, there is no tests, error handling, docs, transactions,
it's very much duplicative and etc.
But this is the overall direction with architecture I'm going for
* Chore: introduce login service
* Chore: gradually switch to ldap service
* Chore: use new approach for auth_proxy
* Chore: use new approach along with refactoring
* Chore: use new ldap interface for auth_proxy
* Chore: improve auth_proxy and subsequently ldap
* Chore: more of the refactoring bits
* Chore: address comments from code review
* Chore: more refactoring stuff
* Chore: make linter happy
* Chore: add cron dep for grafana enterprise
* Chore: initialize config package var
* Chore: disable gosec for now
* Chore: update dependencies
* Chore: remove unused module
* Chore: address review comments
* Chore: make linter happy
* Chore: refactor auth proxy
Introduced the helper struct for auth_proxy middleware.
Added couple unit-tests, but it seems "integration" tests already cover
most of the code paths.
Although it might be good idea to test every bit of it, hm.
Haven't refactored the extraction of the header logic that much
Fixes#16147
* Fix: make linters happy
Arve Knudsen
Jon Gyllenswärd
gotjosh
Oleg Gaidarenko
Sofia Papagiannaki
Alexander Zobnin
Kyle Brandt
Mario Trangoni
Samuel