public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,065 Commits 655 Branches 650 Tags
f2f1663dba8a5f6884df19bebd2dbe61c831d8d5
Commit Graph

21 Commits

Author SHA1 Message Date
Misi 1f3dc0533c Auth: Add tracing to auth clients and AuthToken service (#107878) 
* Add tracing to auth clients + authtoken svc

* Fix span names

* Fix ext_jwt.go

* Fix idimpl/service

* Update wire_gen.go

* Add tracing to JWT client

* Lint
 2025-07-10 15:41:00 +02:00
Quentin Bisson aeca9a80a4 JWT: Add org role mapping support to the JWT provider (#101584) 
* add org role mapping to the jwt provider

* Fix indentation for OrgMapping assignment

* add-test

* fix linting

* add org_attribute_path

* fix test

* update doc

* update doc

* Update pkg/services/authn/clients/jwt.go

* Update docs

---------

Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
 2025-03-21 14:18:53 +01:00
Karl Persson 7a78ad3893 Authn: Remove response writer from auth req (#90110) 
Authn: Remove response writer from request
 2024-07-05 11:42:12 +02:00
Ryan McKinley 99d8025829 Chore: Move identity and errutil to apimachinery module (#89116) 2024-06-13 07:11:35 +03:00
Karl Persson 0fa983ad8e AuthN: Use typed namespace id inside authn package (#86048) 
* authn: Use typed namespace id inside package
 2024-04-24 09:57:34 +02:00
Karl Persson 8520892923 User: Fix GetByID (#86282) 
* Auth: Remove unused lookup param

* Remove case sensitive lookup for GetByID
 2024-04-16 15:24:34 +02:00
linoman e4250a72db JWT: Find login and email claims with JMESPATH (#85305) 
* add function to static function to static service

* find email and login claims with jmespath

* rename configuration files

* Replace JWTClaims struct for map

* check for subclaims error
 2024-03-28 17:25:26 +01:00
Jo 6f62d970e3 JWT Authentication: Add support for specifying groups in auth.jwt for teamsync (#82175) 
* merge JSON search logic

* document public methods

* improve test coverage

* use separate JWT setting struct

* correct use of cfg.JWTAuth

* add group tests

* fix DynMap typing

* add settings to default ini

* add groups option to devenv path

* fix test

* lint

* revert jwt-proxy change

* remove redundant check

* fix parallel test
 2024-02-09 16:35:58 +01:00
Ryan McKinley 025b2f3011 Chore: use any rather than interface{} (#74066) 2023-08-30 18:46:47 +03:00
Jo 7d347cd428 Auth: remove org count from signedInUser (#72661) 
* tweaks

* remove org count from signedinUser

* remove org count from signedinUser store

* fix broken tests

* restore frontend interface
 2023-08-01 14:04:37 +02:00
Misi 5efc3386d3 AuthZ: Extend /api/search to work with self-contained permissions (#70749) 
* Search sql filter draft, unfinished

* Search works for empty roles

* Add current AuthModule to SignedInUser

* clean up, changes to the search

* Use constant prefixes

* Change AuthModule to AuthenticatedBy

* Add tests for using the permissions from the SignedInUser

* Refactor and simplify code

* Fix sql generation for pg and mysql

* Fixes, clean up

* Add test for empty permission list

* Fix

* Fix any vs all in case of edit permission

* Update pkg/services/authn/authn.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Update pkg/services/sqlstore/permissions/dashboard_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Fixes, changes based on the review

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2023-07-12 12:31:36 +02:00
Jo 96fdbbee90 AuthJWT: Fix JWT query param leak (CVE-2023-1387) (#825) 
fix JWT query param leak

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
 2023-04-27 14:40:44 +03:00
Misi 6543259a7d Auth: Add SyncPermissions post auth hook (#64205) 
* Add SyncPermissionsFromDB post auth hook

* Delete FromDB prefix

* Align tests

* Fixes

* Change SyncPermissionsHook prio
 2023-03-08 13:35:54 +01:00
Karl Persson 207a55be66 AuthN: add flag for org roles sync (#63507) 
* AuthN: Add flag to control org role syncs

* JWT: Only sync org roles if the skip flag for jwt is false

* LDAP: Only sync org role if skip flag for ldap is false

* OAuth: Skip org roles sync if no roles were provided by upstream service

* Grafana: Set SyncOrgRoles to true for authentication through proxy with grafana as backend
 2023-02-22 10:27:48 +01:00
Karl Persson 180a587f70 AuthN: fetch final state of signed in user (#62854) 
* AuthN: add a hook we can use to fetch final state of user
 2023-02-03 14:14:38 +01:00
Kristin Laemmert 9256a520a4 chore: move user_auth models to (mostly) login service (#62269) 
* chore: move user_auth models to (mostly) login service
 2023-01-27 13:36:54 -05:00
Eric Leijonmarck 5531e22f46 Auth: Add disable of team sync for JWT Authentication (#62191) 
* fix: disable team sync for JWT Authentication

* add: comment to test

* change test to conform to new expected behavior

* fix: spelling

* formatting
 2023-01-27 16:05:25 +01:00
Kristin Laemmert cd08f2575a chore: move jwt models into auth/jwt (#61862) 
* chore: move jwt models into auth/jwt
 2023-01-20 13:11:06 -05:00
linoman 56c2755b3b Fix JWT claims request (#61650) 
* Fix JWT claims request

* Add test scenarios for missing config options
 2023-01-19 16:03:09 +01:00
Misi b8b08ea292 Auth: Add sub claim check to JWT Auth pre-checks (#61417) 
* Auth: Add sub claim check to JWT Auth pre-checks

* Add #nosec annotation to the test tokens
 2023-01-16 10:50:34 +01:00
Jo 0c8ad80575 Authn: JWT client (#61157) 
* add jwt client

* alias JWT verifier

* debug implementation

* add tests for jwt client

* add constant for JWT module

* Feedback

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
 2023-01-10 15:08:52 +01:00