0ed649b108
AuthN: Change EnableDisabledUserHook to EnableUserHook ( #75248 )
...
* Replace the enable disable user hook by a hook that systematically enable users
* Fix tests
* Remove the skip test
2023-09-27 11:16:53 +02:00
8187d8cb66
Chore: capitalise log message for auth packages ( #74332 )
2023-09-04 18:49:47 +02:00
025b2f3011
Chore: use any rather than interface{} ( #74066 )
2023-08-30 18:46:47 +03:00
9e52414a91
LDAP: Fix active sync with large quantities of users ( #73834 )
2023-08-25 16:10:48 +02:00
1976ac0695
LDAP: use authn.IdentitySynchronizer to perform user sync ( #73471 )
...
* LDAP: use authn.IdentitySynchronizer to perform sync instaed of login.Service
* use user id as lookup param
2023-08-18 15:36:44 +02:00
932c24986d
Auth: Resolve isGrafanaAdmin for debug logging ( #71145 )
...
resolve isGrafanaAdmin for debug logging
2023-07-10 11:14:51 +02:00
4980b64274
RBAC: Remove legacy ac from authorization middleware ( #68898 )
...
remove legacy AC fallback from RBAC middleware, and some unused auth logic
2023-05-24 09:49:42 +01:00
b9e53f628f
HTTP: Add TLS version configurability for Grafana server ( #67482 )
...
Co-authored-by: Rao B V Chalapathi <b_v_chalapathi.rao@nokia.com >
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com >
2023-05-08 17:11:36 +02:00
94cc93cc83
LDAP: Always synchronize Server Admin role through role sync if role sync is enabled ( #58820 )
...
fix a bug with role sync
2023-03-31 15:39:23 +01:00
a38f230d37
Chore: Remove result fields from login ( #65136 )
...
* remove result fields from login
* fix tests
* fix tests
* another shadowing
2023-03-28 20:32:21 +02:00
3cd952b8ba
Auth: Fix orgrole picker disabled if isSynced user ( #64033 )
...
* fix: disable orgrolepicker if externaluser is synced
* add disable to role picker
* just took me 2 hours to center the icon
* wip
* fix: check externallySyncedUser for API call
* remove check from store
* add: tests
* refactor authproxy and made tests run
* add: feature toggle
* set feature toggle for tests
* add: IsProviderEnabled
* refactor: featuretoggle name
* IsProviderEnabled tests
* add specific tests for isProviderEnabled
* fix: org_user tests
* add: owner to featuretoggle
* add missing authlabels
* remove fmt
* feature toggle
* change config
* add test for a different authmodule
* test refactor
* gen feature toggle again
* fix basic auth user able to change the org role
* test for basic auth role
* make err.base to error
* lowered lvl of log and input mesg
2023-03-22 17:41:59 +00:00
7e97dbde65
LDAP: Allow setting minimum TLS version and accepted ciphers ( #63646 )
...
* update ldap library and use go module path
* add TLS min version and accepted min TLS version
* set default min ver to library default
* set default min ver to library default
* add cipher list to toml
* Update pkg/services/ldap/settings.go
Co-authored-by: Karl Persson <kalle.persson@grafana.com >
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com >
* lint
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com >
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com >
2023-02-28 12:13:46 +01:00
d4cfbd9fd3
LDAP: Move LDAP globals to Config ( #63255 )
...
* structure dtos and private methods
* add basic LDAP service
* use LDAP service in ldap debug API
* lower non fatal error
* remove unused globals
* wip
* remove final globals
* fix tests to use cfg enabled
* restructure errors
* remove logger from globals
* use ldap service in authn
* use ldap service in context handler
* fix failed tests
* fix ldap middleware provides
* fix provides in auth_test.go
2023-02-10 19:01:55 +01:00
7862ae8abf
SupportBundles: Add LDAP bundle collector ( #63128 )
...
* fix non-cfg fields used in ldap
* fix non-cfg fields
* add ldap support bundle
* add note on match
* add censoring and docs
2023-02-09 16:31:31 +01:00
6322fce725
LDAP: Move to single package cluster ( #63035 )
...
* move multildap to ldap package
* move LDAP api and tests to ldap package
* register background service
* lint
2023-02-08 09:32:59 +01:00
7dbd2cd139
Chore: Fix goimports grouping ( #62426 )
...
fix goimports ordering
2023-01-30 09:34:18 +01:00
9256a520a4
chore: move user_auth models to (mostly) login service ( #62269 )
...
* chore: move user_auth models to (mostly) login service
2023-01-27 13:36:54 -05:00
91582ba03d
LDAP: Make LDAP attribute mapping case-insensitive ( #58992 )
...
* Make LDAP attribute mapping case-insensitive
* Add test case with attribute name different from schema's
* Add fix to getArrayAttribute also and add test with mismatched letter
case.
* Update pkg/services/ldap/helpers.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com >
2022-11-22 13:47:53 +01:00
77437f2c89
Add multi-auth devenv ( #57609 )
...
* add authentik devenv
* remove direct dependency on spew
* use cn
* add authentik instructions
* add backup instructions
2022-10-26 13:46:50 +02:00
5fcec05695
LDAP: log that organization mapping is skipped ( #56796 )
2022-10-12 08:41:11 -04:00
10c080dad1
LDAP: Add skip_org_role_sync configuration option ( #56679 )
...
* LDAP: Add skip_org_role_sync option
* Document the new config option
* Nit on docs
* Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com >
* Docs suggestions
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com >
Co-authored-by: Jguer <joao.guerreiro@grafana.com >
* Add test, Fix disabled user when no role
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com >
Co-authored-by: Jguer <joao.guerreiro@grafana.com >
2022-10-12 13:33:33 +02:00
062d255124
Handle ioutil deprecations ( #53526 )
...
* replace ioutil.ReadFile -> os.ReadFile
* replace ioutil.ReadAll -> io.ReadAll
* replace ioutil.TempFile -> os.CreateTemp
* replace ioutil.NopCloser -> io.NopCloser
* replace ioutil.WriteFile -> os.WriteFile
* replace ioutil.TempDir -> os.MkdirTemp
* replace ioutil.Discard -> io.Discard
2022-08-10 15:37:51 +02:00
6afad51761
Move SignedInUser to user service and RoleType and Roles to org ( #53445 )
...
* Move SignedInUser to user service and RoleType and Roles to org
* Use go naming convention for roles
* Fix some imports and leftovers
* Fix ldap debug test
* Fix lint
* Fix lint 2
* Fix lint 3
* Fix type and not needed conversion
* Clean up messages in api tests
* Clean up api tests 2
2022-08-10 11:56:48 +02:00
1f8b1eef75
SAML: Do not SAML SLO if user is not SAML authenticated ( #53418 )
...
* Only SLO user if the user is using SAML
* only one source of truth for auth module info
* ensure SAML is also enabled and not only SLO
* move auth module naming to auth module login package
* use constants in other previously unused spots
2022-08-10 10:21:33 +02:00
09c95bc31f
TeamSync: Fix team syncing out of orgs mapped by auth method ( #53257 )
2022-08-10 10:20:23 +02:00
c9c4fc604e
LDAP: Improve errors and documentation ( #52111 )
2022-07-12 11:11:09 -04:00
62b0a8bae6
LDAP: Allow specifying LDAP timeout ( #48870 )
...
* Allow specifying LDAP timeout
* Update docs/sources/auth/ldap.md
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com >
* LDAP timeout: Add annotations; Make functions "private"
* Setting the default timeout if unspecified
* fix goimports lint issue
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com >
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com >
Co-authored-by: jguer <joao.guerreiro@grafana.com >
2022-07-08 08:52:54 +02:00
3c3039f5b3
Chore: Remove Wrap ( #50048 )
...
* Chore: Remove Wrap and Wrapf
* Fix: Add error check
2022-06-03 09:24:24 +02:00
3d5d8c785b
pkg/web: restrict handler types ( #48495 )
...
Makes `pkg/web` only accept handles from the following set:
```go
handlerStd = func(http.ResponseWriter, *http.Request)
handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context)
handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
handlerReqCtx = func(*models.ReqContext)
handlerReqCtxRes = func(*models.ReqContext) Response
handlerCtx = func(*web.Context)
```
This is a first step to reducing above set to only `http.Handler`.
---
Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
2022-05-20 12:45:18 -04:00
5be23b40b6
LDAP: allow Grafana Admin mapping without org_role field ( #37189 )
2022-05-06 12:12:42 +02:00
c41397a6e7
LDAP: validate organization role during parsing ( #37188 )
...
* LDAP: validate organization role during parsing
* Trigger a new build
* Check if grafana_admin is present
2022-05-04 09:35:10 +02:00
94fd03f44f
LDAP: Fix debug view to display the actual computed mapping in ldap.go ( #48103 )
...
* LDAP debug fix with Org role inheritance
Co-authored-by: Jguer <joao.guerreiro@grafana.com >
* ldap debug coherent with ldap.go
Co-authored-by: Jguer <joao.guerreiro@grafana.com >
Co-authored-by: Jguer <joao.guerreiro@grafana.com >
2022-04-22 15:45:54 +02:00
875e0736ec
LDAP: Use an interface instead of a bus to get group teams ( #42165 )
...
* Remove bus for GetTeams for LDAP
* Fix lint
2022-02-01 12:03:21 +01:00
ad971cc9be
LDAP: Search all DNs for users ( #38891 )
2021-09-14 10:49:37 +02:00
d27a72f859
IPv6: Support host address configured with enclosing square brackets ( #31226 )
...
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2021-02-15 17:55:41 +01:00
116809ed7f
services/provisioning: Various cleanup ( #30396 )
...
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2021-01-19 18:57:09 +01:00
c2cad26ca9
Chore: Disable default golangci-lint filter ( #29751 )
...
* Disable default golangci-lint filter
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* Chore: Fix linter warnings
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-12-15 09:32:06 +01:00
12661e8a9d
Move middleware context handler logic to service ( #29605 )
...
* middleware: Move context handler to own service
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
Co-authored-by: Emil Tullsted <sakjur@users.noreply.github.com >
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com >
2020-12-11 11:44:44 +01:00
f326b79cc1
Security: Add gosec G304 auditing annotations ( #29578 )
...
* Security: Add gosec G304 auditing annotations
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* Add gosec annotations
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* Add gosec annotations
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* add G304 auditing comment
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* Add gosec annotations
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* space
Signed-off-by: bergquist <carl.bergquist@gmail.com >
* Add gosec annotations
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
Co-authored-by: bergquist <carl.bergquist@gmail.com >
2020-12-03 22:13:06 +01:00
752a424e1f
Auth proxy: Return standard error type ( #29502 )
...
* Rewrite auth proxy tests to use standard lib
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* Auth proxy: Use standard error type
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-12-02 16:57:16 +01:00
9593d57914
Chore: Enable errorlint linter ( #29227 )
...
* Enable errorlint linter
* Handle wrapped errors
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com >
2020-11-19 14:47:17 +01:00
7897c6b7d5
Chore: Fix staticcheck issues ( #28854 )
...
* Chore: Fix issues reported by staticcheck
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
* Undo changes
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-11-05 11:57:20 +01:00
077eab1b24
Chore: Use net.JoinHostPort ( #28421 )
...
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-10-22 07:34:26 +02:00
a5d9196a53
Chore/fix lint issues ( #27704 )
...
* Chore: Fix linting issues
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-09-22 16:22:19 +02:00
c266f45858
LDAP: users without org mappings are marked as disabled ( #26650 )
...
* LDAP: users without org mappings are marked as disabled
* Update pkg/services/ldap/ldap.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com >
* LDAP: verifies that unmapped users are tagged as isDisabled
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-07-31 14:41:31 +02:00
16c185c3b9
Chore: Drop xerrors dependency ( #26718 )
...
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-07-31 09:45:20 +02:00
d4e4cb4c71
Chore: Enable Go linter gocritic ( #26224 )
...
* Chore: Enable gocritic linter
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-07-16 14:39:01 +02:00
41d432b5ae
Chore: Enable whitespace linter ( #25903 )
...
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com >
2020-07-06 20:17:28 +02:00
a2737c0896
Remove break from ldap, get all groups from all the group base searches specified ( #25825 )
...
Signed-off-by: Annegies van 't Zand <ace.vtzand@gmail.com >
2020-07-06 12:02:39 +02:00
e8b5f2330d
Settings: Expand variables in configuration ( #25075 )
2020-06-10 14:58:42 +02:00
Gabriel MABILLE
Serge Zaitsev
Ryan McKinley
Karl Persson
Jo
Ieva
venkatbvc
Eric Leijonmarck
Kristin Laemmert
Marcos de Oliveira
idafurjes
hannes-256
Kat Yang
sh0rez
Krzysztof Dąbrowski
Selene
Emil Tullstedt
Arve Knudsen
Leonard Gram
annegies
Emil Tullstedt