public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65bb6cc7287c37b16dc36ee2fe13f641c841ce4a
grafana/pkg/api
History
Marcus Efraimsson 3d1c624c12 WIP: Protect against brute force (frequent) login attempts (#10031) 
* db: add login attempt migrations

* db: add possibility to create login attempts

* db: add possibility to retrieve login attempt count per username

* auth: validation and update of login attempts for invalid credentials

If login attempt count for user authenticating is 5 or more the last 5 minutes
we temporarily block the user access to login

* db: add possibility to delete expired login attempts

* cleanup: Delete login attempts older than 10 minutes

The cleanup job are running continuously and triggering each 10 minute

* fix typo: rename consequent to consequent

* auth: enable login attempt validation for ldap logins

* auth: disable login attempts validation by configuration

Setting is named DisableLoginAttemptsValidation and is false by default
Config disable_login_attempts_validation is placed under security section
#7616

* auth: don't run cleanup of login attempts if feature is disabled

#7616

* auth: rename settings.go to ldap_settings.go

* auth: refactor AuthenticateUser

Extract grafana login, ldap login and login attemp validation together
with their tests to separate files.
Enables testing of many more aspects when authenticating a user.
#7616

* auth: rename login attempt validation to brute force login protection

Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection
Configuration disable_login_attempts_validation => disable_brute_force_login_protection
#7616
2018-01-26 10:41:41 +01:00
..
avatar
fix missing profile icon (#10469)
2018-01-09 13:58:03 +01:00
dtos
Add avatar to team and team members page (#10305)
2017-12-20 21:20:12 +01:00
live
refactor(http): refactoring http server
2016-12-21 14:36:32 +01:00
pluginproxy
proxyds: delete cookies except those listed in keepCookies
2017-12-14 11:46:44 +01:00
static
feat(macaron): upgrades macaron version
2016-01-13 15:11:23 +01:00
admin_users.go
convert old metrics to prom metrics
2017-09-14 14:26:32 +02:00
admin.go
Fixed api bugs, stats endpoint working
2016-01-24 21:18:17 -08:00
alerting.go
tech: alert list react migration progress
2017-12-31 14:16:19 +01:00
annotations.go
fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951
2017-11-21 11:28:17 +01:00
api.go
Add avatar to team and team members page (#10305)
2017-12-20 21:20:12 +01:00
apikey.go
More work on email and notification infra #1456
2015-06-05 11:08:19 +02:00
app_routes.go
Merge pull request #9378 from mattbostock/verify_tls
2017-10-12 11:11:02 +02:00
common.go
fix(api): fixed issue with api content-type in api success messages, fixes #6160
2016-10-01 16:52:52 +02:00
dashboard_acl_test.go
refactor: format files by gofmt
2017-12-11 19:46:05 +03:00
dashboard_acl.go
refactor: format files by gofmt
2017-12-11 19:46:05 +03:00
dashboard_snapshot.go
convert old metrics to prom metrics
2017-09-14 14:26:32 +02:00
dashboard_test.go
fix: viewers can edit now works correctly
2017-12-15 14:19:49 +01:00
dashboard.go
Merge remote-tracking branch 'origin/master' into develop
2017-12-13 19:18:10 +01:00
dataproxy.go
dataproxy: added caching of datasources when doing data proxy requests, #9078
2017-08-23 13:31:26 +02:00
datasources_test.go
WIP: delete permission in API
2017-06-12 15:49:09 +02:00
datasources.go
api: fix so that datasources functions returns Response
2017-11-16 16:29:05 +01:00
frontendsettings.go
Merge branch 'master' into develop
2017-09-18 12:32:29 +02:00
grafana_com_proxy.go
Always verify TLS unless explicitly told otherwise
2017-10-06 17:09:27 +01:00
http_server.go
imguploader: Add support for new internal image store (#6922)
2018-01-12 21:40:12 +01:00
index.go
menu: fixed create default url
2017-12-15 15:17:05 +01:00
login_oauth.go
refactor: minor refactoring of PR #10560
2018-01-23 13:03:44 +01:00
login.go
WIP: Protect against brute force (frequent) login attempts (#10031)
2018-01-26 10:41:41 +01:00
metrics.go
follow go idiom and return error as second param
2017-09-21 18:04:16 +02:00
org_invite.go
ux: org user management changes
2017-12-13 13:16:44 +01:00
org_users.go
users view update
2017-08-18 08:17:35 +02:00
org.go
convert old metrics to prom metrics
2017-09-14 14:26:32 +02:00
password.go
security: fixed returning info on weither user exists or not in password reset call, fixes #7619
2017-04-11 16:50:16 +02:00
playlist_play.go
WIP: move guardian logic for search into the sql query
2017-06-17 02:34:05 +02:00
playlist.go
WIP: move guardian logic for search into the sql query
2017-06-17 02:34:05 +02:00
plugins.go
gzip: plugin readme content set explicitly
2017-10-09 10:17:45 +02:00
preferences.go
feat(preferences): theme and home dashbord settings now work work on profile and org settings page
2016-04-02 13:54:06 -07:00
quota.go
fix getting default quota as map[string]int64
2015-09-15 20:31:58 +08:00
render.go
renderer: avoid calling Handle twice
2017-12-28 14:37:10 +01:00
route_register_test.go
bug: enable HEAD requests again
2017-09-20 09:45:00 +02:00
route_register.go
removes invalid comment
2017-11-16 16:55:02 +01:00
search.go
working on dashboard search
2017-11-20 12:47:03 +01:00
signup.go
convert old metrics to prom metrics
2017-09-14 14:26:32 +02:00
stars.go
Api handler refactoring using the wrap and response func/type, fixed small issue in influxdb 0.9 response handling
2015-05-20 14:59:38 +02:00
team_members.go
Add avatar to team and team members page (#10305)
2017-12-20 21:20:12 +01:00
team_test.go
teams: add team count when searching for team
2017-12-15 11:08:06 +01:00
team.go
Add avatar to team and team members page (#10305)
2017-12-20 21:20:12 +01:00
user_test.go
admin: adds paging to global user list
2017-02-13 12:59:36 +01:00
user.go
minor user avatar stuff
2017-08-18 14:49:04 +02:00