Arve Knudsen
a04ef6cefc
* AuthProxy: Fixes bug where long username could not be cached (#22926) (cherry picked from commit6c9d833602) * Server: Exit with 0 if no error (#23312) Make grafana-server exit with 0 if no error occurred. (cherry picked from commit5645d74cbc) * Dashboard: Save json should preserve folderId (#23314) (cherry picked from commit7e3b43eabb) * TimeSrv: Try to parse 8 and 15 digit numbers as timestamps if parsing as date fails (#21694) * Try to parse 8 and 15 digit numbers as timestamps if parsing as date fails Fixes #19738 * Add tests (cherry picked from commitc89ad9b038) * BackendSrv: include credentials when withCredentials option is set (#23380) The fetch() API won't send cookies or other type of credentials unless you set the credentials init option. Some datasources like Prometheus and Elasticsearch have `withCredentials` option in Browser access mode, but this option is not currently getting passed in the fetch() API. Fixes #23338. (cherry picked from commitafd8ffde69) * Dashlist: Fixed dashlist broken in edit mode (#23426) (cherry picked from commit363bf7506d) * Admin: Fix Synced via LDAP message for non-LDAP external users (#23477) * UserAdmin: remove Synced via LDAP message for non-LDAP users * UserAdmin: show "Synced via <provider>" message for external users (cherry picked from commit4d81cec34f) * Graphite: Fixed cannot read finally of undefiend (#23512) (cherry picked from commit61460ea3a2) * Hangouts: fixes notifications for alerts with empty message (#23559) * Hangouts: fixes notifications for alerts with empty message * Update pkg/services/alerting/notifiers/googlechat.go Co-Authored-By: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> (cherry picked from commit2661054fe8) * Variables: fixes error when setting adhoc variables values (#23580) (cherry picked from commit0091885b13) * Release 6.7.3 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * ci-metrics-publisher.sh: Fix linting issue Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * TablePanel: Fix XSS issue in header column rename (backport) (#23814) * escaping html when rendering table header alias. * fixed tooltip. Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com> * Security: Fix annotation popup XSS vulnerability (#23813) Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> (cherry picked from commit3955e8cbad) Co-authored-by: Jon McKenzie <jcmcken@gmail.com> Co-authored-by: Peter Holmberg <peterholmberg@users.noreply.github.com> Co-authored-by: Jesse Tan <jessetan@users.noreply.github.com> Co-authored-by: Tuan Anh Hoang-Vu <hvtuananh@gmail.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com> Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com> Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
202 lines
4.5 KiB
Go
202 lines
4.5 KiB
Go
package authproxy
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/infra/remotecache"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/ldap"
|
|
"github.com/grafana/grafana/pkg/services/multildap"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
"gopkg.in/macaron.v1"
|
|
)
|
|
|
|
type TestMultiLDAP struct {
|
|
multildap.MultiLDAP
|
|
ID int64
|
|
userCalled bool
|
|
loginCalled bool
|
|
}
|
|
|
|
func (stub *TestMultiLDAP) Login(query *models.LoginUserQuery) (
|
|
*models.ExternalUserInfo, error,
|
|
) {
|
|
stub.loginCalled = true
|
|
result := &models.ExternalUserInfo{
|
|
UserId: stub.ID,
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
func (stub *TestMultiLDAP) User(login string) (
|
|
*models.ExternalUserInfo,
|
|
ldap.ServerConfig,
|
|
error,
|
|
) {
|
|
stub.userCalled = true
|
|
result := &models.ExternalUserInfo{
|
|
UserId: stub.ID,
|
|
}
|
|
return result, ldap.ServerConfig{}, nil
|
|
}
|
|
|
|
func prepareMiddleware(t *testing.T, req *http.Request, store *remotecache.RemoteCache) *AuthProxy {
|
|
t.Helper()
|
|
|
|
ctx := &models.ReqContext{
|
|
Context: &macaron.Context{
|
|
Req: macaron.Request{
|
|
Request: req,
|
|
},
|
|
},
|
|
}
|
|
|
|
auth := New(&Options{
|
|
Store: store,
|
|
Ctx: ctx,
|
|
OrgID: 4,
|
|
})
|
|
|
|
return auth
|
|
}
|
|
|
|
func TestMiddlewareContext(t *testing.T) {
|
|
Convey("auth_proxy helper", t, func() {
|
|
req, _ := http.NewRequest("POST", "http://example.com", nil)
|
|
setting.AuthProxyHeaderName = "X-Killa"
|
|
store := remotecache.NewFakeStore(t)
|
|
|
|
name := "markelog"
|
|
req.Header.Add(setting.AuthProxyHeaderName, name)
|
|
|
|
Convey("when the cache only contains the main header", func() {
|
|
|
|
Convey("with a simple cache key", func() {
|
|
// Set cache key
|
|
key := fmt.Sprintf(CachePrefix, HashCacheKey(name))
|
|
err := store.Set(key, int64(33), 0)
|
|
So(err, ShouldBeNil)
|
|
|
|
// Set up the middleware
|
|
auth := prepareMiddleware(t, req, store)
|
|
id, err := auth.Login()
|
|
So(err, ShouldBeNil)
|
|
|
|
So(auth.getKey(), ShouldEqual, "auth-proxy-sync-ttl:0a7f3374e9659b10980fd66247b0cf2f")
|
|
So(id, ShouldEqual, 33)
|
|
})
|
|
|
|
Convey("when the cache key contains additional headers", func() {
|
|
setting.AuthProxyHeaders = map[string]string{"Groups": "X-WEBAUTH-GROUPS"}
|
|
group := "grafana-core-team"
|
|
req.Header.Add("X-WEBAUTH-GROUPS", group)
|
|
|
|
key := fmt.Sprintf(CachePrefix, HashCacheKey(name+"-"+group))
|
|
err := store.Set(key, int64(33), 0)
|
|
So(err, ShouldBeNil)
|
|
|
|
auth := prepareMiddleware(t, req, store)
|
|
|
|
id, err := auth.Login()
|
|
So(err, ShouldBeNil)
|
|
So(auth.getKey(), ShouldEqual, "auth-proxy-sync-ttl:14f69b7023baa0ac98c96b31cec07bc0")
|
|
So(id, ShouldEqual, 33)
|
|
})
|
|
|
|
Convey("when the does not exist", func() {
|
|
})
|
|
})
|
|
|
|
Convey("LDAP", func() {
|
|
Convey("logs in via LDAP", func() {
|
|
bus.AddHandler("test", func(cmd *models.UpsertUserCommand) error {
|
|
cmd.Result = &models.User{
|
|
Id: 42,
|
|
}
|
|
|
|
return nil
|
|
})
|
|
|
|
isLDAPEnabled = func() bool {
|
|
return true
|
|
}
|
|
|
|
stub := &TestMultiLDAP{
|
|
ID: 42,
|
|
}
|
|
|
|
getLDAPConfig = func() (*ldap.Config, error) {
|
|
config := &ldap.Config{
|
|
Servers: []*ldap.ServerConfig{
|
|
{
|
|
SearchBaseDNs: []string{"BaseDNHere"},
|
|
},
|
|
},
|
|
}
|
|
return config, nil
|
|
}
|
|
|
|
newLDAP = func(servers []*ldap.ServerConfig) multildap.IMultiLDAP {
|
|
return stub
|
|
}
|
|
|
|
defer func() {
|
|
newLDAP = multildap.New
|
|
isLDAPEnabled = ldap.IsEnabled
|
|
getLDAPConfig = ldap.GetConfig
|
|
}()
|
|
|
|
store := remotecache.NewFakeStore(t)
|
|
|
|
auth := prepareMiddleware(t, req, store)
|
|
|
|
id, err := auth.Login()
|
|
|
|
So(err, ShouldBeNil)
|
|
So(id, ShouldEqual, 42)
|
|
So(stub.userCalled, ShouldEqual, true)
|
|
})
|
|
|
|
Convey("gets nice error if ldap is enabled but not configured", func() {
|
|
isLDAPEnabled = func() bool {
|
|
return true
|
|
}
|
|
|
|
getLDAPConfig = func() (*ldap.Config, error) {
|
|
return nil, errors.New("Something went wrong")
|
|
}
|
|
|
|
defer func() {
|
|
newLDAP = multildap.New
|
|
isLDAPEnabled = ldap.IsEnabled
|
|
getLDAPConfig = ldap.GetConfig
|
|
}()
|
|
|
|
store := remotecache.NewFakeStore(t)
|
|
|
|
auth := prepareMiddleware(t, req, store)
|
|
|
|
stub := &TestMultiLDAP{
|
|
ID: 42,
|
|
}
|
|
|
|
newLDAP = func(servers []*ldap.ServerConfig) multildap.IMultiLDAP {
|
|
return stub
|
|
}
|
|
|
|
id, err := auth.Login()
|
|
|
|
So(err, ShouldNotBeNil)
|
|
So(err.Error(), ShouldContainSubstring, "Failed to get the user")
|
|
So(id, ShouldNotEqual, 42)
|
|
So(stub.loginCalled, ShouldEqual, false)
|
|
})
|
|
})
|
|
})
|
|
}
|