Users: Disable users removed from LDAP (#16820)

* Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2025-07-31 05:12:12 +08:00 · 2019-05-21 14:52:49 +03:00
parent 8d1909c56d
commit 2d03815770
17 changed files with 428 additions and 72 deletions
--- a/pkg/models/user_auth.go
+++ b/pkg/models/user_auth.go
@ -6,6 +6,10 @@ import (
 	"golang.org/x/oauth2"
 )

+const (
+	AuthModuleLDAP = "ldap"
+)
+
 type UserAuth struct {
 	Id                int64
 	UserId            int64
@ -29,6 +33,7 @@ type ExternalUserInfo struct {
 	Groups         []string
 	OrgRoles       map[int64]RoleType
 	IsGrafanaAdmin *bool // This is a pointer to know if we should sync this or not (nil = ignore sync)
+	IsDisabled     bool
 }

 // ---------------------
@ -81,6 +86,12 @@ type GetUserByAuthInfoQuery struct {
 	Result *User
 }

+type GetExternalUserInfoByLoginQuery struct {
+	LoginOrEmail string
+
+	Result *ExternalUserInfo
+}
+
 type GetAuthInfoQuery struct {
 	UserId     int64
 	AuthModule string