opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-06 04:19:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): fixed login issue that was a potential for social engineering, fixes #6014

Browse Source
This commit is contained in:
Torkel Ödegaard
2016-09-21 15:03:14 +02:00
parent 4a1693196c
commit b4111d78e1
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/api/login_oauth.go
View File

@ -3,7 +3,6 @@ package api
import (
"errors"
"fmt"
"net/url"
"golang.org/x/oauth2"
@ -46,9 +45,9 @@ func OAuthLogin(ctx *middleware.Context) {
userInfo, err := connect.UserInfo(token)
if err != nil {
if err == social.ErrMissingTeamMembership {
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github team membership not fulfilled"))
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1000")
} else if err == social.ErrMissingOrganizationMembership {
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github organization membership not fulfilled"))
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1001")
} else {
ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err)
}
@ -60,7 +59,7 @@ func OAuthLogin(ctx *middleware.Context) {
// validate that the email is allowed to login to grafana
if !connect.IsEmailAllowed(userInfo.Email) {
ctx.Logger.Info("OAuth login attempt with unallowed email", "email", userInfo.Email)
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required email domain not fulfilled"))
ctx.Redirect(setting.AppSubUrl + "/login?failCode=1002")
return
}