opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-30 00:42:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

LDAP: Fixing sync issues (#19446)

Browse Source 
The arching goal of this commit is to enable single user
synchronisation with LDAP. Also, it included minor fixes of style,
error messages and minor bug fixing.

The changes are:

- bug: The `multildap` package has its own errors when the user is
  not found. We fixed the conditional branch on this error by asserting
on the `multildap` errors as opposed to the `ldap` one

- bug: The previous interface usage of `RevokeAllUserTokens` did not
  work as expected. This replaces the manual injection of the service by
leveraging the service injected as part of the `server` struct.

- chore: Better error messages around not finding the user in LDAP.

- fix: Enable the single sync button and disable it when we receive an
  error from LDAP. Please note, that you can enable it by dispatching
the error. This allows you to try again without having to reload the
page.

- fix: Move the sync info to the top, then move the sync button above
  that information and clearfix to have more harmony with the UI.
This commit is contained in:
gotjosh
2019-11-07 14:31:44 +01:00
committed by Torkel Ödegaard
parent 9de1fa0213
commit e4afc8d518
4 changed files with 32 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/api/ldap_debug.go
View File

@ -1,7 +1,6 @@
package api
import (
"context"
"fmt"
"net/http"
@ -18,7 +17,6 @@ import (
var (
getLDAPConfig = multildap.GetConfig
newLDAP = multildap.New
tokenService = AuthToken{}.TokenService
logger = log.New("LDAP.debug")
@ -61,14 +59,6 @@ type LDAPServerDTO struct {
Error string `json:"error"`
}
type AuthToken struct {
TokenService TokenRevoker `inject:""`
}
type TokenRevoker interface {
RevokeAllUserTokens(context.Context, int64) error
}
// FetchOrgs fetches the organization(s) information by executing a single query to the database. Then, populating the DTO with the information retrieved.
func (user *LDAPUserDTO) FetchOrgs() error {
orgIds := []int64{}
@ -199,8 +189,7 @@ func (server *HTTPServer) PostSyncUserWithLDAP(c *models.ReqContext) Response {
user, _, err := ldapServer.User(query.Result.Login)
if err != nil {
if err == ldap.ErrCouldNotFindUser { // User was not in the LDAP server - we need to take action:
if err == multildap.ErrDidNotFindUser { // User was not in the LDAP server - we need to take action:
if setting.AdminUser == query.Result.Login { // User is *the* Grafana Admin. We cannot disable it.
errMsg := fmt.Sprintf(`Refusing to sync grafana super admin "%s" - it would be disabled`, query.Result.Login)
logger.Error(errMsg)
@ -214,13 +203,16 @@ func (server *HTTPServer) PostSyncUserWithLDAP(c *models.ReqContext) Response {
return Error(http.StatusInternalServerError, "Failed to disable the user", err)
}
err = tokenService.RevokeAllUserTokens(context.TODO(), userId)
err = server.AuthTokenService.RevokeAllUserTokens(c.Req.Context(), userId)
if err != nil {
return Error(http.StatusInternalServerError, "Failed to remove session tokens for the user", err)
}
return Success("User disabled without any updates in the information") // should this be a success?
return Error(http.StatusBadRequest, "User not found in LDAP. Disabled the user without updating information", nil) // should this be a success?
}
logger.Debug("Failed to sync the user with LDAP", "err", err)
return Error(http.StatusBadRequest, "Something went wrong while finding the user in LDAP", err)
}
upsertCmd := &models.UpsertUserCommand{