* Pass BOOL values as real types (int/bool) instead of strings to SQL parameters.
Fixes following integration tests when running with Spanner:
* TestIntegrationDataAccess
* GetDataSourcesByType/Get_prunable_data_sources
* TestIntegrationUserAuthToken:
* expires_correctly
* can_properly_rotate_tokens
* keeps_prev_token_valid_for_1_minute_after_it_is_confirmed
* Fix more places where "true" or "false" string was passed as query parameter instead of bool value.
* Removed unit test because it brought unwanted dependencies on xorm into multiple modules.
* streamline initialization of test databases, support on-disk sqlite test db
* clean up test databases
* introduce testsuite helper
* use testsuite everywhere we use a test db
* update documentation
* improve error handling
* disable entity integration test until we can figure out locking error
* fix: revoked tokens within last hours
adds check for unlimited sessions out of index
adds a function for specifing the hours to look back when revoking users tokens, otherwise we "assume" the clean up takes care of them adds a index for the `user_auth_token` - `revoked_at` for faster queries when using `revoked_at`
* fix: sqllite datetime conversion with unixtimestamps
* fix: postgres dialect
* fix: mysql dialect
* fix: mysql dialect missing closing )
* refactor: delete revoked tokens directly
* fix: tests for sqlite
* AuthToken: Simplify DeleteUserRevokedTokens and add test
* fix: linting newline
* Reset get time after test
* fix: test order by revoked
* fix: order by different db
* ascending
* test with seen at
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* add token count
* wip
* user count method for tag reporting
* remove non functioning mysql clientFoundRows check
* Update pkg/services/auth/authtest/testing.go
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* add user ID guard
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* FeatureToggle: Add toggle to use a new way of rotating tokens
* API: Add endpoints to perform token rotation, one endpoint for api request and one endpoint for redirectsd
* Auth: Aling not authorized handling between auth middleware and access
control middleware
* API: add utility function to get redirect for login
* API: Handle token rotation redirect for login page
* Frontend: Add job scheduling for token rotation and make call to token rotation as fallback in retry request
* ContextHandler: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* AuthN: Prevent in-request rotation if feature flag is enabled and check if token needs to be rotated
* Cookies: Add option NotHttpOnly
* AuthToken: Add helper function to get next rotation time and another function to check if token need to be rotated
* AuthN: Add function to delete session cookie and set expiry cookie
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Auth: Session cache [v9.2.x] (#59907)
* add cache wrapper
only cache token if not to rotate
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
anticipate next rotation
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 07a4b2343d59cb593ad128355e1d9217ba493700)
* FeatureToggle: for storing sessions in a Remote Cache
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
(cherry picked from commit b8a8c15148c53a76f14f76da1b0fa4cec9be9216)
* use feature flag for session cache
* ensure ttl is minimum 1 second
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* ensure 2 ttl window to prevent caching of tokens near rotation
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* fix description of toggle
Co-authored-by: gamab <gabi.mabs@gmail.com>
Co-authored-by: ievaVasiljeva <ieva.vasiljeva@grafana.com>
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
(cherry picked from commit 2919588a82d0a11c6400453d9b8ecf3b94e670bf)
* fix broken quota test
* Auth: move interface to its own file
* Auth: move to test package
* Auth: move quota consts to auth file
* Auth: move service to impl package
* Auth: move interfaces and related models to auth package
* Auth: Create sub package and type alias to avoid circular dependency
