* replace xorm.io/xorm imports
* replace xorm from other go.mod files
* clean up workspace
* nolint does not make sense anymore as it is not a module
* try if nolint directive helps
* use nolint:all for xorm
* add more nolints
* try to skip xorm in linter config
* exclude xorm differently
* retrigger ci
* Add isProvisioned field to model
* Add new isProvisioned column to migration
* Disable auto assignment to organization if the user is provisioned
* add annotation to user model
* add annotation to user models
* Remove IsProvisioned field from Identity
* Move new field assignenment and add default value
* Update annotations for user query results
* Remove isProvisioned from identity
* Add new column to test
* Resolve user from identity at SyncOrgHook
* [WIP]: Force lowercase login/email for user CRUD
* warn and remove use of userCaseInsensitiveLogin check
* remove log warning
* reimplementation of the caseinsensitive
* need to decide if we want the conflict check or not
* remvoved the tests for conflict user by getEmail, getLogin
* added tests for user lowercase migration
* wip: emails next
* tests for email lowercasing
* review comments
* optimized login and email lookup before migrating
* bug: fix migration to account for duplicate entries
* refactoring to create test folder for user migrations
* fix migration log
* added the migration
* additional tests
* added extSrv tests
* add base nullable migration to is_service_account
Co-authored-by: Jeremy Price <jeremy.price@grafana.com>
* fix postgres migration
* ServiceAccounts: ensure SA is set to false when creating a user
Co-authored-by: Jeremy Price <jeremy.price@grafana.com>
* Add extra fields to OSS types to support enterprise
* WIP service accounts
* Update public/app/features/api-keys/ApiKeysForm.tsx
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
* Create a service account at the same time as the API key
* Use service account credentials when accessing API with APIkey
* Throw better error
* Use Boolean for "create service account button"
* Add GetRole to service, merge RoleDTO and Role structs
This patch merges the identical OSS and Enterprise data structures, which improves the code for two reasons:
1. Makes switching between OSS and Enterprise easier
2. Reduces the chance of incompatibilities developing between the same functions in OSS and Enterprise
* Start work cloning permissions onto service account
* If API key is not linked to a service account, continue login as usual
* Fallback to old auth if no service account linked to key
* Commented
* Add CloneUserToServiceAccount
* Update mock.go
* Put graphical bits behind a feature toggle
* Start adding LinkAPIKeyToServiceAccount
* Update pkg/models/user.go
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Update pkg/api/apikey.go
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Update pkg/api/apikey.go
Co-authored-by: Eric Leijonmarck <eric.leijonmarck@gmail.com>
* Finish LinkAPIKeyToServiceAccount
* Update comment
* Handle api key link error
* Update pkg/services/sqlstore/apikey.go
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Feature toggle
* Update pkg/services/accesscontrol/accesscontrol.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Not needed (yet)
* Better error messages for OSS accesscontrol
* Set an invalid user id as default
* ServiceAccountId should be string
* Re-arrange field names
* ServiceAccountId is integer
* Update ossaccesscontrol.go
* Linter
* Remove fronend edits
* Remove console log
* Update ApiKeysForm.tsx
* feat: add serviceaccount deletion
* feat: make sure we do not accidently delete serviceaccount
* feat: ServiceAccount Type
* refactor: userDeletions function
* refactor: serviceaccount deletions\
* refactor: error name and removed attribute for userDeletecommand
* refactor:: remove serviceaccount type for now
* WIP
* add mocked function
* Remove unnecessary db query, move to right place
* Update pkg/services/accesscontrol/mock/mock.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/accesscontrol/mock/mock.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/accesscontrol/mock/mock.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Better error messages
* Better and correcter error messages
* add mocked function
* refactor: move function call, add error msg
* add IsServiceAccount and fix table
* add service accounts package
* WIP
* WIP
* working serviceaccountsapi registration
* WIP tests
* test
* test working
* test running for service
* moved the error out of the models package
* fixed own review
* linting errors
* Update pkg/services/serviceaccounts/database/database.go
Co-authored-by: Jeremy Price <Jeremy.price@grafana.com>
* tests running for api
* WIP
* WIP
* removed unused secrets background svc
* removed background svc for serviceaccount infavor or wire.go
* serviceaccounts manager tests
* registering as backend service
Co-authored-by: Jeremy Price <jeremy.price@grafana.com>
Co-authored-by: Hugo Häggmark <hugo.haggmark@grafana.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Users: add is_disabled column
* Users: disable users removed from LDAP
* Auth: return ErrInvalidCredentials for failed LDAP auth
* User: return isDisabled flag in user search api
* User: mark disabled users at the server admin page
* Chore: refactor according to review
* Auth: prevent disabled user from login
* Auth: re-enable user when it found in ldap
* User: add api endpoint for disabling user
* User: use separate endpoints to disable/enable user
* User: disallow disabling external users
* User: able do disable users from admin UI
* Chore: refactor based on review
* Chore: use more clear error check when disabling user
* Fix login tests
* Tests for disabling user during the LDAP login
* Tests for disable user API
* Tests for login with disabled user
* Remove disable user UI stub
* Sync with latest LDAP refactoring
See,
$ gometalinter --vendor --disable-all --enable=megacheck --disable=gotype --deadline 6m ./... | grep SQL
alert.go:43:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
alert_notification.go:122:12⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
annotation.go:226:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:228:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:302:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:416:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
dashboard.go:635:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
migrations/user_mig.go:137:9⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
plugin_setting.go:29:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:41:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:84:13⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:143:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:186:13⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
quota.go:234:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
team.go:172:12⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
team.go:199:17⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
team.go:223:9⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
temp_user.go:99:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
temp_user.go:124:10⚠️ x.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
user.go:375:3⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
user.go:377:3⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
user.go:379:3⚠️ sess.Sql is deprecated: use SQL instead. (SA1019) (megacheck)
* use utf8mb4 character set for connections to mysql
* use utf8mb4 character set for tables, shorten varchar fields used in unique indexes
* migration type to update table character set
* update table character sets
* set charset for temp_user.status
* gofmt
