36 Commits

Author SHA1 Message Date
f2f2722bb1 chore: avoid aliasing models in middleware (#22484) 2020-02-28 12:50:58 +01:00
be2bf1a297 AuthProxy: Can now login with auth proxy and get a login token (#20175)
* AuthProxy: Can now login with auth proxy and get a login token

* added unit tests

* renamed setting and updated docs

* AuthProxy: minor tweak

* Fixed tests and namings

* spellfix

* fix

* remove unused setting, probably from merge conflict

* fix
2019-11-07 17:48:56 +01:00
6ca1a6c8da Auth: change the error HTTP status codes (#18584)
* Auth: change the error HTTP status codes

* Use 407 HTTP status code for incorrect credentials error

* Improve proxy auth logs

* Remove no longer needed TODO comment

Fixes #18439
2019-08-20 20:13:27 +03:00
b9181df212 Auth Proxy: Log any error in middleware (#17275)
Fixes so that errors happening in auth proxy middleware is logged.

Ref #17247
2019-05-27 10:38:17 +02:00
35f227de11 Feature: LDAP refactoring (#16950)
* incapsulates multipleldap logic under one module

* abstracts users upsert and get logic

* changes some of the text error messages and import sort sequence

* heavily refactors the LDAP module – LDAP module now only deals with LDAP related behaviour

* integrates affected auth_proxy module and their tests

* refactoring of the auth_proxy logic
2019-05-17 14:57:26 +03:00
79ac3fd699 Chore: remove use of == false (#17036)
Interestingly enough, golint or revive doesn't not prohibit
the use that construction :)

Ref #17035
2019-05-14 10:18:28 +03:00
318182ccc9 Chore: refactor auth proxy (#16504)
* Chore: refactor auth proxy

Introduced the helper struct for auth_proxy middleware.
Added couple unit-tests, but it seems "integration" tests already cover
most of the code paths.

Although it might be good idea to test every bit of it, hm.
Haven't refactored the extraction of the header logic that much

Fixes #16147

* Fix: make linters happy
2019-04-16 14:09:18 +02:00
67cbc7d4cf Chore: use remote cache instead of session storage (#16114)
Replaces session storage in auth_proxy middleware with remote cache

Fixes #15161
2019-04-08 14:31:46 +03:00
9ae306e417 use defer to make sure we always release session data 2019-01-24 13:48:36 +01:00
f257101c41 removes unused/commented code 2019-01-24 11:26:45 +01:00
5998646da5 restrict session usage to auth_proxy 2019-01-23 14:56:48 +01:00
c3ff3d644c fixes nil ref in tests 2019-01-22 16:16:32 +01:00
0b50582b56 Adding CIDR capability to auth_proxy whitelist 2018-12-17 23:43:14 -06:00
12c9860882 string formating fixes 2018-08-28 22:33:38 +02:00
8af5da7383 Revert "auth proxy: use real ip when validating white listed ip's" 2018-06-28 15:43:33 +02:00
b418e14bd9 make sure to use real ip when validating white listed ip's 2018-06-15 15:29:43 +02:00
543c7fe587 support additional fields in authproxy (#11661) 2018-05-07 10:39:16 +02:00
3fedcb1e4b cleanup, make sure users are always synced with ldap 2018-04-17 17:48:56 -04:00
52503d9cb5 refactor authproxy & ldap integration, address comments 2018-04-17 14:06:25 -04:00
d837be91ec switch to passing ReqContext as a property 2018-04-17 14:06:25 -04:00
e53315dce8 cleanup 2018-04-17 14:06:25 -04:00
a1b1d2fe80 switch to Result 2018-04-17 14:06:25 -04:00
d5dd1c9bca update auth proxy 2018-04-17 14:06:25 -04:00
1c5afa731f shared library for managing external user accounts 2018-04-17 14:06:25 -04:00
391868c5d6 Use net.SplitHostPort to support IPv6
- Add some tests
- Make error message more helpful
2018-03-26 02:48:25 +02:00
0a415c50d0 Make golint happier 2018-03-22 22:38:44 +01:00
c0ecdee375 rename Context to ReqContext 2018-03-07 11:54:50 -05:00
338655dd37 move Context and session out of middleware 2018-03-06 18:16:49 -05:00
652fce7e76 Optimize some wrong usage and spelling
Signed-off-by: wgliang <liangcszzu@163.com>
2017-09-07 17:50:11 +08:00
f490c5f12c use X-Grafana-Org-Id header to ensure backend uses correct org (#8122) 2017-04-14 15:47:39 +02:00
ae27c17c68 Auth Proxy improvements
- adds the option to use ldap groups for authorization in combination with an auth proxy
- adds an option to limit where auth proxy requests come from by configure a list of ip's
- fixes a security issue, session could be reused
2016-12-12 09:43:17 +01:00
3fd6ae597d minor spelling corrections
Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
2016-02-16 12:12:04 +11:00
7072af7c14 fix(auth proxy): Fix for server side rendering of panel when using auth proxy, fixes #2568 2015-08-21 07:49:49 +02:00
66e60357dc Set email when creating user from auth_proxy header, Fixes #2156 2015-06-13 20:14:44 +02:00
38fc85d619 Final tweaks to auth proxy feature 2015-05-02 12:30:53 +02:00
be589d81c7 Auth: Support for user authentication via reverse proxy header (like X-Authenticated-User, or X-WEBAUTH-USER), Closes #1921 2015-05-02 12:06:58 +02:00