grafana

mirror of https://github.com/grafana/grafana.git synced 2025-09-21 04:12:52 +08:00

Author	SHA1	Message	Date
Jo	96fdbbee90	AuthJWT: Fix JWT query param leak (CVE-2023-1387) (#825 ) fix JWT query param leak Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com>	2023-04-27 14:40:44 +03:00
Karl Persson	355f47628f	AuthN: Tune logs in client (#65714 ) * AuthN: Remove log * AuthN: Check for user not found error in hook	2023-03-31 16:43:24 +02:00
Misi	6543259a7d	Auth: Add SyncPermissions post auth hook (#64205 ) * Add SyncPermissionsFromDB post auth hook * Delete FromDB prefix * Align tests * Fixes * Change SyncPermissionsHook prio	2023-03-08 13:35:54 +01:00
Karl Persson	2a7fc3983b	AuthN: cleanup logs (#63652 ) * AuthN: clean up logs Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>	2023-02-24 11:26:55 +01:00
Karl Persson	207a55be66	AuthN: add flag for org roles sync (#63507 ) * AuthN: Add flag to control org role syncs * JWT: Only sync org roles if the skip flag for jwt is false * LDAP: Only sync org role if skip flag for ldap is false * OAuth: Skip org roles sync if no roles were provided by upstream service * Grafana: Set SyncOrgRoles to true for authentication through proxy with grafana as backend	2023-02-22 10:27:48 +01:00
Karl Persson	180a587f70	AuthN: fetch final state of signed in user (#62854 ) * AuthN: add a hook we can use to fetch final state of user	2023-02-03 14:14:38 +01:00
Eric Leijonmarck	5531e22f46	Auth: Add disable of team sync for JWT Authentication (#62191 ) * fix: disable team sync for JWT Authentication * add: comment to test * change test to conform to new expected behavior * fix: spelling * formatting	2023-01-27 16:05:25 +01:00
Jo	284ca4eab4	AuthN: JWT remove unnecessary if (#62233 ) remove unnecessary if	2023-01-26 17:32:20 +01:00
Karl Persson	95ea4bad6f	AuthN: Rebuild Authenticate so we only have to call it once in context handler (#61705 ) * API: Add reqSignedIn to router groups * AuthN: Add fall through in context handler * AuthN: Add IsAnonymous field * AuthN: add priority to context aware clients * ContextHandler: Add comment * AuthN: Add a simple priority queue * AuthN: Add Name to client interface * AuthN: register clients with function * AuthN: update mock and fake to implement interface * AuthN: rewrite test without reflection * AuthN: add comment * AuthN: fix queue insert * AuthN: rewrite tests * AuthN: make the queue generic so we can reuse it for hooks * ContextHandler: Add fixme for auth headers * AuthN: remove unused variable * AuthN: use multierror * AuthN: write proper tests for queue * AuthN: Add queue item that can store the value and priority Co-authored-by: Jo <joao.guerreiro@grafana.com>	2023-01-26 10:50:44 +01:00
linoman	56c2755b3b	Fix JWT claims request (#61650 ) * Fix JWT claims request * Add test scenarios for missing config options	2023-01-19 16:03:09 +01:00
linoman	4d095547f8	Auth: Implement skip org role sync for jwt (#61647 ) * Add new config option * Add frontend control * Condition new auth broker with config option * Condition old auth broker with config option Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>	2023-01-18 13:59:50 +01:00
Misi	b8b08ea292	Auth: Add sub claim check to JWT Auth pre-checks (#61417 ) * Auth: Add sub claim check to JWT Auth pre-checks * Add #nosec annotation to the test tokens	2023-01-16 10:50:34 +01:00
Jo	0c8ad80575	Authn: JWT client (#61157 ) * add jwt client * alias JWT verifier * debug implementation * add tests for jwt client * add constant for JWT module * Feedback Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com> Co-authored-by: Kalle Persson <kalle.persson@grafana.com> Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>	2023-01-10 15:08:52 +01:00

13 Commits