login

package
v0.0.0-testrgm3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 21, 2023 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// modules
	PasswordAuthModule  = "password"
	APIKeyAuthModule    = "apikey"
	SAMLAuthModule      = "auth.saml"
	LDAPAuthModule      = "ldap"
	AuthProxyAuthModule = "authproxy"
	JWTModule           = "jwt"
	ExtendedJWTModule   = "extendedjwt"
	RenderModule        = "render"
	// OAuth provider modules
	AzureADAuthModule    = "oauth_azuread"
	GoogleAuthModule     = "oauth_google"
	GitLabAuthModule     = "oauth_gitlab"
	GithubAuthModule     = "oauth_github"
	GenericOAuthModule   = "oauth_generic_oauth"
	GrafanaComAuthModule = "oauth_grafana_com"
	GrafanaNetAuthModule = "oauth_grafananet"
	OktaAuthModule       = "oauth_okta"

	// labels
	SAMLLabel = "SAML"
	LDAPLabel = "LDAP"
	JWTLabel  = "JWT"
	// OAuth provider labels
	AuthProxyLabel    = "Auth Proxy"
	AzureADLabel      = "AzureAD"
	GoogleLabel       = "Google"
	GenericOAuthLabel = "Generic OAuth"
	GitLabLabel       = "GitLab"
	GithubLabel       = "GitHub"
	GrafanaComLabel   = "grafana.com"
	OktaLabel         = "Okta"
)
View Source
const (
	ExporterName              = "grafana"
	MetricsCollectionInterval = time.Hour * 4 // every 4 hours, indication of duplicate users
)

Variables

View Source
var (
	ErrInvalidCredentials = errors.New("invalid username or password")
	ErrUsersQuotaReached  = errors.New("users quota reached")
	ErrGettingUserQuota   = errors.New("error getting user quota")
	ErrSignupNotAllowed   = errors.New("system administrator has disabled signup")
)
View Source
var (
	// MStatDuplicateUserEntries is a indication metric gauge for number of users with duplicate emails or logins
	MStatDuplicateUserEntries prometheus.Gauge

	// MStatHasDuplicateEntries is a metric for if there is duplicate users
	MStatHasDuplicateEntries prometheus.Gauge

	// MStatMixedCasedUsers is a metric for if there is duplicate users
	MStatMixedCasedUsers prometheus.Gauge

	Once        sync.Once
	Initialised bool = false
)

Functions

func GetAuthProviderLabel

func GetAuthProviderLabel(authModule string) string

used for frontend to display a more user friendly label

func IsExternallySynced

func IsExternallySynced(cfg *setting.Cfg, authModule string) bool

IsExternnalySynced is used to tell if the user roles are externally synced true means that the org role sync is handled by Grafana Note: currently the users authinfo is overridden each time the user logs in https://github.com/grafana/grafana/blob/4181acec72f76df7ad02badce13769bae4a1f840/pkg/services/login/authinfoservice/database/database.go#L61 this means that if the user has multiple auth providers and one of them is set to sync org roles then IsExternallySynced will be true for this one provider and false for the others

func IsProviderEnabled

func IsProviderEnabled(cfg *setting.Cfg, authModule string) bool

Types

type AuthInfoService

type AuthInfoService interface {
	LookupAndUpdate(ctx context.Context, query *GetUserByAuthInfoQuery) (*user.User, error)
	GetAuthInfo(ctx context.Context, query *GetAuthInfoQuery) (*UserAuth, error)
	GetUserLabels(ctx context.Context, query GetUserLabelsQuery) (map[int64]string, error)
	GetExternalUserInfoByLogin(ctx context.Context, query *GetExternalUserInfoByLoginQuery) (*ExternalUserInfo, error)
	SetAuthInfo(ctx context.Context, cmd *SetAuthInfoCommand) error
	UpdateAuthInfo(ctx context.Context, cmd *UpdateAuthInfoCommand) error
	DeleteUserAuthInfo(ctx context.Context, userID int64) error
}

type DeleteAuthInfoCommand

type DeleteAuthInfoCommand struct {
	UserAuth *UserAuth
}

type ExternalUserInfo

type ExternalUserInfo struct {
	OAuthToken     *oauth2.Token
	AuthModule     string
	AuthId         string
	UserId         int64
	Email          string
	Login          string
	Name           string
	Groups         []string
	OrgRoles       map[int64]org.RoleType
	IsGrafanaAdmin *bool // This is a pointer to know if we should sync this or not (nil = ignore sync)
	IsDisabled     bool
	SkipTeamSync   bool
}

func (*ExternalUserInfo) String

func (e *ExternalUserInfo) String() string

type GetAuthInfoQuery

type GetAuthInfoQuery struct {
	UserId     int64
	AuthModule string
	AuthId     string
}

type GetExternalUserInfoByLoginQuery

type GetExternalUserInfoByLoginQuery struct {
	LoginOrEmail string
}

type GetUserByAuthInfoQuery

type GetUserByAuthInfoQuery struct {
	AuthModule string
	AuthId     string
	UserLookupParams
}

type GetUserLabelsQuery

type GetUserLabelsQuery struct {
	UserIDs []int64
}

type LoginInfo

type LoginInfo struct {
	AuthModule    string
	User          *user.User
	ExternalUser  ExternalUserInfo
	LoginUsername string
	HTTPStatus    int
	Error         error
}

type LoginStats

type LoginStats struct {
	DuplicateUserEntries int `xorm:"duplicate_user_entries"`
	MixedCasedUsers      int `xorm:"mixed_cased_users"`
}

type LoginUserQuery

type LoginUserQuery struct {
	ReqContext *contextmodel.ReqContext
	Username   string
	Password   string
	User       *user.User
	IpAddress  string
	AuthModule string
	Cfg        *setting.Cfg
}

type RequestURIKey

type RequestURIKey struct{}

RequestURIKey is used as key to save request URI in contexts (used for the Enterprise auditing feature)

type Service

type Service interface {
	UpsertUser(ctx context.Context, cmd *UpsertUserCommand) (*user.User, error)
	DisableExternalUser(ctx context.Context, username string) error
	SetTeamSyncFunc(TeamSyncFunc)
}

type SetAuthInfoCommand

type SetAuthInfoCommand struct {
	AuthModule string
	AuthId     string
	UserId     int64
	OAuthToken *oauth2.Token
}

type Store

type Store interface {
	GetExternalUserInfoByLogin(ctx context.Context, query *GetExternalUserInfoByLoginQuery) (*ExternalUserInfo, error)
	GetAuthInfo(ctx context.Context, query *GetAuthInfoQuery) (*UserAuth, error)
	GetUserLabels(ctx context.Context, query GetUserLabelsQuery) (map[int64]string, error)
	SetAuthInfo(ctx context.Context, cmd *SetAuthInfoCommand) error
	UpdateAuthInfo(ctx context.Context, cmd *UpdateAuthInfoCommand) error
	UpdateAuthInfoDate(ctx context.Context, authInfo *UserAuth) error
	DeleteAuthInfo(ctx context.Context, cmd *DeleteAuthInfoCommand) error
	DeleteUserAuthInfo(ctx context.Context, userID int64) error
	GetUserById(ctx context.Context, id int64) (*user.User, error)
	GetUserByLogin(ctx context.Context, login string) (*user.User, error)
	GetUserByEmail(ctx context.Context, email string) (*user.User, error)
	CollectLoginStats(ctx context.Context) (map[string]interface{}, error)
	RunMetricsCollection(ctx context.Context) error
	GetLoginStats(ctx context.Context) (LoginStats, error)
}

type TeamSyncFunc

type TeamSyncFunc func(user *user.User, externalUser *ExternalUserInfo) error

type UpdateAuthInfoCommand

type UpdateAuthInfoCommand struct {
	AuthModule string
	AuthId     string
	UserId     int64
	OAuthToken *oauth2.Token
}

type UpsertUserCommand

type UpsertUserCommand struct {
	ReqContext   *contextmodel.ReqContext
	ExternalUser *ExternalUserInfo
	UserLookupParams
	SignupAllowed bool
}

type UserAuth

type UserAuth struct {
	Id                int64
	UserId            int64
	AuthModule        string
	AuthId            string
	Created           time.Time
	OAuthAccessToken  string
	OAuthRefreshToken string
	OAuthIdToken      string
	OAuthTokenType    string
	OAuthExpiry       time.Time
}

type UserLookupParams

type UserLookupParams struct {
	// Describes lookup order as well
	UserID *int64  // if set, will try to find the user by id
	Email  *string // if set, will try to find the user by email
	Login  *string // if set, will try to find the user by login
}

type UserProtectionService

type UserProtectionService interface {
	AllowUserMapping(user *user.User, authModule string) error
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL