Skip to content

N
nexpie-grafana-theme
Commit 543c7fe5 by Dan Cech Committed by Torkel Ödegaard
Options

support additional fields in authproxy (#11661)

parent b4ad0440
Showing with 24 additions and 0 deletions
docs/sources/installation/configuration.md
...@@ -659,6 +659,10 @@ Set to `true` to enable auto sign up of users who do not exist in Grafana DB. De ...@@ -659,6 +659,10 @@ Set to `true` to enable auto sign up of users who do not exist in Grafana DB. De
Limit where auth proxy requests come from by configuring a list of IP addresses. This can be used to prevent users spoofing the X-WEBAUTH-USER header. Limit where auth proxy requests come from by configuring a list of IP addresses. This can be used to prevent users spoofing the X-WEBAUTH-USER header.
### headers
Used to define additional headers for `Name`, `Email` and/or `Login`, for example if the user's name is sent in the X-WEBAUTH-NAME header and their email address in the X-WEBAUTH-EMAIL header, set `headers = Name:X-WEBAUTH-NAME Email:X-WEBAUTH-EMAIL`.
<hr> <hr>
## [session] ## [session]
......
pkg/middleware/auth_proxy.go
...@@ -4,6 +4,7 @@ import ( ...@@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"net" "net"
"net/mail" "net/mail"
"reflect"
"strings" "strings"
"time" "time"
...@@ -111,6 +112,16 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool { ...@@ -111,6 +112,16 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool {
return true return true
} }
for _, field := range []string{"Name", "Email", "Login"} {
if setting.AuthProxyHeaders[field] == "" {
continue
}
if val := ctx.Req.Header.Get(setting.AuthProxyHeaders[field]); val != "" {
reflect.ValueOf(extUser).Elem().FieldByName(field).SetString(val)
}
}
// add/update user in grafana // add/update user in grafana
cmd := &m.UpsertUserCommand{ cmd := &m.UpsertUserCommand{
ReqContext: ctx, ReqContext: ctx,
......
pkg/setting/setting.go
...@@ -125,6 +125,7 @@ var ( ...@@ -125,6 +125,7 @@ var (
AuthProxyAutoSignUp bool AuthProxyAutoSignUp bool
AuthProxyLdapSyncTtl int AuthProxyLdapSyncTtl int
AuthProxyWhitelist string AuthProxyWhitelist string
AuthProxyHeaders map[string]string
// Basic Auth // Basic Auth
BasicAuthEnabled bool BasicAuthEnabled bool
...@@ -611,6 +612,14 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error { ...@@ -611,6 +612,14 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
AuthProxyLdapSyncTtl = authProxy.Key("ldap_sync_ttl").MustInt() AuthProxyLdapSyncTtl = authProxy.Key("ldap_sync_ttl").MustInt()
AuthProxyWhitelist = authProxy.Key("whitelist").String() AuthProxyWhitelist = authProxy.Key("whitelist").String()
AuthProxyHeaders = make(map[string]string)
for _, propertyAndHeader := range util.SplitString(authProxy.Key("headers").String()) {
split := strings.SplitN(propertyAndHeader, ":", 2)
if len(split) == 2 {
AuthProxyHeaders[split[0]] = split[1]
}
}
// basic auth // basic auth
authBasic := iniFile.Section("auth.basic") authBasic := iniFile.Section("auth.basic")
BasicAuthEnabled = authBasic.Key("enabled").MustBool(true) BasicAuthEnabled = authBasic.Key("enabled").MustBool(true)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment