Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
57457e2a
Unverified
Commit
57457e2a
authored
Feb 04, 2019
by
Marcus Efraimsson
Committed by
GitHub
Feb 04, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #15170 from bergquist/delete_session_on_logout
deletes auth token on signout
parents
7d5becce
fb3c5101
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
57 additions
and
6 deletions
+57
-6
pkg/api/common_test.go
+1
-1
pkg/api/login.go
+1
-1
pkg/middleware/middleware_test.go
+1
-1
pkg/services/auth/auth_token.go
+15
-3
pkg/services/auth/auth_token_test.go
+39
-0
No files found.
pkg/api/common_test.go
View file @
57457e2a
...
...
@@ -149,4 +149,4 @@ func (s *fakeUserAuthTokenService) UserAuthenticatedHook(user *m.User, c *m.ReqC
return
nil
}
func
(
s
*
fakeUserAuthTokenService
)
UserSignedOutHook
(
c
*
m
.
ReqContext
)
{
}
func
(
s
*
fakeUserAuthTokenService
)
SignOutUser
(
c
*
m
.
ReqContext
)
error
{
return
nil
}
pkg/api/login.go
View file @
57457e2a
...
...
@@ -136,7 +136,7 @@ func (hs *HTTPServer) loginUserWithUser(user *m.User, c *m.ReqContext) {
}
func
(
hs
*
HTTPServer
)
Logout
(
c
*
m
.
ReqContext
)
{
hs
.
AuthTokenService
.
UserSignedOutHook
(
c
)
hs
.
AuthTokenService
.
SignOutUser
(
c
)
if
setting
.
SignoutRedirectUrl
!=
""
{
c
.
Redirect
(
setting
.
SignoutRedirectUrl
)
...
...
pkg/middleware/middleware_test.go
View file @
57457e2a
...
...
@@ -602,4 +602,4 @@ func (s *fakeUserAuthTokenService) UserAuthenticatedHook(user *m.User, c *m.ReqC
return
nil
}
func
(
s
*
fakeUserAuthTokenService
)
UserSignedOutHook
(
c
*
m
.
ReqContext
)
{
}
func
(
s
*
fakeUserAuthTokenService
)
SignOutUser
(
c
*
m
.
ReqContext
)
error
{
return
nil
}
pkg/services/auth/auth_token.go
View file @
57457e2a
...
...
@@ -3,6 +3,7 @@ package auth
import
(
"crypto/sha256"
"encoding/hex"
"errors"
"net/http"
"net/url"
"time"
...
...
@@ -31,7 +32,7 @@ var (
type
UserAuthTokenService
interface
{
InitContextWithToken
(
ctx
*
models
.
ReqContext
,
orgID
int64
)
bool
UserAuthenticatedHook
(
user
*
models
.
User
,
c
*
models
.
ReqContext
)
error
UserSignedOutHook
(
c
*
models
.
ReqContext
)
SignOutUser
(
c
*
models
.
ReqContext
)
error
}
type
UserAuthTokenServiceImpl
struct
{
...
...
@@ -85,7 +86,7 @@ func (s *UserAuthTokenServiceImpl) InitContextWithToken(ctx *models.ReqContext,
func
(
s
*
UserAuthTokenServiceImpl
)
writeSessionCookie
(
ctx
*
models
.
ReqContext
,
value
string
,
maxAge
int
)
{
if
setting
.
Env
==
setting
.
DEV
{
ctx
.
Logger
.
Info
(
"new token"
,
"unhashed token"
,
value
)
ctx
.
Logger
.
Debug
(
"new token"
,
"unhashed token"
,
value
)
}
ctx
.
Resp
.
Header
()
.
Del
(
"Set-Cookie"
)
...
...
@@ -112,8 +113,19 @@ func (s *UserAuthTokenServiceImpl) UserAuthenticatedHook(user *models.User, c *m
return
nil
}
func
(
s
*
UserAuthTokenServiceImpl
)
UserSignedOutHook
(
c
*
models
.
ReqContext
)
{
func
(
s
*
UserAuthTokenServiceImpl
)
SignOutUser
(
c
*
models
.
ReqContext
)
error
{
unhashedToken
:=
c
.
GetCookie
(
s
.
Cfg
.
LoginCookieName
)
if
unhashedToken
==
""
{
return
errors
.
New
(
"cannot logout without session token"
)
}
hashedToken
:=
hashToken
(
unhashedToken
)
sql
:=
`DELETE FROM user_auth_token WHERE auth_token = ?`
_
,
err
:=
s
.
SQLStore
.
NewSession
()
.
Exec
(
sql
,
hashedToken
)
s
.
writeSessionCookie
(
c
,
""
,
-
1
)
return
err
}
func
(
s
*
UserAuthTokenServiceImpl
)
CreateToken
(
userId
int64
,
clientIP
,
userAgent
string
)
(
*
userAuthToken
,
error
)
{
...
...
pkg/services/auth/auth_token_test.go
View file @
57457e2a
package
auth
import
(
"fmt"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
macaron
"gopkg.in/macaron.v1"
"github.com/grafana/grafana/pkg/log"
"github.com/grafana/grafana/pkg/services/sqlstore"
...
...
@@ -46,6 +51,40 @@ func TestUserAuthToken(t *testing.T) {
So
(
err
,
ShouldEqual
,
ErrAuthTokenNotFound
)
So
(
LookupToken
,
ShouldBeNil
)
})
Convey
(
"signing out should delete token and cookie if present"
,
func
()
{
httpreq
:=
&
http
.
Request
{
Header
:
make
(
http
.
Header
)}
httpreq
.
AddCookie
(
&
http
.
Cookie
{
Name
:
userAuthTokenService
.
Cfg
.
LoginCookieName
,
Value
:
token
.
UnhashedToken
})
ctx
:=
&
models
.
ReqContext
{
Context
:
&
macaron
.
Context
{
Req
:
macaron
.
Request
{
Request
:
httpreq
},
Resp
:
macaron
.
NewResponseWriter
(
"POST"
,
httptest
.
NewRecorder
()),
},
Logger
:
log
.
New
(
"fakelogger"
),
}
err
=
userAuthTokenService
.
SignOutUser
(
ctx
)
So
(
err
,
ShouldBeNil
)
// makes sure we tell the browser to overwrite the cookie
cookieHeader
:=
fmt
.
Sprintf
(
"%s=; Path=/; Max-Age=0; HttpOnly"
,
userAuthTokenService
.
Cfg
.
LoginCookieName
)
So
(
ctx
.
Resp
.
Header
()
.
Get
(
"Set-Cookie"
),
ShouldEqual
,
cookieHeader
)
})
Convey
(
"signing out an none existing session should return an error"
,
func
()
{
httpreq
:=
&
http
.
Request
{
Header
:
make
(
http
.
Header
)}
httpreq
.
AddCookie
(
&
http
.
Cookie
{
Name
:
userAuthTokenService
.
Cfg
.
LoginCookieName
,
Value
:
""
})
ctx
:=
&
models
.
ReqContext
{
Context
:
&
macaron
.
Context
{
Req
:
macaron
.
Request
{
Request
:
httpreq
},
Resp
:
macaron
.
NewResponseWriter
(
"POST"
,
httptest
.
NewRecorder
()),
},
Logger
:
log
.
New
(
"fakelogger"
),
}
err
=
userAuthTokenService
.
SignOutUser
(
ctx
)
So
(
err
,
ShouldNotBeNil
)
})
})
Convey
(
"expires correctly"
,
func
()
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment