Commit 5777f65d by Utkarsh Bhatnagar Committed by Torkel Ödegaard

Basic Auth now supports LDAP username and password (#6940)

parent 0841e841
...@@ -18,7 +18,7 @@ Currently you can authenticate via an `API Token` or via a `Session cookie` (acq ...@@ -18,7 +18,7 @@ Currently you can authenticate via an `API Token` or via a `Session cookie` (acq
## Basic Auth ## Basic Auth
If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via If basic auth is enabled (it is enabled by default) you can authenticate your HTTP request via
standard basic auth. standard basic auth. Basic auth will also authenticate LDAP users.
curl example: curl example:
``` ```
......
...@@ -9,6 +9,7 @@ import ( ...@@ -9,6 +9,7 @@ import (
"github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/components/apikeygen" "github.com/grafana/grafana/pkg/components/apikeygen"
"github.com/grafana/grafana/pkg/log" "github.com/grafana/grafana/pkg/log"
l "github.com/grafana/grafana/pkg/login"
"github.com/grafana/grafana/pkg/metrics" "github.com/grafana/grafana/pkg/metrics"
m "github.com/grafana/grafana/pkg/models" m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
...@@ -137,6 +138,7 @@ func initContextWithApiKey(ctx *Context) bool { ...@@ -137,6 +138,7 @@ func initContextWithApiKey(ctx *Context) bool {
} }
func initContextWithBasicAuth(ctx *Context) bool { func initContextWithBasicAuth(ctx *Context) bool {
if !setting.BasicAuthEnabled { if !setting.BasicAuthEnabled {
return false return false
} }
...@@ -160,9 +162,9 @@ func initContextWithBasicAuth(ctx *Context) bool { ...@@ -160,9 +162,9 @@ func initContextWithBasicAuth(ctx *Context) bool {
user := loginQuery.Result user := loginQuery.Result
// validate password loginUserQuery := l.LoginUserQuery{Username: username, Password: password, User: user}
if util.EncodePassword(password, user.Salt) != user.Password { if err := bus.Dispatch(&loginUserQuery); err != nil {
ctx.JsonApiErr(401, "Invalid username or password", nil) ctx.JsonApiErr(401, "Invalid username or password", err)
return true return true
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment