Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
76612285
Unverified
Commit
76612285
authored
Jan 23, 2019
by
Carl Bergquist
Committed by
GitHub
Jan 23, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #14995 from bergquist/token_oauth
Stores hashed state code in cookie for OAuth logins.
parents
c3ff3d64
12f83389
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
34 additions
and
7 deletions
+34
-7
pkg/api/login_oauth.go
+33
-6
pkg/services/auth/auth_token.go
+1
-1
No files found.
pkg/api/login_oauth.go
View file @
76612285
...
...
@@ -3,9 +3,11 @@ package api
import
(
"context"
"crypto/rand"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"fmt"
"io/ioutil"
"net/http"
...
...
@@ -18,12 +20,14 @@ import (
"github.com/grafana/grafana/pkg/login"
"github.com/grafana/grafana/pkg/metrics"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/session"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/social"
)
var
oauthLogger
=
log
.
New
(
"oauth"
)
var
(
oauthLogger
=
log
.
New
(
"oauth"
)
OauthStateCookieName
=
"oauth_state"
)
func
GenStateString
()
string
{
rnd
:=
make
([]
byte
,
32
)
...
...
@@ -55,7 +59,9 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
code
:=
ctx
.
Query
(
"code"
)
if
code
==
""
{
state
:=
GenStateString
()
ctx
.
Session
.
Set
(
session
.
SESS_KEY_OAUTH_STATE
,
state
)
hashedState
:=
hashStatecode
(
state
,
setting
.
OAuthService
.
OAuthInfos
[
name
]
.
ClientSecret
)
hs
.
writeOauthStateCookie
(
ctx
,
hashedState
,
60
)
if
setting
.
OAuthService
.
OAuthInfos
[
name
]
.
HostedDomain
==
""
{
ctx
.
Redirect
(
connect
.
AuthCodeURL
(
state
,
oauth2
.
AccessTypeOnline
))
}
else
{
...
...
@@ -64,13 +70,18 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
return
}
savedState
,
ok
:=
ctx
.
Session
.
Get
(
session
.
SESS_KEY_OAUTH_STATE
)
.
(
string
)
if
!
ok
{
savedState
:=
ctx
.
GetCookie
(
OauthStateCookieName
)
// delete cookie
ctx
.
Resp
.
Header
()
.
Del
(
"Set-Cookie"
)
hs
.
writeOauthStateCookie
(
ctx
,
""
,
-
1
)
if
savedState
==
""
{
ctx
.
Handle
(
500
,
"login.OAuthLogin(missing saved state)"
,
nil
)
return
}
queryState
:=
ctx
.
Query
(
"state"
)
queryState
:=
hashStatecode
(
ctx
.
Query
(
"state"
),
setting
.
OAuthService
.
OAuthInfos
[
name
]
.
ClientSecret
)
if
savedState
!=
queryState
{
ctx
.
Handle
(
500
,
"login.OAuthLogin(state mismatch)"
,
nil
)
return
...
...
@@ -191,6 +202,22 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
ctx
.
Redirect
(
setting
.
AppSubUrl
+
"/"
)
}
func
(
hs
*
HTTPServer
)
writeOauthStateCookie
(
ctx
*
m
.
ReqContext
,
value
string
,
maxAge
int
)
{
http
.
SetCookie
(
ctx
.
Resp
,
&
http
.
Cookie
{
Name
:
OauthStateCookieName
,
MaxAge
:
maxAge
,
Value
:
value
,
HttpOnly
:
true
,
Path
:
setting
.
AppSubUrl
+
"/"
,
Secure
:
hs
.
Cfg
.
LoginCookieSecure
,
})
}
func
hashStatecode
(
code
,
seed
string
)
string
{
hashBytes
:=
sha256
.
Sum256
([]
byte
(
code
+
setting
.
SecretKey
+
seed
))
return
hex
.
EncodeToString
(
hashBytes
[
:
])
}
func
redirectWithError
(
ctx
*
m
.
ReqContext
,
err
error
,
v
...
interface
{})
{
ctx
.
Logger
.
Error
(
err
.
Error
(),
v
...
)
ctx
.
Session
.
Set
(
"loginError"
,
err
.
Error
())
...
...
pkg/services/auth/auth_token.go
View file @
76612285
...
...
@@ -86,7 +86,7 @@ func (s *UserAuthTokenServiceImpl) InitContextWithToken(ctx *models.ReqContext,
func
(
s
*
UserAuthTokenServiceImpl
)
writeSessionCookie
(
ctx
*
models
.
ReqContext
,
value
string
,
maxAge
int
)
{
if
setting
.
Env
==
setting
.
DEV
{
ctx
.
Logger
.
Info
(
"new token"
,
"unhashed token"
,
value
,
"cookieName"
,
s
.
Cfg
.
LoginCookieName
,
"secure"
,
s
.
Cfg
.
LoginCookieSecure
)
ctx
.
Logger
.
Info
(
"new token"
,
"unhashed token"
,
value
)
}
ctx
.
Resp
.
Header
()
.
Del
(
"Set-Cookie"
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment