creates new config section for login settings

d3ec8e1c · bergquist · 59d0c19b · d3ec8e1c · d3ec8e1c · d3ec8e1c
Commit d3ec8e1c authored Jan 22, 2019 by bergquist
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 6 deletions

conf/defaults.ini
+17 -0

pkg/services/auth/auth_token.go
+13 -5

pkg/setting/setting.go
+13 -1

No files found.
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -106,6 +106,22 @@ path = grafana.db
 # For "sqlite3" only. cache mode setting used for connecting to the database
 cache_mode = private

+#################################### Login ###############################
+
+[login]
+
+# login cookie name
+cookie_name = grafana_session
+
+# If you want login cookies to be https only. default is false
+cookie_secure = false
+
+# logged in user name
+cookie_username = grafana_user
+
+# how many days an session can be unused before we inactivate it
+login_remember_days = 7
+
 #################################### Session #############################
 [session]
 # Either "memory", "file", "redis", "mysql", "postgres", "memcache", default is "file"
@@ -124,6 +140,7 @@ provider = file

 provider_config = sessions

+
 # Session cookie name
 cookie_name = grafana_sess


--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@@ -38,6 +38,7 @@ type UserAuthTokenService interface {
 type UserAuthTokenServiceImpl struct {
 	SQLStore          *sqlstore.SqlStore            `inject:""`
 	ServerLockService *serverlock.ServerLockService `inject:""`
+	Cfg               *setting.Cfg                  `inject:""`
 	log               log.Logger
 }

@@ -49,7 +50,7 @@ func (s *UserAuthTokenServiceImpl) Init() error {

 func (s *UserAuthTokenServiceImpl) InitContextWithToken(ctx *models.ReqContext, orgID int64) bool {
 	//auth User
-	unhashedToken := ctx.GetCookie(setting.SessionOptions.CookieName)
+	unhashedToken := ctx.GetCookie(s.Cfg.LoginCookieName)
 	if unhashedToken == "" {
 		return false
 	}
@@ -84,16 +85,19 @@ func (s *UserAuthTokenServiceImpl) InitContextWithToken(ctx *models.ReqContext, 
 }

 func (s *UserAuthTokenServiceImpl) writeSessionCookie(ctx *models.ReqContext, value string, maxAge int) {
-	ctx.Logger.Info("new token", "unhashed token", value)
+	if setting.Env == setting.DEV {
+		ctx.Logger.Info("new token", "unhashed token", value, "cookieName", s.Cfg.LoginCookieName, "secure", s.Cfg.LoginCookieSecure)
+	}

 	ctx.Resp.Header().Del("Set-Cookie")
 	cookie := http.Cookie{
-		Name:     setting.SessionOptions.CookieName,
+		Name:     s.Cfg.LoginCookieName,
 		Value:    url.QueryEscape(value),
 		HttpOnly: true,
 		Domain:   setting.Domain,
 		Path:     setting.AppSubUrl + "/",
-		Secure:   setting.SessionOptions.Secure,
+		Secure:   s.Cfg.LoginCookieSecure,
+		MaxAge:   maxAge,
 	}

 	http.SetCookie(ctx.Resp, &cookie)
@@ -148,7 +152,11 @@ func (s *UserAuthTokenServiceImpl) CreateToken(userId int64, clientIP, userAgent

 func (s *UserAuthTokenServiceImpl) LookupToken(unhashedToken string) (*userAuthToken, error) {
 	hashedToken := hashToken(unhashedToken)
-	expireBefore := getTime().Add(time.Duration(-86400*setting.LogInRememberDays) * time.Second).Unix()
+	if setting.Env == setting.DEV {
+		s.log.Info("looking up token", "unhashed", unhashedToken, "hashed", hashedToken)
+	}
+
+	expireBefore := getTime().Add(time.Duration(-86400*s.Cfg.LoginCookieMaxDays) * time.Second).Unix()

 	var userToken userAuthToken
 	exists, err := s.SQLStore.NewSession().Where("(auth_token = ? OR prev_auth_token = ?) AND created_at > ?", hashedToken, hashedToken, expireBefore).Get(&userToken)

--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -18,7 +18,7 @@ import (
 	"github.com/go-macaron/session"
 	"github.com/grafana/grafana/pkg/log"
 	"github.com/grafana/grafana/pkg/util"
-	"gopkg.in/ini.v1"
+	ini "gopkg.in/ini.v1"
 )

 type Scheme string
@@ -223,6 +223,11 @@ type Cfg struct {
 	MetricsEndpointBasicAuthPassword string
 	EnableAlphaPanels                bool
 	EnterpriseLicensePath            string
+
+	LoginCookieName     string
+	LoginCookieUsername string
+	LoginCookieSecure   bool
+	LoginCookieMaxDays  int
 }

 type CommandLineArgs struct {
@@ -546,6 +551,13 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 		ApplicationName = APP_NAME_ENTERPRISE
 	}

+	//login
+	login := iniFile.Section("login")
+	cfg.LoginCookieName = login.Key("cookie_name").String()
+	cfg.LoginCookieMaxDays = login.Key("login_remember_days").MustInt()
+	cfg.LoginCookieSecure = login.Key("cookie_secure").MustBool(false)
+	cfg.LoginCookieUsername = login.Key("cookie_username").String()
+
 	Env = iniFile.Section("").Key("app_mode").MustString("development")
 	InstanceName = iniFile.Section("").Key("instance_name").MustString("unknown_instance_name")
 	PluginsPath = makeAbsolute(iniFile.Section("paths").Key("plugins").String(), HomePath)