Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
e574147b
Commit
e574147b
authored
Jul 05, 2019
by
Leonard Gram
Committed by
Torkel Ödegaard
Jul 05, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Auth: SAML login button. (#17932)
* Auth: SAML login button. * Fixed ts issue
parent
c5b63658
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
33 additions
and
12 deletions
+33
-12
packages/grafana-runtime/src/config.ts
+1
-0
pkg/api/login.go
+22
-12
pkg/models/saml.go
+5
-0
public/app/core/controllers/login_ctrl.ts
+1
-0
public/app/partials/login.html
+4
-0
No files found.
packages/grafana-runtime/src/config.ts
View file @
e574147b
...
...
@@ -30,6 +30,7 @@ export class GrafanaBootConfig {
authProxyEnabled
=
false
;
exploreEnabled
=
false
;
ldapEnabled
=
false
;
samlEnabled
=
false
;
oauth
:
any
;
disableUserSignUp
=
false
;
loginHint
:
any
;
...
...
pkg/api/login.go
View file @
e574147b
...
...
@@ -11,7 +11,7 @@ import (
"github.com/grafana/grafana/pkg/infra/metrics"
"github.com/grafana/grafana/pkg/login"
"github.com/grafana/grafana/pkg/middleware"
m
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
...
...
@@ -21,7 +21,7 @@ const (
LoginErrorCookieName
=
"login_error"
)
func
(
hs
*
HTTPServer
)
LoginView
(
c
*
m
.
ReqContext
)
{
func
(
hs
*
HTTPServer
)
LoginView
(
c
*
m
odels
.
ReqContext
)
{
viewData
,
err
:=
hs
.
setIndexViewData
(
c
)
if
err
!=
nil
{
c
.
Handle
(
500
,
"Failed to get settings"
,
err
)
...
...
@@ -38,6 +38,7 @@ func (hs *HTTPServer) LoginView(c *m.ReqContext) {
viewData
.
Settings
[
"loginHint"
]
=
setting
.
LoginHint
viewData
.
Settings
[
"passwordHint"
]
=
setting
.
PasswordHint
viewData
.
Settings
[
"disableLoginForm"
]
=
setting
.
DisableLoginForm
viewData
.
Settings
[
"samlEnabled"
]
=
isSamlEnabled
()
if
loginError
,
ok
:=
tryGetEncryptedCookie
(
c
,
LoginErrorCookieName
);
ok
{
deleteCookie
(
c
,
LoginErrorCookieName
)
...
...
@@ -62,7 +63,16 @@ func (hs *HTTPServer) LoginView(c *m.ReqContext) {
c
.
Redirect
(
setting
.
AppSubUrl
+
"/"
)
}
func
tryOAuthAutoLogin
(
c
*
m
.
ReqContext
)
bool
{
func
isSamlEnabled
()
bool
{
enabledCmd
:=
models
.
IsSAMLEnabledCommand
{}
if
err
:=
bus
.
Dispatch
(
&
enabledCmd
);
err
!=
nil
{
return
false
}
return
enabledCmd
.
Result
}
func
tryOAuthAutoLogin
(
c
*
models
.
ReqContext
)
bool
{
if
!
setting
.
OAuthAutoLogin
{
return
false
}
...
...
@@ -80,7 +90,7 @@ func tryOAuthAutoLogin(c *m.ReqContext) bool {
return
false
}
func
(
hs
*
HTTPServer
)
LoginAPIPing
(
c
*
m
.
ReqContext
)
Response
{
func
(
hs
*
HTTPServer
)
LoginAPIPing
(
c
*
m
odels
.
ReqContext
)
Response
{
if
c
.
IsSignedIn
||
c
.
IsAnonymous
{
return
JSON
(
200
,
"Logged in"
)
}
...
...
@@ -88,12 +98,12 @@ func (hs *HTTPServer) LoginAPIPing(c *m.ReqContext) Response {
return
Error
(
401
,
"Unauthorized"
,
nil
)
}
func
(
hs
*
HTTPServer
)
LoginPost
(
c
*
m
.
ReqContext
,
cmd
dtos
.
LoginCommand
)
Response
{
func
(
hs
*
HTTPServer
)
LoginPost
(
c
*
m
odels
.
ReqContext
,
cmd
dtos
.
LoginCommand
)
Response
{
if
setting
.
DisableLoginForm
{
return
Error
(
401
,
"Login is disabled"
,
nil
)
}
authQuery
:=
&
m
.
LoginUserQuery
{
authQuery
:=
&
m
odels
.
LoginUserQuery
{
ReqContext
:
c
,
Username
:
cmd
.
User
,
Password
:
cmd
.
Password
,
...
...
@@ -129,7 +139,7 @@ func (hs *HTTPServer) LoginPost(c *m.ReqContext, cmd dtos.LoginCommand) Response
return
JSON
(
200
,
result
)
}
func
(
hs
*
HTTPServer
)
loginUserWithUser
(
user
*
m
.
User
,
c
*
m
.
ReqContext
)
{
func
(
hs
*
HTTPServer
)
loginUserWithUser
(
user
*
m
odels
.
User
,
c
*
models
.
ReqContext
)
{
if
user
==
nil
{
hs
.
log
.
Error
(
"user login with nil user"
)
}
...
...
@@ -142,8 +152,8 @@ func (hs *HTTPServer) loginUserWithUser(user *m.User, c *m.ReqContext) {
middleware
.
WriteSessionCookie
(
c
,
userToken
.
UnhashedToken
,
hs
.
Cfg
.
LoginMaxLifetimeDays
)
}
func
(
hs
*
HTTPServer
)
Logout
(
c
*
m
.
ReqContext
)
{
if
err
:=
hs
.
AuthTokenService
.
RevokeToken
(
c
.
Req
.
Context
(),
c
.
UserToken
);
err
!=
nil
&&
err
!=
m
.
ErrUserTokenNotFound
{
func
(
hs
*
HTTPServer
)
Logout
(
c
*
m
odels
.
ReqContext
)
{
if
err
:=
hs
.
AuthTokenService
.
RevokeToken
(
c
.
Req
.
Context
(),
c
.
UserToken
);
err
!=
nil
&&
err
!=
m
odels
.
ErrUserTokenNotFound
{
hs
.
log
.
Error
(
"failed to revoke auth token"
,
"error"
,
err
)
}
...
...
@@ -157,7 +167,7 @@ func (hs *HTTPServer) Logout(c *m.ReqContext) {
}
}
func
tryGetEncryptedCookie
(
ctx
*
m
.
ReqContext
,
cookieName
string
)
(
string
,
bool
)
{
func
tryGetEncryptedCookie
(
ctx
*
m
odels
.
ReqContext
,
cookieName
string
)
(
string
,
bool
)
{
cookie
:=
ctx
.
GetCookie
(
cookieName
)
if
cookie
==
""
{
return
""
,
false
...
...
@@ -172,11 +182,11 @@ func tryGetEncryptedCookie(ctx *m.ReqContext, cookieName string) (string, bool)
return
string
(
decryptedError
),
err
==
nil
}
func
deleteCookie
(
ctx
*
m
.
ReqContext
,
cookieName
string
)
{
func
deleteCookie
(
ctx
*
m
odels
.
ReqContext
,
cookieName
string
)
{
ctx
.
SetCookie
(
cookieName
,
""
,
-
1
,
setting
.
AppSubUrl
+
"/"
)
}
func
(
hs
*
HTTPServer
)
trySetEncryptedCookie
(
ctx
*
m
.
ReqContext
,
cookieName
string
,
value
string
,
maxAge
int
)
error
{
func
(
hs
*
HTTPServer
)
trySetEncryptedCookie
(
ctx
*
m
odels
.
ReqContext
,
cookieName
string
,
value
string
,
maxAge
int
)
error
{
encryptedError
,
err
:=
util
.
Encrypt
([]
byte
(
value
),
setting
.
SecretKey
)
if
err
!=
nil
{
return
err
...
...
pkg/models/saml.go
0 → 100644
View file @
e574147b
package
models
type
IsSAMLEnabledCommand
struct
{
Result
bool
}
public/app/core/controllers/login_ctrl.ts
View file @
e574147b
...
...
@@ -20,6 +20,7 @@ export class LoginCtrl {
$scope
.
oauthEnabled
=
_
.
keys
(
config
.
oauth
).
length
>
0
;
$scope
.
ldapEnabled
=
config
.
ldapEnabled
;
$scope
.
authProxyEnabled
=
config
.
authProxyEnabled
;
$scope
.
samlEnabled
=
config
.
samlEnabled
;
$scope
.
disableLoginForm
=
config
.
disableLoginForm
;
$scope
.
disableUserSignUp
=
config
.
disableUserSignUp
;
...
...
public/app/partials/login.html
View file @
e574147b
...
...
@@ -68,6 +68,10 @@
<i
class=
"btn-service-icon fa fa-sign-in"
></i>
Sign in with {{oauth.generic_oauth.name}}
</a>
<a
class=
"btn btn-medium btn-service btn-service--github login-btn"
href=
"login/saml"
target=
"_self"
ng-if=
"samlEnabled"
>
<i
class=
"btn-service-icon fa fa-key"
></i>
Sign in with SAML
</a>
</div>
<div
class=
"login-signup-box"
ng-show=
"!disableUserSignUp"
>
<div
class=
"login-signup-title p-r-1"
>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment