grafana/pkg/api/password.go

package api

import (
	"context"
	"errors"
	"net/http"

	"github.com/grafana/grafana/pkg/api/dtos"
	"github.com/grafana/grafana/pkg/api/response"
	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
	"github.com/grafana/grafana/pkg/services/login"
	"github.com/grafana/grafana/pkg/services/notifications"
	"github.com/grafana/grafana/pkg/services/user"
	"github.com/grafana/grafana/pkg/web"
)

func (hs *HTTPServer) SendResetPasswordEmail(c *contextmodel.ReqContext) response.Response {
	if hs.Cfg.DisableLoginForm || hs.Cfg.DisableLogin {
		return response.Error(http.StatusUnauthorized, "Not allowed to reset password when login form is disabled", nil)
	}

	form := dtos.SendResetPasswordEmailForm{}
	if err := web.Bind(c.Req, &form); err != nil {
		return response.Error(http.StatusBadRequest, "bad request data", err)
	}

	userQuery := user.GetUserByLoginQuery{LoginOrEmail: form.UserOrEmail}

	usr, err := hs.userService.GetByLogin(c.Req.Context(), &userQuery)
	if err != nil {
		c.Logger.Info("Requested password reset for user that was not found", "user", userQuery.LoginOrEmail, "error", err)
		return response.Error(http.StatusOK, "Email sent", nil)
	}

	if usr.IsDisabled {
		c.Logger.Info("Requested password reset for disabled user", "user", userQuery.LoginOrEmail)
		return response.Error(http.StatusOK, "Email sent", nil)
	}

	getAuthQuery := login.GetAuthInfoQuery{UserId: usr.ID}
	if authInfo, err := hs.authInfoService.GetAuthInfo(c.Req.Context(), &getAuthQuery); err == nil {
		if hs.isProviderEnabled(hs.Cfg, authInfo.AuthModule) {
			c.Logger.Info("Requested password reset for external user", nil)
			return response.Error(http.StatusOK, "Email sent", nil)
		}
	}

	emailCmd := notifications.SendResetPasswordEmailCommand{User: usr}
	if err := hs.NotificationService.SendResetPasswordEmail(c.Req.Context(), &emailCmd); err != nil {
		return response.Error(http.StatusInternalServerError, "Failed to send email", err)
	}

	return response.Success("Email sent")
}

func (hs *HTTPServer) ResetPassword(c *contextmodel.ReqContext) response.Response {
	if hs.Cfg.DisableLoginForm || hs.Cfg.DisableLogin {
		return response.Error(http.StatusUnauthorized,
			"Not allowed to reset password when grafana authentication is disabled", nil)
	}

	form := dtos.ResetUserPasswordForm{}
	if err := web.Bind(c.Req, &form); err != nil {
		return response.Error(http.StatusBadRequest, "bad request data", err)
	}

	if form.NewPassword != form.ConfirmPassword {
		return response.Error(http.StatusBadRequest, "Passwords do not match", nil)
	}

	query := notifications.ValidateResetPasswordCodeQuery{Code: form.Code}

	// For now the only way to know the username to clear login attempts for is
	// to set it in the function provided to NotificationService
	var username string
	getUserByLogin := func(ctx context.Context, login string) (*user.User, error) {
		username = login
		userQuery := user.GetUserByLoginQuery{LoginOrEmail: login}
		usr, err := hs.userService.GetByLogin(ctx, &userQuery)
		return usr, err
	}

	userResult, err := hs.NotificationService.ValidateResetPasswordCode(c.Req.Context(), &query, getUserByLogin)
	if err != nil {
		if errors.Is(err, notifications.ErrInvalidEmailCode) {
			return response.Error(http.StatusBadRequest, "Invalid or expired reset password code", nil)
		}
		return response.Error(http.StatusInternalServerError, "Unknown error validating email code", err)
	}

	if response := hs.errOnExternalUser(c.Req.Context(), userResult.ID); response != nil {
		return response
	}

	if err := hs.userService.Update(c.Req.Context(), &user.UpdateUserCommand{UserID: userResult.ID, Password: &form.ConfirmPassword}); err != nil {
		return response.ErrOrFallback(http.StatusInternalServerError, "Failed to change user password", err)
	}

	if err := hs.loginAttemptService.Reset(c.Req.Context(), username); err != nil {
		c.Logger.Warn("could not reset login attempts", "err", err, "username", username)
	}

	if err := hs.AuthTokenService.RevokeAllUserTokens(c.Req.Context(),
		userResult.ID); err != nil {
		return response.Error(http.StatusExpectationFailed,
			"User password updated but unable to revoke user sessions", err)
	}

	return response.Success("User password changed")
}
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`package api`

			`import (`
Chore: Remove bus from password (#44482) * Chore: Remove bus from password * Refactor: Remove bus from password.go and adjust tests * remove sqlstore dependency from notifications * Chore: Remove bus from password * Refactor: Remove bus from password.go and adjust tests * remove sqlstore dependency (again) * remove fmt printf * fix dependencies in http server * fix renamed method in tests Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> 2022-02-03 17:33:46 +08:00			`"context"`
Chore: Handle wrapped errors (#29223) * Chore: Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-19 20:34:28 +08:00			`"errors"`
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments 2021-11-29 17:18:01 +08:00			`"net/http"`
Chore: Handle wrapped errors (#29223) * Chore: Handle wrapped errors Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2020-11-19 20:34:28 +08:00
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`"github.com/grafana/grafana/pkg/api/dtos"`
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2021-01-15 21:43:20 +08:00			`"github.com/grafana/grafana/pkg/api/response"`
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports 2023-01-27 15:50:36 +08:00			`contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"`
SAML: Do not SAML SLO if user is not SAML authenticated (#53418) * Only SLO user if the user is using SAML * only one source of truth for auth module info * ensure SAML is also enabled and not only SLO * move auth module naming to auth module login package * use constants in other previously unused spots 2022-08-10 16:21:33 +08:00			`"github.com/grafana/grafana/pkg/services/login"`
chore: move notifications models into notifications service (#61638) 2023-01-18 03:47:31 +08:00			`"github.com/grafana/grafana/pkg/services/notifications"`
Split Create User (#50502) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2 2022-06-28 20:32:25 +08:00			`"github.com/grafana/grafana/pkg/services/user"`
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments 2021-11-29 17:18:01 +08:00			`"github.com/grafana/grafana/pkg/web"`
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`)`

Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports 2023-01-27 15:50:36 +08:00			`func (hs HTTPServer) SendResetPasswordEmail(c contextmodel.ReqContext) response.Response {`
User: Verify external user status for accessing certain user routes (#79909) stricter user profile route checking 2023-12-29 21:23:05 +08:00			`if hs.Cfg.DisableLoginForm \|\| hs.Cfg.DisableLogin {`
			`return response.Error(http.StatusUnauthorized, "Not allowed to reset password when login form is disabled", nil)`
			`}`

Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments 2021-11-29 17:18:01 +08:00			`form := dtos.SendResetPasswordEmailForm{}`
			`if err := web.Bind(c.Req, &form); err != nil {`
			`return response.Error(http.StatusBadRequest, "bad request data", err)`
			`}`
Prevent password reset when login form is disabled or either LDAP or Auth Proxy is enabled 2018-11-29 20:34:11 +08:00
Chore: Add user service method GetByLogin (#53204) * Add wrapper around sqlstore method GetUserByLogin * Use new method from user service * Fix lint * Fix lint 2 * fix middleware basic auth test * Fix grafana login returning a user by login * Remove GetUserByLogin from store interface * Merge commit 2022-08-04 19:22:43 +08:00			`userQuery := user.GetUserByLoginQuery{LoginOrEmail: form.UserOrEmail}`
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00
Chore: Add user service method GetByLogin (#53204) * Add wrapper around sqlstore method GetUserByLogin * Use new method from user service * Fix lint * Fix lint 2 * fix middleware basic auth test * Fix grafana login returning a user by login * Remove GetUserByLogin from store interface * Merge commit 2022-08-04 19:22:43 +08:00			`usr, err := hs.userService.GetByLogin(c.Req.Context(), &userQuery)`
			`if err != nil {`
Omit error from http response (#58443) 2022-11-14 16:42:31 +08:00			`c.Logger.Info("Requested password reset for user that was not found", "user", userQuery.LoginOrEmail, "error", err)`
			`return response.Error(http.StatusOK, "Email sent", nil)`
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`}`

Login: allow basic users to reset password when LDAP or Auth Proxy is enabled (#52331) 2022-08-08 13:12:39 +08:00			`if usr.IsDisabled {`
			`c.Logger.Info("Requested password reset for disabled user", "user", userQuery.LoginOrEmail)`
			`return response.Error(http.StatusOK, "Email sent", nil)`
			`}`

chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service 2023-01-28 02:36:54 +08:00			`getAuthQuery := login.GetAuthInfoQuery{UserId: usr.ID}`
Chore: Remove result fields from login (#65136) * remove result fields from login * fix tests * fix tests * another shadowing 2023-03-29 02:32:21 +08:00			`if authInfo, err := hs.authInfoService.GetAuthInfo(c.Req.Context(), &getAuthQuery); err == nil {`
Auth: Fix SAML user IsExternallySynced not being set correctly (#98487) 2025-01-11 00:37:37 +08:00			`if hs.isProviderEnabled(hs.Cfg, authInfo.AuthModule) {`
User: Verify external user status for accessing certain user routes (#79909) stricter user profile route checking 2023-12-29 21:23:05 +08:00			`c.Logger.Info("Requested password reset for external user", nil)`
			`return response.Error(http.StatusOK, "Email sent", nil)`
Login: allow basic users to reset password when LDAP or Auth Proxy is enabled (#52331) 2022-08-08 13:12:39 +08:00			`}`
			`}`

chore: move notifications models into notifications service (#61638) 2023-01-18 03:47:31 +08:00			`emailCmd := notifications.SendResetPasswordEmailCommand{User: usr}`
Chore: Remove bus from password (#44482) * Chore: Remove bus from password * Refactor: Remove bus from password.go and adjust tests * remove sqlstore dependency from notifications * Chore: Remove bus from password * Refactor: Remove bus from password.go and adjust tests * remove sqlstore dependency (again) * remove fmt printf * fix dependencies in http server * fix renamed method in tests Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> 2022-02-03 17:33:46 +08:00			`if err := hs.NotificationService.SendResetPasswordEmail(c.Req.Context(), &emailCmd); err != nil {`
User: Verify external user status for accessing certain user routes (#79909) stricter user profile route checking 2023-12-29 21:23:05 +08:00			`return response.Error(http.StatusInternalServerError, "Failed to send email", err)`
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`}`

Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2021-01-15 21:43:20 +08:00			`return response.Success("Email sent")`
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`}`

Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports 2023-01-27 15:50:36 +08:00			`func (hs HTTPServer) ResetPassword(c contextmodel.ReqContext) response.Response {`
User: Verify external user status for accessing certain user routes (#79909) stricter user profile route checking 2023-12-29 21:23:05 +08:00			`if hs.Cfg.DisableLoginForm \|\| hs.Cfg.DisableLogin {`
			`return response.Error(http.StatusUnauthorized,`
			`"Not allowed to reset password when grafana authentication is disabled", nil)`
			`}`

Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments 2021-11-29 17:18:01 +08:00			`form := dtos.ResetUserPasswordForm{}`
			`if err := web.Bind(c.Req, &form); err != nil {`
			`return response.Error(http.StatusBadRequest, "bad request data", err)`
			`}`
User: use update function for password updates (#86419) * Update password through Update function instead * Remove duplicated to lower * Refactor password code 2024-04-17 21:24:36 +08:00
			`if form.NewPassword != form.ConfirmPassword {`
			`return response.Error(http.StatusBadRequest, "Passwords do not match", nil)`
			`}`

chore: move notifications models into notifications service (#61638) 2023-01-18 03:47:31 +08:00			`query := notifications.ValidateResetPasswordCodeQuery{Code: form.Code}`
Lots of work on user password reset, #1456 2015-06-08 19:39:02 +08:00
LoginAttempts: Reset attempts on successfull password reset (#59215) * LoginAttempt: Add function to reset attemtps for username * PasswordReset: Reset attempts on successful password reset 2022-11-23 23:57:18 +08:00			`// For now the only way to know the username to clear login attempts for is`
			`// to set it in the function provided to NotificationService`
			`var username string`
Split Create User (#50502) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2 2022-06-28 20:32:25 +08:00			`getUserByLogin := func(ctx context.Context, login string) (*user.User, error) {`
LoginAttempts: Reset attempts on successfull password reset (#59215) * LoginAttempt: Add function to reset attemtps for username * PasswordReset: Reset attempts on successful password reset 2022-11-23 23:57:18 +08:00			`username = login`
Chore: Add user service method GetByLogin (#53204) * Add wrapper around sqlstore method GetUserByLogin * Use new method from user service * Fix lint * Fix lint 2 * fix middleware basic auth test * Fix grafana login returning a user by login * Remove GetUserByLogin from store interface * Merge commit 2022-08-04 19:22:43 +08:00			`userQuery := user.GetUserByLoginQuery{LoginOrEmail: login}`
			`usr, err := hs.userService.GetByLogin(ctx, &userQuery)`
			`return usr, err`
Chore: Remove bus from password (#44482) * Chore: Remove bus from password * Refactor: Remove bus from password.go and adjust tests * remove sqlstore dependency from notifications * Chore: Remove bus from password * Refactor: Remove bus from password.go and adjust tests * remove sqlstore dependency (again) * remove fmt printf * fix dependencies in http server * fix renamed method in tests Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> 2022-02-03 17:33:46 +08:00			`}`

Chore: Remove result field from notifications (#65170) * remove result field from notifications * fix test 2023-03-28 19:44:15 +08:00			`userResult, err := hs.NotificationService.ValidateResetPasswordCode(c.Req.Context(), &query, getUserByLogin)`
			`if err != nil {`
chore: move notifications models into notifications service (#61638) 2023-01-18 03:47:31 +08:00			`if errors.Is(err, notifications.ErrInvalidEmailCode) {`
User: Verify external user status for accessing certain user routes (#79909) stricter user profile route checking 2023-12-29 21:23:05 +08:00			`return response.Error(http.StatusBadRequest, "Invalid or expired reset password code", nil)`
			`}`
			`return response.Error(http.StatusInternalServerError, "Unknown error validating email code", err)`
			`}`

User: use update function for password updates (#86419) * Update password through Update function instead * Remove duplicated to lower * Refactor password code 2024-04-17 21:24:36 +08:00			`if response := hs.errOnExternalUser(c.Req.Context(), userResult.ID); response != nil {`
			`return response`
pkg/util: Check errors (#19832) * pkg/util: Check errors * pkg/services: DRY up code 2019-10-23 16:40:12 +08:00			`}`
Lots of work on user password reset, #1456 2015-06-08 19:39:02 +08:00
User: use update function for password updates (#86419) * Update password through Update function instead * Remove duplicated to lower * Refactor password code 2024-04-17 21:24:36 +08:00			`if err := hs.userService.Update(c.Req.Context(), &user.UpdateUserCommand{UserID: userResult.ID, Password: &form.ConfirmPassword}); err != nil {`
			`return response.ErrOrFallback(http.StatusInternalServerError, "Failed to change user password", err)`
Lots of work on user password reset, #1456 2015-06-08 19:39:02 +08:00			`}`

LoginAttempts: Reset attempts on successfull password reset (#59215) * LoginAttempt: Add function to reset attemtps for username * PasswordReset: Reset attempts on successful password reset 2022-11-23 23:57:18 +08:00			`if err := hs.loginAttemptService.Reset(c.Req.Context(), username); err != nil {`
			`c.Logger.Warn("could not reset login attempts", "err", err, "username", username)`
			`}`

User: Verify external user status for accessing certain user routes (#79909) stricter user profile route checking 2023-12-29 21:23:05 +08:00			`if err := hs.AuthTokenService.RevokeAllUserTokens(c.Req.Context(),`
			`userResult.ID); err != nil {`
			`return response.Error(http.StatusExpectationFailed,`
			`"User password updated but unable to revoke user sessions", err)`
			`}`

Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2021-01-15 21:43:20 +08:00			`return response.Success("User password changed")`
Worked on reset password views, refactored out password strength to a reusable directive 2015-06-08 16:57:01 +08:00			`}`