root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 83 Packages Projects Releases Wiki Activity
grafana/pkg/api/admin_users.go

516 lines
16 KiB
Go
Raw Normal View History

Refactoring of auth middleware, and starting work on account admin
2015-01-15 19:16:54 +08:00
package api
import (
Users: Improve conflict error handling (#26958) * API: Improve error handling (#26934) * New ErrUserAlreadyExists error has been introduced * Create user endpoint returns 412 Precondition Failed on ErrUserAlreadyExists errors * Make ErrUserAlreadyExists error message clearer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Use errors.Is instead of equality comparator on AdminCreateUser handler * Improve sqlstore/user test definition Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Improve sqlstore/user tests for ErrUserAlreadyExists cases * Remove no needed string fmt and err declaration on sqlstore/user tests * Code improvements for sqlstore/user tests Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Use err.Error() instead of sentinel error value on AdminCreateUser Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Add ErrUserAlreadyExists handling for signup & org invite use cases Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-08-13 20:38:54 +08:00
"errors"
"fmt"
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
"net/http"
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
"strconv"
Fix: Email and username trimming and invitation validation (#58442) * fix: email and username trimming and invitation validation * Trim leading and trailing whitespaces from email and username on signup * Check whether the provided email address is the same as where the invitation sent * Align tests Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
2022-11-14 20:11:26 +08:00
"strings"
Users: Improve conflict error handling (#26958) * API: Improve error handling (#26934) * New ErrUserAlreadyExists error has been introduced * Create user endpoint returns 412 Precondition Failed on ErrUserAlreadyExists errors * Make ErrUserAlreadyExists error message clearer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Use errors.Is instead of equality comparator on AdminCreateUser handler * Improve sqlstore/user test definition Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Improve sqlstore/user tests for ErrUserAlreadyExists cases * Remove no needed string fmt and err declaration on sqlstore/user tests * Code improvements for sqlstore/user tests Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Use err.Error() instead of sentinel error value on AdminCreateUser Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Add ErrUserAlreadyExists handling for signup & org invite use cases Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-08-13 20:38:54 +08:00
UserService: use the UserService instead of calling sqlstore directly (#55745) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 19:58:49 +08:00
"golang.org/x/sync/errgroup"
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
"github.com/grafana/grafana/pkg/api/dtos"
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
"github.com/grafana/grafana/pkg/api/response"
moves metric package to /infra ref #14679
2019-02-24 06:35:26 +08:00
"github.com/grafana/grafana/pkg/infra/metrics"
UserService: use the UserService instead of calling sqlstore directly (#55745) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 19:58:49 +08:00
"github.com/grafana/grafana/pkg/services/accesscontrol"
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 16:56:06 +08:00
"github.com/grafana/grafana/pkg/services/auth"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-28 02:36:54 +08:00
"github.com/grafana/grafana/pkg/services/login"
Chore: Delete org model duplicates (#60940) * Delete org model duplicates * Fix lint * Move OrgDetailsDTO to org pkg
2023-01-04 23:20:26 +08:00
"github.com/grafana/grafana/pkg/services/org"
Split Create User (#50502) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2
2022-06-28 20:32:25 +08:00
"github.com/grafana/grafana/pkg/services/user"
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
"github.com/grafana/grafana/pkg/util"
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
"github.com/grafana/grafana/pkg/web"
Refactoring of auth middleware, and starting work on account admin
2015-01-15 19:16:54 +08:00
)
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route POST /admin/users admin_users adminCreateUser
//
// Create new user.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users:create`.
// Note that OrgId is an optional parameter that can be used to assign a new user to a different organization when `auto_assign_org` is set to `true`.
//
// Security:
// - basic:
//
// Responses:
// 200: adminCreateUserResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 412: preconditionFailedError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminCreateUser(c *contextmodel.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
form := dtos.AdminCreateUserForm{}
if err := web.Bind(c.Req, &form); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Fix: Email and username trimming and invitation validation (#58442) * fix: email and username trimming and invitation validation * Trim leading and trailing whitespaces from email and username on signup * Check whether the provided email address is the same as where the invitation sent * Align tests Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
2022-11-14 20:11:26 +08:00
form.Email = strings.TrimSpace(form.Email)
form.Login = strings.TrimSpace(form.Login)
Split Create User (#50502) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2
2022-06-28 20:32:25 +08:00
cmd := user.CreateUserCommand{
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
Login: form.Login,
Email: form.Email,
Password: form.Password,
Name: form.Name,
Split Create User (#50502) * Split Create User * Use new create user and User from package user * Add service to wire * Making create user work * Replace user from user pkg * One more * Move Insert to orguser Service/Store * Remove unnecessary conversion * Cleaunp * Fix Get User and add fakes * Fixing get org id for user logic, adding fakes and other adjustments * Add some tests for ourguser service and store * Fix insert org logic * Add comment about deprecation * Fix after merge with main * Move orguser service/store to org service/store * Remove orguser from wire * Unimplement new Create user and use User from pkg user * Fix wire generation * Fix lint * Fix lint - use only User and CrateUserCommand from user pkg * Remove User and CreateUserCommand from models * Fix lint 2
2022-06-28 20:32:25 +08:00
OrgID: form.OrgId,
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
}
if len(cmd.Login) == 0 {
cmd.Login = cmd.Email
if len(cmd.Login) == 0 {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(400, "Validation error, need specify either username or email", nil)
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
}
}
if len(cmd.Password) < 4 {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(400, "Password is missing or too short", nil)
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
}
Login: Remove CreateUser from LoginService (#59464) * LoginService: remove create user and use user.Service instead * Fix tests
2022-11-29 17:20:44 +08:00
usr, err := hs.userService.Create(c.Req.Context(), &cmd)
Login: Replace command dispatch by explicit call (#32088) * Fix LoginService.UpsertUser user creation * Fix API AdminCreateUser user creation * Add missing underscore import * Fix API CompleteInvite user creation * Fix API SignUpStep2 user creation
2021-03-19 00:16:56 +08:00
if err != nil {
Chore: Delete org model duplicates (#60940) * Delete org model duplicates * Fix lint * Move OrgDetailsDTO to org pkg
2023-01-04 23:20:26 +08:00
if errors.Is(err, org.ErrOrgNotFound) {
Chore: Differentiate the ErrOrgNotFound error messages (#64131) * Better org not found error messages
2023-03-06 15:57:46 +08:00
return response.Error(http.StatusBadRequest, err.Error(), nil)
Users: Improve conflict error handling (#26958) * API: Improve error handling (#26934) * New ErrUserAlreadyExists error has been introduced * Create user endpoint returns 412 Precondition Failed on ErrUserAlreadyExists errors * Make ErrUserAlreadyExists error message clearer Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Use errors.Is instead of equality comparator on AdminCreateUser handler * Improve sqlstore/user test definition Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Improve sqlstore/user tests for ErrUserAlreadyExists cases * Remove no needed string fmt and err declaration on sqlstore/user tests * Code improvements for sqlstore/user tests Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Use err.Error() instead of sentinel error value on AdminCreateUser Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Add ErrUserAlreadyExists handling for signup & org invite use cases Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-08-13 20:38:54 +08:00
}
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if errors.Is(err, user.ErrUserAlreadyExists) {
Chore: Differentiate the ErrOrgNotFound error messages (#64131) * Better org not found error messages
2023-03-06 15:57:46 +08:00
return response.Error(http.StatusPreconditionFailed, fmt.Sprintf("User with email '%s' or username '%s' already exists", form.Email, form.Login), err)
Allow API to assign new user to a specific organization (#21775) * Allow API to assign new user to a specific organization * Add defer block to test * Add API tests and return 400 instead of 500 for bad orgId * Minor test improvements
2020-04-15 17:11:45 +08:00
}
Chore: Differentiate the ErrOrgNotFound error messages (#64131) * Better org not found error messages
2023-03-06 15:57:46 +08:00
return response.Error(http.StatusInternalServerError, "failed to create user", err)
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
}
Metrics: use consistent naming for exported variables (#18134) * Metrics: remove unused metrics Metric `M_Grafana_Version` is not used anywhere, nor the mentioned `M_Grafana_Build_Version`. Seems to be an artefact? * Metrics: make the naming consistent * Metrics: add comments to exported vars * Metrics: use proper naming Fixes #18110
2019-07-16 22:58:46 +08:00
metrics.MApiAdminUserCreate.Inc()
Added server metrics
2015-03-23 03:14:00 +08:00
Chore: Delete password and search from models package (#62482) * Chore: Delete password and search from models package * Rename model to AdminCreateUserResponse
2023-01-31 18:04:55 +08:00
result := user.AdminCreateUserResponse{
fixed gofmt tests
2015-11-16 23:28:38 +08:00
Message: "User created",
Chore: Delete password and search from models package (#62482) * Chore: Delete password and search from models package * Rename model to AdminCreateUserResponse
2023-01-31 18:04:55 +08:00
ID: usr.ID,
fixed gofmt tests
2015-11-16 23:28:38 +08:00
}
/api/admin/users returns user ID
2015-11-16 22:55:02 +08:00
fix status code 200 (#47818)
2022-04-15 20:01:58 +08:00
return response.JSON(http.StatusOK, result)
Worked on user admin features, can now create and edit users as a grafana admin user, #1446
2015-02-10 22:36:51 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route PUT /admin/users/{user_id}/password admin_users adminUpdateUserPassword
//
// Set password for user.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users.password:update` and scope `global.users:*`.
//
// Security:
// - basic:
//
// Responses:
// 200: okResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminUpdateUserPassword(c *contextmodel.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
form := dtos.AdminUpdateUserPasswordForm{}
if err := web.Bind(c.Req, &form); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
if len(form.Password) < 4 {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(400, "New password too short", nil)
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
}
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 22:58:05 +08:00
userQuery := user.GetUserByIDQuery{ID: userID}
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 22:58:05 +08:00
usr, err := hs.userService.GetByID(c.Req.Context(), &userQuery)
if err != nil {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Could not read user from database", err)
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
}
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 22:58:05 +08:00
passwordHashed, err := util.EncodePassword(form.Password, usr.Salt)
pkg/util: Check errors (#19832) * pkg/util: Check errors * pkg/services: DRY up code
2019-10-23 16:40:12 +08:00
if err != nil {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Could not encode password", err)
pkg/util: Check errors (#19832) * pkg/util: Check errors * pkg/services: DRY up code
2019-10-23 16:40:12 +08:00
}
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
Chore: Add user service method ChangePassword (#53303) * Chore: Add user service method ChangePassword * Fix lint
2022-08-04 21:05:05 +08:00
cmd := user.ChangeUserPasswordCommand{
UserID: userID,
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
NewPassword: passwordHashed,
}
Chore: Add user service method ChangePassword (#53303) * Chore: Add user service method ChangePassword * Fix lint
2022-08-04 21:05:05 +08:00
if err := hs.userService.ChangePassword(c.Req.Context(), &cmd); err != nil {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to update user password", err)
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Success("User password updated")
Added change password ability to admin > edit user view, #1446
2015-02-23 18:24:22 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route PUT /admin/users/{user_id}/permissions admin_users adminUpdateUserPermissions
//
// Set permissions for user.
//
// Only works with Basic Authentication (username and password). See introduction for an explanation.
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users.permissions:update` and scope `global.users:*`.
//
// Responses:
// 200: okResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminUpdateUserPermissions(c *contextmodel.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
form := dtos.AdminUpdateUserPermissionsForm{}
if err := web.Bind(c.Req, &form); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Added permissions section to admin > edit user view, an admin can now make another user admin, Closes #1517
2015-02-26 22:43:48 +08:00
Chore: Copy sqlstore methods to user store (#56280) * Chore: Copy sqlstore methods to user store * Fix xorm tag * Add tests * Remove unused methods from sqlstore
2022-10-04 20:14:32 +08:00
err = hs.userService.UpdatePermissions(c.Req.Context(), userID, form.IsGrafanaAdmin)
Chore: Replace Command dispatches by explicit calls (#32131) * Clean up GetProvisionedDashboardDataByIdQuery * Clean up SaveProvisionedDashboardCommand * Clean up & fix AddTeamMemberCommand usages * Clean up & fix UpdateUserPermissionsCommand usages * Lint imports
2021-03-19 16:14:14 +08:00
if err != nil {
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if errors.Is(err, user.ErrLastGrafanaAdmin) {
return response.Error(400, user.ErrLastGrafanaAdmin.Error(), nil)
feat: #11067 prevent removing last grafana admin permissions
2018-12-02 01:28:10 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to update user permissions", err)
Added permissions section to admin > edit user view, an admin can now make another user admin, Closes #1517
2015-02-26 22:43:48 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Success("User permissions updated")
Added permissions section to admin > edit user view, an admin can now make another user admin, Closes #1517
2015-02-26 22:43:48 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route DELETE /admin/users/{user_id} admin_users adminDeleteUser
//
// Delete global User.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users:delete` and scope `global.users:*`.
//
// Security:
// - basic:
//
// Responses:
// 200: okResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminDeleteUser(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446
2015-02-11 23:47:22 +08:00
Remove delete suer from store interface (#53726)
2022-08-15 19:56:16 +08:00
cmd := user.DeleteUserCommand{UserID: userID}
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446
2015-02-11 23:47:22 +08:00
Remove delete suer from store interface (#53726)
2022-08-15 19:56:16 +08:00
if err := hs.userService.Delete(c.Req.Context(), &cmd); err != nil {
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if errors.Is(err, user.ErrUserNotFound) {
return response.Error(404, user.ErrUserNotFound.Error(), nil)
ApiUser: Fix response when enabling, disabling or deleting a nonexistent user (#21391) * ApiUser: Fix response when enabling, disabling or deleting a nonexistent user
2020-01-10 18:43:44 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to delete user", err)
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446
2015-02-11 23:47:22 +08:00
}
UserService: use the UserService instead of calling sqlstore directly (#55745) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 19:58:49 +08:00
g, ctx := errgroup.WithContext(c.Req.Context())
g.Go(func() error {
if err := hs.starService.DeleteByUser(ctx, cmd.UserID); err != nil {
return err
}
return nil
})
g.Go(func() error {
if err := hs.orgService.DeleteUserFromAll(ctx, cmd.UserID); err != nil {
return err
}
return nil
})
g.Go(func() error {
if err := hs.DashboardService.DeleteACLByUser(ctx, cmd.UserID); err != nil {
return err
}
return nil
})
g.Go(func() error {
if err := hs.preferenceService.DeleteByUser(ctx, cmd.UserID); err != nil {
return err
}
return nil
})
g.Go(func() error {
if err := hs.teamGuardian.DeleteByUser(ctx, cmd.UserID); err != nil {
return err
}
return nil
})
g.Go(func() error {
Auth: Remove userauth service (#58941) * Auth: remove userauth service * Use Revoke user tokens from UserAuthTokenService * Add function to delete user auth info to UserAuthInfo service
2022-11-18 21:40:26 +08:00
if err := hs.authInfoService.DeleteUserAuthInfo(ctx, cmd.UserID); err != nil {
UserService: use the UserService instead of calling sqlstore directly (#55745) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 19:58:49 +08:00
return err
}
return nil
})
g.Go(func() error {
Auth: Remove userauth service (#58941) * Auth: remove userauth service * Use Revoke user tokens from UserAuthTokenService * Add function to delete user auth info to UserAuthInfo service
2022-11-18 21:40:26 +08:00
if err := hs.AuthTokenService.RevokeAllUserTokens(ctx, cmd.UserID); err != nil {
UserService: use the UserService instead of calling sqlstore directly (#55745) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 19:58:49 +08:00
return err
}
return nil
})
g.Go(func() error {
Chore: Refactor quota service (#58643) Chore: Refactor quota service (#57586) * Chore: refactore quota service * Apply suggestions from code review
2022-11-15 03:08:10 +08:00
if err := hs.QuotaService.DeleteQuotaForUser(ctx, cmd.UserID); err != nil {
UserService: use the UserService instead of calling sqlstore directly (#55745) * UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
2022-09-27 19:58:49 +08:00
return err
}
return nil
})
g.Go(func() error {
if err := hs.accesscontrolService.DeleteUserPermissions(ctx, accesscontrol.GlobalOrgID, cmd.UserID); err != nil {
return err
}
return nil
})
if err := g.Wait(); err != nil {
return response.Error(500, "Failed to delete user", err)
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Success("User deleted")
Added delete user action to user admin api, and made it work in UI, Closes #1466, #1446
2015-02-11 23:47:22 +08:00
}
feat(api): support list/revoke auth token in admin/current user api
2019-03-08 22:15:38 +08:00
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route POST /admin/users/{user_id}/disable admin_users adminDisableUser
//
// Disable user.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users:disable` and scope `global.users:1` (userIDScope).
//
// Security:
// - basic:
//
// Responses:
// 200: okResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminDisableUser(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
// External users shouldn't be disabled from API
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-28 02:36:54 +08:00
authInfoQuery := &login.GetAuthInfoQuery{UserId: userID}
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if err := hs.authInfoService.GetAuthInfo(c.Req.Context(), authInfoQuery); !errors.Is(err, user.ErrUserNotFound) {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Could not disable external user", nil)
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
}
Chore: Remove disable user, disable batch users and searchusers methods from store interface (#53717) * Chore: Remove disable user and searchusers methods from store interface * Remove disable batch user from sqlstore interface * Remove sqlstore from search store * Fix lint
2022-08-16 20:24:57 +08:00
disableCmd := user.DisableUserCommand{UserID: userID, IsDisabled: true}
if err := hs.userService.Disable(c.Req.Context(), &disableCmd); err != nil {
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if errors.Is(err, user.ErrUserNotFound) {
return response.Error(404, user.ErrUserNotFound.Error(), nil)
ApiUser: Fix response when enabling, disabling or deleting a nonexistent user (#21391) * ApiUser: Fix response when enabling, disabling or deleting a nonexistent user
2020-01-10 18:43:44 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to disable user", err)
Auth: Logout disabled user (#17166) * Feature: revoke user token when disabled * Chore: fix linter error
2019-05-23 20:54:47 +08:00
}
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
err = hs.AuthTokenService.RevokeAllUserTokens(c.Req.Context(), userID)
Auth: Logout disabled user (#17166) * Feature: revoke user token when disabled * Chore: fix linter error
2019-05-23 20:54:47 +08:00
if err != nil {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to disable user", err)
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Success("User disabled")
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route POST /admin/users/{user_id}/enable admin_users adminEnableUser
//
// Enable user.
//
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users:enable` and scope `global.users:1` (userIDScope).
//
// Security:
// - basic:
//
// Responses:
// 200: okResponse
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminEnableUser(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
// External users shouldn't be disabled from API
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-28 02:36:54 +08:00
authInfoQuery := &login.GetAuthInfoQuery{UserId: userID}
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if err := hs.authInfoService.GetAuthInfo(c.Req.Context(), authInfoQuery); !errors.Is(err, user.ErrUserNotFound) {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Could not enable external user", nil)
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
}
Chore: Remove disable user, disable batch users and searchusers methods from store interface (#53717) * Chore: Remove disable user and searchusers methods from store interface * Remove disable batch user from sqlstore interface * Remove sqlstore from search store * Fix lint
2022-08-16 20:24:57 +08:00
disableCmd := user.DisableUserCommand{UserID: userID, IsDisabled: false}
if err := hs.userService.Disable(c.Req.Context(), &disableCmd); err != nil {
Chore: Move user errors to user service (#52460) * Move user not found err to user service * User ErrCaseInsensitive from user pkg * User ErrUserAlreadyExists from user pkg * User ErrLastGrafanaAdmin from user pkg * Remove errors from model
2022-07-20 20:50:06 +08:00
if errors.Is(err, user.ErrUserNotFound) {
return response.Error(404, user.ErrUserNotFound.Error(), nil)
ApiUser: Fix response when enabling, disabling or deleting a nonexistent user (#21391) * ApiUser: Fix response when enabling, disabling or deleting a nonexistent user
2020-01-10 18:43:44 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(500, "Failed to enable user", err)
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
}
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Success("User enabled")
Users: Disable users removed from LDAP (#16820) * Users: add is_disabled column * Users: disable users removed from LDAP * Auth: return ErrInvalidCredentials for failed LDAP auth * User: return isDisabled flag in user search api * User: mark disabled users at the server admin page * Chore: refactor according to review * Auth: prevent disabled user from login * Auth: re-enable user when it found in ldap * User: add api endpoint for disabling user * User: use separate endpoints to disable/enable user * User: disallow disabling external users * User: able do disable users from admin UI * Chore: refactor based on review * Chore: use more clear error check when disabling user * Fix login tests * Tests for disabling user during the LDAP login * Tests for disable user API * Tests for login with disabled user * Remove disable user UI stub * Sync with latest LDAP refactoring
2019-05-21 19:52:49 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route POST /admin/users/{user_id}/logout admin_users adminLogoutUser
//
// Logout user revokes all auth tokens (devices) for the user. User of issued auth tokens (devices) will no longer be logged in and will be required to authenticate again upon next activity.
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users.logout` and scope `global.users:*`.
//
// Security:
// - basic:
//
// Responses:
// 200: okResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminLogoutUser(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
feat(api): support list/revoke auth token in admin/current user api
2019-03-08 22:15:38 +08:00
Chore: Add user service method SetUsingOrg and GetSignedInUserWithCacheCtx (#53343) * Chore: Add user service method SetUsingOrg * Chore: Add user service method GetSignedInUserWithCacheCtx * Use method GetSignedInUserWithCacheCtx from user service * Fix lint after rebase * Fix lint * Fix lint error * roll back some changes * Roll back changes in api and middleware * Add xorm tags to SignedInUser ID fields
2022-08-11 19:28:55 +08:00
if c.UserID == userID {
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
return response.Error(400, "You cannot logout yourself", nil)
feat(api): support list/revoke auth token in admin/current user api
2019-03-08 22:15:38 +08:00
}
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 22:37:11 +08:00
return hs.logoutUserFromAllDevicesInternal(c.Req.Context(), userID)
feat(api): support list/revoke auth token in admin/current user api
2019-03-08 22:15:38 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route GET /admin/users/{user_id}/auth-tokens admin_users adminGetUserAuthTokens
//
// Return a list of all auth tokens (devices) that the user currently have logged in from.
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users.authtoken:list` and scope `global.users:*`.
//
// Security:
// - basic:
//
// Responses:
// 200: adminGetUserAuthTokensResponse
// 401: unauthorisedError
// 403: forbiddenError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminGetUserAuthTokens(c *contextmodel.ReqContext) response.Response {
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 22:37:11 +08:00
return hs.getUserAuthTokensInternal(c, userID)
feat(api): support list/revoke auth token in admin/current user api
2019-03-08 22:15:38 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:route POST /admin/users/{user_id}/revoke-auth-token admin_users adminRevokeUserAuthToken
//
// Revoke auth token for user.
//
// Revokes the given auth token (device) for the user. User of issued auth token (device) will no longer be logged in and will be required to authenticate again upon next activity.
// If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `users.authtoken:update` and scope `global.users:*`.
//
// Security:
// - basic:
//
// Responses:
// 200: okResponse
// 400: badRequestError
// 401: unauthorisedError
// 403: forbiddenError
// 404: notFoundError
// 500: internalServerError
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2023-01-27 15:50:36 +08:00
func (hs *HTTPServer) AdminRevokeUserAuthToken(c *contextmodel.ReqContext) response.Response {
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 16:56:06 +08:00
cmd := auth.RevokeAuthTokenCmd{}
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
if err := web.Bind(c.Req, &cmd); err != nil {
return response.Error(http.StatusBadRequest, "bad request data", err)
}
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-15 00:55:57 +08:00
userID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
if err != nil {
return response.Error(http.StatusBadRequest, "id is invalid", err)
}
Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2020-11-05 22:37:11 +08:00
return hs.revokeUserAuthTokenInternal(c, userID, cmd)
feat(api): support list/revoke auth token in admin/current user api
2019-03-08 22:15:38 +08:00
}
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// swagger:parameters adminUpdateUserPassword
type AdminUpdateUserPasswordParams struct {
// in:body
// required:true
Body dtos.AdminUpdateUserPasswordForm `json:"body"`
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminDeleteUser
type AdminDeleteUserParams struct {
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminEnableUser
type AdminEnableUserParams struct {
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminDisableUser
type AdminDisableUserParams struct {
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminGetUserAuthTokens
type AdminGetUserAuthTokensParams struct {
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminLogoutUser
type AdminLogoutUserParams struct {
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminRevokeUserAuthToken
type AdminRevokeUserAuthTokenParams struct {
// in:body
// required:true
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 16:56:06 +08:00
Body auth.RevokeAuthTokenCmd `json:"body"`
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:parameters adminCreateUser
type AdminCreateUserParams struct {
// in:body
// required:true
Body dtos.AdminCreateUserForm `json:"body"`
}
// swagger:parameters adminUpdateUserPermissions
type AdminUpdateUserPermissionsParams struct {
// in:body
// required:true
Body dtos.AdminUpdateUserPermissionsForm `json:"body"`
// in:path
// required:true
UserID int64 `json:"user_id"`
}
// swagger:response adminCreateUserResponse
type AdminCreateUserResponseResponse struct {
// in:body
Chore: Delete password and search from models package (#62482) * Chore: Delete password and search from models package * Rename model to AdminCreateUserResponse
2023-01-31 18:04:55 +08:00
Body user.AdminCreateUserResponse `json:"body"`
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
}
// swagger:response adminGetUserAuthTokensResponse
type AdminGetUserAuthTokensResponse struct {
// in:body
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 16:56:06 +08:00
Body []*auth.UserToken `json:"body"`
Chore: Move swagger definitions to the handlers (#52643)
2022-07-27 21:54:37 +08:00
}