root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 142 Packages Projects Releases Wiki Activity
grafana/pkg/services/authn/authnimpl/sync/oauth_token_sync_test.go

145 lines
5.2 KiB
Go
Raw Normal View History

Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
package sync
import (
"context"
"errors"
"testing"
"time"
"github.com/stretchr/testify/assert"
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
"golang.org/x/oauth2"
Auth: Handle when access token has already been refreshed in OAuth token sync (#77118) * Use singleflight to prevent logging error if the token has already been refreshed * Change order of error checks * align tests, change error name * Change sf key * Update based on the review * refactor
2023-10-26 00:15:41 +08:00
"golang.org/x/sync/singleflight"
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
Authlib: Use types package rather than claims (#99243)
2025-01-21 17:06:55 +08:00
claims "github.com/grafana/authlib/types"
Identity: Rename "namespace" to "type" in the requester interface (#90567)
2024-07-25 17:52:14 +08:00
"github.com/grafana/grafana/pkg/apimachinery/identity"
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
"github.com/grafana/grafana/pkg/infra/localcache"
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
"github.com/grafana/grafana/pkg/infra/log"
Add auth spans and remove deduplication code for scopes (#89804) Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2024-07-03 14:08:57 +08:00
"github.com/grafana/grafana/pkg/infra/tracing"
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
"github.com/grafana/grafana/pkg/login/social"
Auth: Use SSO settings service to load social connectors + refactor (#79005) * Refactor to prevent cyclic dependencies * Move list authorization to the API layer * Init connectors using the SSO settings service in case the ssoSettingsApi feature toggle is enabled * wip, need to handle the cyclic dep * Remove cyclic dependency * Align tests + refactor * Move back OAuthInfo to social * Delete pkg/login/social/constants * Move reloadable registration to the social providers * Rename connectors.Error to connectors.SocialError
2023-12-08 18:20:42 +08:00
"github.com/grafana/grafana/pkg/login/social/socialtest"
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
"github.com/grafana/grafana/pkg/services/auth"
"github.com/grafana/grafana/pkg/services/auth/authtest"
"github.com/grafana/grafana/pkg/services/authn"
OAuth: Use the attached external session data in OAuthToken and OAuthTokenSync (#96655) * wip * wip + tests * wip * wip opt2 * Use authn.Identity struct's SessionToken * Merge fixes * Handle disabling the feature flag correctly * Fix test * Cleanup * Remove HasOAuthEntry from the OAuthTokenService interface * Remove unused function
2024-11-27 18:06:39 +08:00
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
"github.com/grafana/grafana/pkg/services/featuremgmt"
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
"github.com/grafana/grafana/pkg/services/login"
Auth: Fix render user OAuth passthrough (#111636) * devenv: fix volumes section when sources don't contain one * wip * Working correctly with improvedExternalSessionHandling on * Remove not needed lines * Working with the old flow, tests * Handle compatibility with the feature toggle, tests wip * Tests * Cleanup * Address feedback * Align tests * Add comment * Fix issue with session removal after the invalidation of tokens * Remove commented out code * clean up
2025-10-07 16:52:43 +08:00
"github.com/grafana/grafana/pkg/services/oauthtoken"
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
"github.com/grafana/grafana/pkg/services/oauthtoken/oauthtokentest"
)
func TestOAuthTokenSync_SyncOAuthTokenHook(t *testing.T) {
type testCase struct {
desc string
identity *authn.Identity
oauthInfo *social.OAuthInfo
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
expectToken *login.UserAuth
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
expectedTryRefreshErr error
expectTryRefreshTokenCalled bool
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
expectRevokeTokenCalled bool
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
expectedErr error
}
tests := []testCase{
{
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
desc: "should skip sync when identity is not a user",
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
2024-08-13 16:18:28 +08:00
identity: &authn.Identity{ID: "1", Type: claims.TypeServiceAccount},
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
expectTryRefreshTokenCalled: false,
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
},
{
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
desc: "should skip sync when identity is a user but is not authenticated with session token",
Identity: Remove typed id (#91801) * Refactor identity struct to store type in separate field * Update ResolveIdentity to take string representation of typedID * Add IsIdentityType to requester interface * Use IsIdentityType from interface * Remove usage of TypedID * Remote typedID struct * fix GetInternalID
2024-08-13 16:18:28 +08:00
identity: &authn.Identity{ID: "1", Type: claims.TypeUser},
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
expectTryRefreshTokenCalled: false,
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
},
{
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
desc: "should invalidate access token and session token if token refresh fails",
identity: &authn.Identity{ID: "1", Type: claims.TypeUser, SessionToken: &auth.UserToken{}, AuthenticatedBy: login.AzureADAuthModule},
expectedTryRefreshErr: errors.New("some err"),
expectTryRefreshTokenCalled: true,
expectRevokeTokenCalled: true,
expectToken: &login.UserAuth{OAuthExpiry: time.Now().Add(-10 * time.Minute)},
expectedErr: authn.ErrExpiredAccessToken,
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
},
{
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
desc: "should refresh the token successfully",
identity: &authn.Identity{ID: "1", Type: claims.TypeUser, SessionToken: &auth.UserToken{}, AuthenticatedBy: login.AzureADAuthModule},
expectTryRefreshTokenCalled: true,
expectRevokeTokenCalled: false,
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
},
{
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
desc: "should not invalidate the token if the token has already been refreshed by another request (singleflight)",
identity: &authn.Identity{ID: "1", Type: claims.TypeUser, SessionToken: &auth.UserToken{}, AuthenticatedBy: login.AzureADAuthModule},
expectTryRefreshTokenCalled: true,
expectRevokeTokenCalled: false,
expectToken: &login.UserAuth{OAuthExpiry: time.Now().Add(10 * time.Minute)},
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
},
Auth: Fix render user OAuth passthrough (#111636) * devenv: fix volumes section when sources don't contain one * wip * Working correctly with improvedExternalSessionHandling on * Remove not needed lines * Working with the old flow, tests * Handle compatibility with the feature toggle, tests wip * Tests * Cleanup * Address feedback * Align tests * Add comment * Fix issue with session removal after the invalidation of tokens * Remove commented out code * clean up
2025-10-07 16:52:43 +08:00
{
desc: "should not invalidate session if token refresh fails with no refresh token",
identity: &authn.Identity{ID: "1", Type: claims.TypeUser, SessionToken: &auth.UserToken{}, AuthenticatedBy: login.AzureADAuthModule},
expectedTryRefreshErr: oauthtoken.ErrNoRefreshTokenFound,
expectTryRefreshTokenCalled: true,
expectRevokeTokenCalled: true,
expectedErr: oauthtoken.ErrNoRefreshTokenFound,
},
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
// TODO: address coverage of oauthtoken sync
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
var (
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
tryRefreshCalled bool
revokeTokenCalled bool
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
)
service := &oauthtokentest.MockOauthTokenService{
Auth: Fix render user OAuth passthrough (#111636) * devenv: fix volumes section when sources don't contain one * wip * Working correctly with improvedExternalSessionHandling on * Remove not needed lines * Working with the old flow, tests * Handle compatibility with the feature toggle, tests wip * Tests * Cleanup * Address feedback * Align tests * Add comment * Fix issue with session removal after the invalidation of tokens * Remove commented out code * clean up
2025-10-07 16:52:43 +08:00
TryTokenRefreshFunc: func(ctx context.Context, usr identity.Requester, _ *oauthtoken.TokenRefreshMetadata) (*oauth2.Token, error) {
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
tryRefreshCalled = true
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
return nil, tt.expectedTryRefreshErr
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
},
}
sessionService := &authtest.FakeUserAuthTokenService{
RevokeTokenProvider: func(ctx context.Context, token *auth.UserToken, soft bool) error {
revokeTokenCalled = true
return nil
},
}
if tt.oauthInfo == nil {
tt.oauthInfo = &social.OAuthInfo{
UseRefreshToken: true,
}
}
socialService := &socialtest.FakeSocialService{
ExpectedAuthInfoProvider: tt.oauthInfo,
}
sync := &OAuthTokenSync{
Fix: Refresh token when id_token is expired (#79569) * Fix: Refresh token when id_token is expired * add id_token comparison * Fix wire * Use userID as cache key * Apply suggestions from code review --------- Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
2024-02-05 23:44:25 +08:00
log: log.NewNopLogger(),
service: service,
sessionService: sessionService,
socialService: socialService,
singleflightGroup: new(singleflight.Group),
Add auth spans and remove deduplication code for scopes (#89804) Adds more spans for timing in accesscontrol and remove permission deduplicating code after benchmarking --------- Signed-off-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2024-07-03 14:08:57 +08:00
tracer: tracing.InitializeTracerForTest(),
Auth: Update oauthtoken service to use remote cache and server lock (#90572) * update oauthtoken service to use remote cache and server lock * remove token cache * retry is lock is held by an in-flight refresh * refactor token renewal to avoid race condition * re-add refresh token expiry cache, but in SyncOauthTokenHook * Add delta to the cache ttl * Fix merge * Change lockTimeConfig * Always set the token from within the server lock * Improvements * early return when user is not authed by OAuth or refresh is disabled * Allow more time for token refresh, tracing * Retry on Mysql Deadlock error 1213 * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/services/authn/authnimpl/sync/oauth_token_sync.go Co-authored-by: Dan Cech <dcech@grafana.com> * Add settings for configuring min wait time between retries * Add docs for the new setting * Clean up * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> --------- Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2024-08-20 00:57:37 +08:00
cache: localcache.New(maxOAuthTokenCacheTTL, 15*time.Minute),
OAuth: Use the attached external session data in OAuthToken and OAuthTokenSync (#96655) * wip * wip + tests * wip * wip opt2 * Use authn.Identity struct's SessionToken * Merge fixes * Handle disabling the feature flag correctly * Fix test * Cleanup * Remove HasOAuthEntry from the OAuthTokenService interface * Remove unused function
2024-11-27 18:06:39 +08:00
features: featuremgmt.WithFeatures(),
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
}
OAuth: Use the attached external session data in OAuthToken and OAuthTokenSync (#96655) * wip * wip + tests * wip * wip opt2 * Use authn.Identity struct's SessionToken * Merge fixes * Handle disabling the feature flag correctly * Fix test * Cleanup * Remove HasOAuthEntry from the OAuthTokenService interface * Remove unused function
2024-11-27 18:06:39 +08:00
ctx := context.Background()
reqCtx := context.WithValue(ctx, ctxkey.Key{}, &contextmodel.ReqContext{UserToken: nil})
err := sync.SyncOauthTokenHook(reqCtx, tt.identity, nil)
Revert "AuthN: move oauth token hook into session client" (#76882) Revert "AuthN: move oauth token hook into session client (#76688)" This reverts commit 455cede6992cfad57f1c5b1749c9454d1475dba6.
2023-10-20 22:09:46 +08:00
assert.ErrorIs(t, err, tt.expectedErr)
assert.Equal(t, tt.expectTryRefreshTokenCalled, tryRefreshCalled)
assert.Equal(t, tt.expectRevokeTokenCalled, revokeTokenCalled)
})
}
}