func LoginView(c *middleware.Context) { viewData, err := setIndexViewData(c) if err != nil { c.Handle(500, "Failed to get settings", err) return } enabledOAuths := make(map[string]interface{}) for key, oauth := range setting.OAuthService.OAuthInfos { enabledOAuths[key] = map[string]string{"name": oauth.Name} } viewData.Settings["oauth"] = enabledOAuths viewData.Settings["disableUserSignUp"] = !setting.AllowUserSignUp viewData.Settings["loginHint"] = setting.LoginHint viewData.Settings["disableLoginForm"] = setting.DisableLoginForm if !tryLoginUsingRememberCookie(c) { c.HTML(200, VIEW_INDEX, viewData) return } if redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to")); len(redirectTo) > 0 { c.SetCookie("redirect_to", "", -1, setting.AppSubUrl+"/") c.Redirect(redirectTo) return } c.Redirect(setting.AppSubUrl + "/") }
func LoginView(c *middleware.Context) { viewData, err := setIndexViewData(c) if err != nil { c.Handle(500, "Failed to get settings", err) return } viewData.Settings["googleAuthEnabled"] = setting.OAuthService.Google viewData.Settings["githubAuthEnabled"] = setting.OAuthService.GitHub viewData.Settings["genericOAuthEnabled"] = setting.OAuthService.Generic viewData.Settings["oauthProviderName"] = setting.OAuthService.OAuthProviderName viewData.Settings["disableUserSignUp"] = !setting.AllowUserSignUp viewData.Settings["loginHint"] = setting.LoginHint viewData.Settings["allowUserPassLogin"] = setting.AllowUserPassLogin if !tryLoginUsingRememberCookie(c) { c.HTML(200, VIEW_INDEX, viewData) return } if redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to")); len(redirectTo) > 0 { c.SetCookie("redirect_to", "", -1, setting.AppSubUrl+"/") c.Redirect(redirectTo) return } c.Redirect(setting.AppSubUrl + "/") }
func RenderToPng(c *middleware.Context) { queryReader := util.NewUrlQueryReader(c.Req.URL) queryParams := fmt.Sprintf("?%s", c.Req.URL.RawQuery) sessionId := c.Session.ID() // Handle api calls authenticated without session if sessionId == "" && c.ApiKeyId != 0 { c.Session.Start(c) c.Session.Set(middleware.SESS_KEY_APIKEY, c.ApiKeyId) // release will make sure the new session is persisted before // we spin up phantomjs c.Session.Release() // cleanup session after render is complete defer func() { c.Session.Destory(c) }() } renderOpts := &renderer.RenderOpts{ Url: c.Params("*") + queryParams, Width: queryReader.Get("width", "800"), Height: queryReader.Get("height", "400"), SessionId: c.Session.ID(), } renderOpts.Url = setting.ToAbsUrl(renderOpts.Url) pngPath, err := renderer.RenderToPng(renderOpts) if err != nil { c.Handle(500, "Failed to render to png", err) return } c.Resp.Header().Set("Content-Type", "image/png") http.ServeFile(c.Resp, c.Req.Request, pngPath) }
func LoginView(c *middleware.Context) { if err := setIndexViewData(c); err != nil { c.Handle(500, "Failed to get settings", err) return } settings := c.Data["Settings"].(map[string]interface{}) settings["googleAuthEnabled"] = setting.OAuthService.Google settings["githubAuthEnabled"] = setting.OAuthService.GitHub settings["disableUserSignUp"] = !setting.AllowUserSignUp settings["loginHint"] = setting.LoginHint if !tryLoginUsingRememberCookie(c) { c.HTML(200, VIEW_INDEX) return } if redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to")); len(redirectTo) > 0 { c.SetCookie("redirect_to", "", -1, setting.AppSubUrl+"/") c.Redirect(redirectTo) return } c.Redirect(setting.AppSubUrl + "/") }
func Index(c *middleware.Context) { if err := setIndexViewData(c); err != nil { c.Handle(500, "Failed to get settings", err) return } c.HTML(200, "index") }
func NotFoundHandler(c *middleware.Context) { if c.IsApiRequest() { c.JsonApiErr(404, "Not found", nil) return } if err := setIndexViewData(c); err != nil { c.Handle(500, "Failed to get settings", err) return } c.HTML(404, "index") }
func RenderToPng(c *middleware.Context) { queryReader := util.NewUrlQueryReader(c.Req.URL) queryParams := fmt.Sprintf("?%s", c.Req.URL.RawQuery) renderOpts := &renderer.RenderOpts{ Path: c.Params("*") + queryParams, Width: queryReader.Get("width", "800"), Height: queryReader.Get("height", "400"), OrgId: c.OrgId, Timeout: queryReader.Get("timeout", "30"), } pngPath, err := renderer.RenderToPng(renderOpts) if err != nil { c.Handle(500, "Failed to render to png", err) return } c.Resp.Header().Set("Content-Type", "image/png") http.ServeFile(c.Resp, c.Req.Request, pngPath) }
func OAuthLogin(ctx *middleware.Context) { if setting.OAuthService == nil { ctx.Handle(404, "login.OAuthLogin(oauth service not enabled)", nil) return } name := ctx.Params(":name") connect, ok := social.SocialMap[name] if !ok { ctx.Handle(404, "login.OAuthLogin(social login not enabled)", errors.New(name)) return } error := ctx.Query("error") if error != "" { errorDesc := ctx.Query("error_description") ctx.Logger.Info("OAuthLogin Failed", "error", error, "errorDesc", errorDesc) ctx.Redirect(setting.AppSubUrl + "/login?failCode=1003") return } code := ctx.Query("code") if code == "" { state := GenStateString() ctx.Session.Set(middleware.SESS_KEY_OAUTH_STATE, state) if setting.OAuthService.OAuthInfos[name].HostedDomain == "" { ctx.Redirect(connect.AuthCodeURL(state, oauth2.AccessTypeOnline)) } else { ctx.Redirect(connect.AuthCodeURL(state, oauth2.SetParam("hd", setting.OAuthService.OAuthInfos[name].HostedDomain), oauth2.AccessTypeOnline)) } return } // verify state string savedState := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string) queryState := ctx.Query("state") if savedState != queryState { ctx.Handle(500, "login.OAuthLogin(state mismatch)", nil) return } // handle call back // initialize oauth2 context oauthCtx := oauth2.NoContext if setting.OAuthService.OAuthInfos[name].TlsClientCert != "" { cert, err := tls.LoadX509KeyPair(setting.OAuthService.OAuthInfos[name].TlsClientCert, setting.OAuthService.OAuthInfos[name].TlsClientKey) if err != nil { log.Fatal(err) } // Load CA cert caCert, err := ioutil.ReadFile(setting.OAuthService.OAuthInfos[name].TlsClientCa) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) tr := &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}, RootCAs: caCertPool, }, } sslcli := &http.Client{Transport: tr} oauthCtx = context.TODO() oauthCtx = context.WithValue(oauthCtx, oauth2.HTTPClient, sslcli) } // get token from provider token, err := connect.Exchange(oauthCtx, code) if err != nil { ctx.Handle(500, "login.OAuthLogin(NewTransportWithCode)", err) return } ctx.Logger.Debug("OAuthLogin Got token") // set up oauth2 client client := connect.Client(oauthCtx, token) // get user info userInfo, err := connect.UserInfo(client) if err != nil { if err == social.ErrMissingTeamMembership { ctx.Redirect(setting.AppSubUrl + "/login?failCode=1000") } else if err == social.ErrMissingOrganizationMembership { ctx.Redirect(setting.AppSubUrl + "/login?failCode=1001") } else { ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err) } return } ctx.Logger.Debug("OAuthLogin got user info", "userInfo", userInfo) // validate that the email is allowed to login to grafana if !connect.IsEmailAllowed(userInfo.Email) { ctx.Logger.Info("OAuth login attempt with unallowed email", "email", userInfo.Email) ctx.Redirect(setting.AppSubUrl + "/login?failCode=1002") return } userQuery := m.GetUserByEmailQuery{Email: userInfo.Email} err = bus.Dispatch(&userQuery) // create account if missing if err == m.ErrUserNotFound { if !connect.IsSignupAllowed() { ctx.Redirect(setting.AppSubUrl + "/login") return } limitReached, err := middleware.QuotaReached(ctx, "user") if err != nil { ctx.Handle(500, "Failed to get user quota", err) return } if limitReached { ctx.Redirect(setting.AppSubUrl + "/login") return } cmd := m.CreateUserCommand{ Login: userInfo.Login, Email: userInfo.Email, Name: userInfo.Name, Company: userInfo.Company, DefaultOrgRole: userInfo.Role, } if err = bus.Dispatch(&cmd); err != nil { ctx.Handle(500, "Failed to create account", err) return } userQuery.Result = &cmd.Result } else if err != nil { ctx.Handle(500, "Unexpected error", err) } // login loginUserWithUser(userQuery.Result, ctx) metrics.M_Api_Login_OAuth.Inc(1) ctx.Redirect(setting.AppSubUrl + "/") }
func OAuthLogin(ctx *middleware.Context) { if setting.OAuthService == nil { ctx.Handle(404, "login.OAuthLogin(oauth service not enabled)", nil) return } name := ctx.Params(":name") connect, ok := social.SocialMap[name] if !ok { ctx.Handle(404, "login.OAuthLogin(social login not enabled)", errors.New(name)) return } code := ctx.Query("code") if code == "" { ctx.Redirect(connect.AuthCodeURL("", oauth2.AccessTypeOnline)) return } // handle call back token, err := connect.Exchange(oauth2.NoContext, code) if err != nil { ctx.Handle(500, "login.OAuthLogin(NewTransportWithCode)", err) return } ctx.Logger.Debug("OAuthLogin Got token") userInfo, err := connect.UserInfo(token) if err != nil { if err == social.ErrMissingTeamMembership { ctx.Redirect(setting.AppSubUrl + "/login?failCode=1000") } else if err == social.ErrMissingOrganizationMembership { ctx.Redirect(setting.AppSubUrl + "/login?failCode=1001") } else { ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err) } return } ctx.Logger.Debug("OAuthLogin got user info", "userInfo", userInfo) // validate that the email is allowed to login to grafana if !connect.IsEmailAllowed(userInfo.Email) { ctx.Logger.Info("OAuth login attempt with unallowed email", "email", userInfo.Email) ctx.Redirect(setting.AppSubUrl + "/login?failCode=1002") return } userQuery := m.GetUserByLoginQuery{LoginOrEmail: userInfo.Email} err = bus.Dispatch(&userQuery) // create account if missing if err == m.ErrUserNotFound { if !connect.IsSignupAllowed() { ctx.Redirect(setting.AppSubUrl + "/login") return } limitReached, err := middleware.QuotaReached(ctx, "user") if err != nil { ctx.Handle(500, "Failed to get user quota", err) return } if limitReached { ctx.Redirect(setting.AppSubUrl + "/login") return } cmd := m.CreateUserCommand{ Login: userInfo.Email, Email: userInfo.Email, Name: userInfo.Name, Company: userInfo.Company, } if err = bus.Dispatch(&cmd); err != nil { ctx.Handle(500, "Failed to create account", err) return } userQuery.Result = &cmd.Result } else if err != nil { ctx.Handle(500, "Unexpected error", err) } // login loginUserWithUser(userQuery.Result, ctx) metrics.M_Api_Login_OAuth.Inc(1) ctx.Redirect(setting.AppSubUrl + "/") }