forked from grafana/grafana
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
66 lines (53 loc) · 1.32 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package login
import (
"errors"
"crypto/subtle"
"github.com/grafana/grafana/pkg/bus"
m "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
var (
ErrInvalidCredentials = errors.New("Invalid Username or Password")
)
type LoginUserQuery struct {
Username string
Password string
User *m.User
}
func Init() {
bus.AddHandler("auth", AuthenticateUser)
loadLdapConfig()
}
func AuthenticateUser(query *LoginUserQuery) error {
err := loginUsingGrafanaDB(query)
if err == nil || err != ErrInvalidCredentials {
return err
}
if setting.LdapEnabled {
for _, server := range LdapCfg.Servers {
author := NewLdapAuthenticator(server)
err = author.Login(query)
if err == nil || err != ErrInvalidCredentials {
return err
}
}
}
return err
}
func loginUsingGrafanaDB(query *LoginUserQuery) error {
userQuery := m.GetUserByLoginQuery{LoginOrEmail: query.Username}
if err := bus.Dispatch(&userQuery); err != nil {
if err == m.ErrUserNotFound {
return ErrInvalidCredentials
}
return err
}
user := userQuery.Result
passwordHashed := util.EncodePassword(query.Password, user.Salt)
if subtle.ConstantTimeCompare([]byte(passwordHashed), []byte(user.Password)) != 1 {
return ErrInvalidCredentials
}
query.User = user
return nil
}