Skip to content

Commit b501e03

Browse files
dhaguedhague
committed
Multi-domain login
1 parent 2c23d17 commit b501e03

File tree

3 files changed

+36
-11
lines changed

3 files changed

+36
-11
lines changed

pkg/api/keystone/keystone.go

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ import (
1414
m "github.com/grafana/grafana/pkg/models"
1515
"github.com/grafana/grafana/pkg/setting"
1616
"io"
17+
"strings"
1718
)
1819

1920
const (
@@ -84,19 +85,20 @@ func getNewToken(c *middleware.Context) (string, error) {
8485
log.Warn("Password stored in cleartext!")
8586
}
8687

88+
user, domain := UserDomain(username)
89+
keystoneProject := strings.Replace(project, "@"+domain, "", 1)
8790
auth := Auth_data{
88-
Username: username,
89-
Project: project,
91+
Username: user,
92+
Project: keystoneProject,
9093
Password: keystonePasswordObj.(string),
91-
Domain: setting.KeystoneDefaultDomain,
94+
Domain: domain,
9295
Server: setting.KeystoneURL,
9396
}
9497
if err := AuthenticateScoped(&auth); err != nil {
95-
if setting.KeystoneCookieCredentials {
96-
c.SetCookie(middleware.SESS_KEY_PASSWORD, "", -1, setting.AppSubUrl+"/", nil, middleware.IsSecure(c), true)
97-
} else {
98-
c.Session.Set(middleware.SESS_KEY_PASSWORD, nil)
99-
}
98+
c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl+"/", nil, middleware.IsSecure(c), true)
99+
c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl+"/", nil, middleware.IsSecure(c), true)
100+
c.SetCookie(middleware.SESS_KEY_PASSWORD, "", -1, setting.AppSubUrl+"/", nil, middleware.IsSecure(c), true)
101+
c.Session.Destory(c)
100102
return "", err
101103
}
102104

@@ -195,3 +197,13 @@ func decryptPassword(base64ciphertext string) string {
195197
stream.XORKeyStream(password, ciphertext[aes.BlockSize:])
196198
return string(password)
197199
}
200+
201+
func UserDomain(username string) (string, string) {
202+
user := username
203+
domain := setting.KeystoneDefaultDomain
204+
if at_idx := strings.IndexRune(username, '@'); at_idx > 0 {
205+
domain = username[at_idx+1:]
206+
user = username[:at_idx]
207+
}
208+
return user, domain
209+
}

pkg/login/auth.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"errors"
55

66
"crypto/subtle"
7+
"github.com/grafana/grafana/pkg/api/keystone"
78
"github.com/grafana/grafana/pkg/bus"
89
m "github.com/grafana/grafana/pkg/models"
910
"github.com/grafana/grafana/pkg/setting"
@@ -42,8 +43,12 @@ func AuthenticateUser(query *LoginUserQuery) error {
4243
}
4344

4445
if setting.KeystoneEnabled {
46+
user, domain := keystone.UserDomain(query.Username)
47+
if domain == setting.KeystoneDefaultDomain {
48+
query.Username = user
49+
}
4550
auther := NewKeystoneAuthenticator(setting.KeystoneURL,
46-
setting.KeystoneDefaultDomain,
51+
domain,
4752
setting.KeystoneDefaultRole,
4853
setting.KeystoneGlobalAdminRoles,
4954
setting.KeystoneAdminRoles,

pkg/login/keystone.go

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,9 +56,10 @@ func (a *keystoneAuther) login(query *LoginUserQuery) error {
5656
}
5757

5858
func (a *keystoneAuther) authenticate(username, password string) error {
59+
user, _ := keystone.UserDomain(username)
5960
auth := keystone.Auth_data{
6061
Server: a.server,
61-
Username: username,
62+
Username: user,
6263
Password: password,
6364
Domain: a.domainname,
6465
}
@@ -109,10 +110,14 @@ func (a *keystoneAuther) updateGrafanaUserPermissions(userid int64, isAdmin bool
109110
}
110111

111112
func (a *keystoneAuther) getGrafanaOrgFor(orgname string) (*m.Org, error) {
113+
114+
log.Debug("getGrafanaOrgFor( %v )", orgname)
115+
112116
// get org from grafana db
113117
orgQuery := m.GetOrgByNameQuery{Name: orgname}
114118
if err := bus.Dispatch(&orgQuery); err != nil {
115119
if err == m.ErrOrgNotFound {
120+
log.Debug("orgname %s not found - create it", orgname)
116121
return a.createGrafanaOrg(orgname)
117122
} else {
118123
return nil, err
@@ -209,6 +214,7 @@ func (a *keystoneAuther) syncOrgRoles(username, password string, user *m.User) e
209214
// add missing org roles
210215
for project, _ := range a.project_list {
211216
if grafanaOrg, err := a.getGrafanaOrgFor(project); err != nil {
217+
log.Error(3, "Couldn't find Grafana org %s", project)
212218
return err
213219
} else {
214220
if _, exists := handledOrgIds[grafanaOrg.Id]; exists {
@@ -284,6 +290,7 @@ func (a *keystoneAuther) syncOrgRoles(username, password string, user *m.User) e
284290
}
285291

286292
func (a *keystoneAuther) getProjectList(username, password string) error {
293+
log.Trace("getProjectList() with username %s", username)
287294
projects_data := keystone.Projects_data{
288295
Token: a.token,
289296
Server: a.server,
@@ -306,12 +313,13 @@ func (a *keystoneAuther) getProjectList(username, password string) error {
306313
for _, role := range auth.Roles {
307314
roles = append(roles, role.Name)
308315
}
309-
a.project_list[project] = roles
316+
a.project_list[project+"@"+a.domainname] = roles
310317
}
311318
return nil
312319
}
313320

314321
func (a *keystoneAuther) getRole(user_roles []string) m.RoleType {
322+
log.Trace("getRole(%v)", user_roles)
315323
role_map := make(map[string]bool)
316324
for _, role := range user_roles {
317325
role_map[role] = true

0 commit comments

Comments
 (0)