Affected by GO-2022-0342 and 26 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

oauthtoken

package

v0.0.0-kmdagger1 Latest Latest Go to latest Published: Jun 8, 2023 License: AGPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

Variables
func IsOAuthPassThruEnabled(ds *datasources.DataSource) bool
type OAuthTokenService
type Service
- func ProvideService(socialService social.Service, authInfoService login.AuthInfoService, ...) *Service

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ExpiryDelta is used to prevent any issue that is caused by the clock skew (server times can differ slightly between different machines).
	// Shouldn't be more than 30s
	ExpiryDelta            = 10 * time.Second
	ErrNoRefreshTokenFound = errors.New("no refresh token found")
	ErrNotAnOAuthProvider  = errors.New("not an oauth provider")
)

Functions ¶

func IsOAuthPassThruEnabled ¶

func IsOAuthPassThruEnabled(ds *datasources.DataSource) bool

IsOAuthPassThruEnabled returns true if Forward OAuth Identity (oauthPassThru) is enabled for the provided data source.

Types ¶

type OAuthTokenService ¶

type OAuthTokenService interface {
	GetCurrentOAuthToken(context.Context, *user.SignedInUser) *oauth2.Token
	IsOAuthPassThruEnabled(*datasources.DataSource) bool
	HasOAuthEntry(context.Context, *user.SignedInUser) (*login.UserAuth, bool, error)
	TryTokenRefresh(context.Context, *login.UserAuth) error
	InvalidateOAuthTokens(context.Context, *login.UserAuth) error
}

type Service ¶

type Service struct {
	Cfg             *setting.Cfg
	SocialService   social.Service
	AuthInfoService login.AuthInfoService
	// contains filtered or unexported fields
}

func ProvideService ¶

func ProvideService(socialService social.Service, authInfoService login.AuthInfoService, cfg *setting.Cfg) *Service

func (*Service) GetCurrentOAuthToken ¶

func (o *Service) GetCurrentOAuthToken(ctx context.Context, usr *user.SignedInUser) *oauth2.Token

GetCurrentOAuthToken returns the OAuth token, if any, for the authenticated user. Will try to refresh the token if it has expired.

func (*Service) HasOAuthEntry ¶

func (o *Service) HasOAuthEntry(ctx context.Context, usr *user.SignedInUser) (*login.UserAuth, bool, error)

HasOAuthEntry returns true and the UserAuth object when OAuth info exists for the specified User

func (*Service) InvalidateOAuthTokens ¶

func (o *Service) InvalidateOAuthTokens(ctx context.Context, usr *login.UserAuth) error

InvalidateOAuthTokens invalidates the OAuth tokens (access_token, refresh_token) and sets the Expiry to default/zero

func (*Service) IsOAuthPassThruEnabled ¶

func (o *Service) IsOAuthPassThruEnabled(ds *datasources.DataSource) bool

IsOAuthPassThruEnabled returns true if Forward OAuth Identity (oauthPassThru) is enabled for the provided data source.

func (*Service) TryTokenRefresh ¶

func (o *Service) TryTokenRefresh(ctx context.Context, usr *login.UserAuth) error

TryTokenRefresh returns an error in case the OAuth token refresh was unsuccessful It uses a singleflight.Group to prevent getting the Refresh Token multiple times for a given User

Source Files ¶

View all Source files

oauth_token.go

Directories ¶

Path	Synopsis
oauthtokentest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL