| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- package login
- import (
- "errors"
- "github.com/grafana/grafana/pkg/bus"
- "github.com/grafana/grafana/pkg/lifecycle"
- m "github.com/grafana/grafana/pkg/models"
- )
- var (
- ErrEmailNotAllowed = errors.New("Required email domain not fulfilled")
- ErrInvalidCredentials = errors.New("Invalid Username or Password")
- ErrNoEmail = errors.New("Login provider didn't return an email address")
- ErrProviderDeniedRequest = errors.New("Login provider denied login request")
- ErrSignUpNotAllowed = errors.New("Signup is not allowed for this adapter")
- ErrTooManyLoginAttempts = errors.New("Too many consecutive incorrect login attempts for user. Login for user temporarily blocked")
- ErrPasswordEmpty = errors.New("No password provided.")
- ErrUsersQuotaReached = errors.New("Users quota reached")
- ErrGettingUserQuota = errors.New("Error getting user quota")
- )
- func init() {
- lifecycle.AddListener(lifecycle.ApplicationStarting, func() {
- bus.AddHandler("auth", AuthenticateUser)
- loadLdapConfig()
- })
- }
- func AuthenticateUser(query *m.LoginUserQuery) error {
- if err := validateLoginAttempts(query.Username); err != nil {
- return err
- }
- if err := validatePasswordSet(query.Password); err != nil {
- return err
- }
- err := loginUsingGrafanaDB(query)
- if err == nil || (err != m.ErrUserNotFound && err != ErrInvalidCredentials) {
- return err
- }
- ldapEnabled, ldapErr := loginUsingLdap(query)
- if ldapEnabled {
- if ldapErr == nil || ldapErr != ErrInvalidCredentials {
- return ldapErr
- }
- err = ldapErr
- }
- if err == ErrInvalidCredentials {
- saveInvalidLoginAttempt(query)
- }
- if err == m.ErrUserNotFound {
- return ErrInvalidCredentials
- }
- return err
- }
- func validatePasswordSet(password string) error {
- if len(password) == 0 {
- return ErrPasswordEmpty
- }
- return nil
- }
|
