| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- package login
- import (
- "errors"
- "github.com/grafana/grafana/pkg/bus"
- m "github.com/grafana/grafana/pkg/models"
- )
- var (
- ErrEmailNotAllowed = errors.New("Required email domain not fulfilled")
- ErrInvalidCredentials = errors.New("Invalid Username or Password")
- ErrNoEmail = errors.New("Login provider didn't return an email address")
- ErrProviderDeniedRequest = errors.New("Login provider denied login request")
- ErrSignUpNotAllowed = errors.New("Signup is not allowed for this adapter")
- ErrTooManyLoginAttempts = errors.New("Too many consecutive incorrect login attempts for user. Login for user temporarily blocked")
- ErrUsersQuotaReached = errors.New("Users quota reached")
- ErrGettingUserQuota = errors.New("Error getting user quota")
- )
- func Init() {
- bus.AddHandler("auth", AuthenticateUser)
- loadLdapConfig()
- }
- func AuthenticateUser(query *m.LoginUserQuery) error {
- if err := validateLoginAttempts(query.Username); err != nil {
- return err
- }
- err := loginUsingGrafanaDB(query)
- if err == nil || (err != m.ErrUserNotFound && err != ErrInvalidCredentials) {
- return err
- }
- ldapEnabled, ldapErr := loginUsingLdap(query)
- if ldapEnabled {
- if ldapErr == nil || ldapErr != ErrInvalidCredentials {
- return ldapErr
- }
- err = ldapErr
- }
- if err == ErrInvalidCredentials {
- saveInvalidLoginAttempt(query)
- }
- if err == m.ErrUserNotFound {
- return ErrInvalidCredentials
- }
- return err
- }
|
