grafana-almalinux-vs-rockylinux-patch-compare

Created Diff never expires
14 हटाए गए
लाइनें
कुल
हटाया गया
शब्द
कुल
हटाया गया
इस सुविधा का उपयोग जारी रखने के लिए, अपग्रेड करें
Diffchecker logo
Diffchecker Pro
63 लाइनें
9 जोड़े गए
लाइनें
कुल
जोड़ा गया
शब्द
कुल
जोड़ा गया
इस सुविधा का उपयोग जारी रखने के लिए, अपग्रेड करें
Diffchecker logo
Diffchecker Pro
61 लाइनें
From 150a1d2777ea86253e6f800a2ee6273b92295ed9 Mon Sep 17 00:00:00 2001
commit bae86dbeb0
From: eabdullin <ed.abdullin.1@gmail.com>
Author: Ieva <ieva.vasiljeva@grafana.com>
Date: Wed, 12 Jul 2023 15:31:00 +0300
Date: Tue Jun 6 17:45:31 2023 +0100
Subject: [PATCH] CVE-2023-3128


---
Auth: Remove Email Lookup from oauth integrations 9.2 (#898)
pkg/api/login_oauth.go | 17 +++++++++--------
pkg/setting/setting.go | 5 ++++-
backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x
2 files changed, 13 insertions(+), 9 deletions(-)


diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
index b422baf..f124252 100644
index 22014aee43..af00c56a68 100644
--- a/pkg/api/login_oauth.go
--- a/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
@@ -299,16 +299,17 @@ func (hs *HTTPServer) SyncUser(
@@ -299,16 +299,17 @@
connect social.SocialConnector,
connect social.SocialConnector,
) (*models.User, error) {
) (*models.User, error) {
oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
+ lookupParams := models.UserLookupParams{}
+ lookupParams := models.UserLookupParams{}
+ if hs.Cfg.OAuthAllowInsecureEmailLookup {
+ if hs.Cfg.OAuthAllowInsecureEmailLookup {
+ lookupParams.Email = &extUser.Email
+ lookupParams.Email = &extUser.Email
+ }
+ }
+
+
// add/update user in Grafana
// add/update user in Grafana
cmd := &models.UpsertUserCommand{
cmd := &models.UpsertUserCommand{
- ReqContext: ctx,
- ReqContext: ctx,
- ExternalUser: extUser,
- ExternalUser: extUser,
- SignupAllowed: connect.IsSignupAllowed(),
- SignupAllowed: connect.IsSignupAllowed(),
- UserLookupParams: models.UserLookupParams{
- UserLookupParams: models.UserLookupParams{
- Email: &extUser.Email,
- Email: &extUser.Email,
- UserID: nil,
- UserID: nil,
- Login: nil,
- Login: nil,
- },
- },
+ ReqContext: ctx,
+ ReqContext: ctx,
+ ExternalUser: extUser,
+ ExternalUser: extUser,
+ SignupAllowed: connect.IsSignupAllowed(),
+ SignupAllowed: connect.IsSignupAllowed(),
+ UserLookupParams: lookupParams,
+ UserLookupParams: lookupParams,
}
}
if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
index ba2c4bb..6b5c948 100644
index 20e8f78a2f..03aa5c17d8 100644
--- a/pkg/setting/setting.go
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -312,7 +312,8 @@ type Cfg struct {
@@ -312,7 +312,8 @@
AuthProxySyncTTL int
AuthProxySyncTTL int
// OAuth
// OAuth
- OAuthCookieMaxAge int
- OAuthCookieMaxAge int
+ OAuthCookieMaxAge int
+ OAuthCookieMaxAge int
+ OAuthAllowInsecureEmailLookup bool
+ OAuthAllowInsecureEmailLookup bool
// JWT Auth
// JWT Auth
JWTAuthEnabled bool
JWTAuthEnabled bool
@@ -1255,6 +1256,8 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
@@ -1256,6 +1256,8 @@
return err
return err
}
}
+ cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false)
+ cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false)
+
+
const defaultMaxLifetime = "30d"
const defaultMaxLifetime = "30d"
maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime)
maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime)
cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)
cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)