Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Pike
grafana
CVE-2021-27358.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-27358.patch of Package grafana
commit 43476dc1bb783d7b20be67c2006ef0d33f1094ce Author: Marcus Efraimsson <marcus.efraimsson@gmail.com> Date: Wed Feb 17 09:51:50 2021 +0100 Snapshots: Disallow anonymous user to create snapshots (#31263) (cherry picked from commit 8f20b13f1c8e49b224ad807c78f759a302be20b9) diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go index d61914a2eb75..c94d7a52ddc7 100644 --- a/pkg/middleware/auth.go +++ b/pkg/middleware/auth.go @@ -108,15 +108,17 @@ func AdminOrFeatureEnabled(enabled bool) macaron.Handler { } } +// SnapshotPublicModeOrSignedIn creates a middleware that allows access +// if snapshot public mode is enabled or if user is signed in. func SnapshotPublicModeOrSignedIn() macaron.Handler { return func(c *models.ReqContext) { if setting.SnapshotPublicMode { return } - _, err := c.Invoke(ReqSignedIn) - if err != nil { - c.JsonApiErr(500, "Failed to invoke required signed in middleware", err) + if !c.IsSignedIn { + notAuthorized(c) + return } } } diff --git a/pkg/middleware/auth_test.go b/pkg/middleware/auth_test.go index 0688b458deda..5fb9450c8684 100644 --- a/pkg/middleware/auth_test.go +++ b/pkg/middleware/auth_test.go @@ -35,11 +35,22 @@ func TestMiddlewareAuth(t *testing.T) { Convey("snapshot public mode or signed in", func() { middlewareScenario(t, "Snapshot public mode disabled and unauthenticated request should return 401", func(sc *scenarioContext) { - sc.m.Get("/api/snapshot", SnapshotPublicModeOrSignedIn(), sc.defaultHandler) + sc.m.Get("/api/snapshot", func(c *models.ReqContext) { + c.IsSignedIn = false + }, SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler) sc.fakeReq("GET", "/api/snapshot").exec() So(sc.resp.Code, ShouldEqual, 401) }) + middlewareScenario(t, "Snapshot public mode disabled and authenticated request should return 200", func( + t *testing.T, sc *scenarioContext) { + sc.m.Get("/api/snapshot", func(c *models.ReqContext) { + c.IsSignedIn = true + }, SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler) + sc.fakeReq("GET", "/api/snapshot").exec() + assert.Equal(t, 200, sc.resp.Code) + }) + middlewareScenario(t, "Snapshot public mode enabled and unauthenticated request should return 200", func(sc *scenarioContext) { setting.SnapshotPublicMode = true sc.m.Get("/api/snapshot", SnapshotPublicModeOrSignedIn(), sc.defaultHandler) diff --git a/public/app/features/dashboard/components/ShareModal/ShareModal.tsx b/public/app/features/dashboard/components/ShareModal/ShareModal.tsx index efe68781a3ff..d6687a93b40f 100644 --- a/public/app/features/dashboard/components/ShareModal/ShareModal.tsx +++ b/public/app/features/dashboard/components/ShareModal/ShareModal.tsx @@ -6,21 +6,7 @@ import { ShareSnapshot } from './ShareSnapshot'; import { ShareExport } from './ShareExport'; import { ShareEmbed } from './ShareEmbed'; import { ShareModalTabModel } from './types'; - -const shareCommonTabs: ShareModalTabModel[] = [ - { label: 'Link', value: 'link', component: ShareLink }, - { label: 'Snapshot', value: 'snapshot', component: ShareSnapshot }, -]; - -// prettier-ignore -const shareDashboardTabs: ShareModalTabModel[] = [ - { label: 'Export', value: 'export', component: ShareExport }, -]; - -// prettier-ignore -const sharePanelTabs: ShareModalTabModel[] = [ - { label: 'Embed', value: 'embed', component: ShareEmbed }, -]; +import { contextSrv } from 'app/core/core'; const customDashboardTabs: ShareModalTabModel[] = []; const customPanelTabs: ShareModalTabModel[] = []; @@ -43,13 +29,18 @@ function getInitialState(props: Props): State { function getTabs(props: Props) { const { panel } = props; - const tabs = [...shareCommonTabs]; + + const tabs: ShareModalTabModel[] = [{ label: 'Link', value: 'link', component: ShareLink }]; + + if (contextSrv.isSignedIn) { + tabs.push({ label: 'Snapshot', value: 'snapshot', component: ShareSnapshot }); + } if (panel) { - tabs.push(...sharePanelTabs); + tabs.push({ label: 'Embed', value: 'embed', component: ShareEmbed }); tabs.push(...customPanelTabs); } else { - tabs.push(...shareDashboardTabs); + tabs.push({ label: 'Export', value: 'export', component: ShareExport }); tabs.push(...customDashboardTabs); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor