Authentication by Cookie does not works

Question

Authentication by Cookie does not works

jkroepke opened this issue 5 months ago · 3 comments

jkroepke commented 5 months ago

It seems like the Cookie header from a API Request is ignored.

If externalServiceAccount feature is disabled and no token is set, then the error occurs that no app secret is given.

Plugin Version: 1.5.0
Grafana Version: 11.1.3

Answer 1 · 2024-08-09T15:03:47.000Z

Yes, this is expected. Check the comment in the src.

README has been updated as well to clearly mention this behavior.

Answer 2 · 2024-08-09T16:43:17.000Z

If externalServiceAccounts is enabled or token is set, can unauthorized users generated PDFs?

Answer 3 · 2024-08-09T17:56:57.000Z

If externalServiceAccounts is enabled or token is set, can unauthorized users generated PDFs?

Yes, a user who does not have permissions on a given dashboard will be able to generate report for it as the plugin always uses service account token to make requests. But #75 will fix it. Cheers for the PR.