Scripted Dashboard arguments get modified on sign in with SSO

Grafana Dashboards
, , , ,
1

Hi,

I have scripted dashboard that I am calling in my web application and I am generating the URL of the dashboard based on the device selected, which is random.

In the URL I am passing the device name and property and property unit and a few other arguments to generate a graph chart based on the argument inputs.
Below is the URL that is generated.

Original URL:

https://ServerName/grafana/dashboard/script/ScriptedDashboard.js?kiosk&orgId=1&deviceName=Test_Device_1&propertiesName=%7b%22Water_Level%22%7d&propertiesUnit=%7b%22%25%22%7d&from=1666031400000&to=1681756200000&viewType=graph

owever, when I run this URL and if Grafana is not logged in it will redirect to the login page as expected. But when sign-in with SSO is done and the scripted dashboard URL is loaded it appears to be modified as below. And is showing the below errors appear on the screen.

Modified URL after SSO Sign-in:
https://ServerName/grafana/dashboard/script/ScriptedDashboard.js?kiosk&orgId=1&deviceName=Test_Device_1&propertiesName={%22Water_Level%22}&propertiesUnit={%22%%22}&from=1666031400000&to=1681756200000&viewType=graph

image

I further investigated the error coming using browser console logs.
The issue is appearing in cases where the propertiesUnit is set as “%”.

In the original URL the properties unit argument is as below.
propertiesUnit=%7b%22%25%22%7d

whereas after sign-in redirect it becomes below.
propertiesUnit={%22%%22}

Which means at the time of redirect it is resolving/decoding some of the escape characters like
%7b → {
%7d → }
%22 → "
%25 → %

But when this modified URL runs, it is not getting a raw URL and the % character is not getting decoded/resolved the script is giving an error.

At the time of sign-in, it should store the original URL, but that is not the case here.

My question is why and where this URL is getting modified at the time of SSO sign-in.

How can I prevent it from happening, and what can be done to fix this issue?

Moreover, instead of SSO sign-in if I log in using Basic Authentication, it does not create any issues.

So how do I verify where actually the issue is occurring?

Any help would be very much appreciated.

Note: I got these issue after upgrading Grafana from v6.5.2 to v8.4.10
These issues did not exist in the earlier version mentioned.

Thanks and Regards,
Bhushan Deshmukh

2

@lgram @dsotirakis

@yesoreyeram

@yosiasz

@usman.ahmad

@rhagens

If anyone has any ideas, Please suggest.

3

I tried to investigate further using the Chrome developer tools.

When the URL is executed, I can see it in the network tab, and select the script.
Even before sign-in, for the scripted dashboard script selected, in the cookies sub-tab, Response cookies are different for old Grafana v6.5.2 and after upgrade v8.4.10.

For ex:
In v6.5.2 the cookie value is created from the below subpath

/grafana/dashboard/script/ScriptedDashboard.js?kiosk&orgId=1&deviceName=Test_Device_1&propertiesName=%7b%22Water_Level%22%7d&propertiesUnit=%7b%22%25%22%7d&from=1666031400000&to=1681756200000&viewType=graph

and the cookie value generated is an encodedURI string.
So here the / is converting to %2F and this %2F again encodes to become %252F
%25 → %, which is before 2F
Again the %7b in the URL above becomes %257b.

Encoding is happening such that all the characters that can be encoded are being encoded, but for those encoded strings the % character is also getting encoded.

so the cookie value is like: %252Fgrafana%252Fdashboard%252Fscript%252FScriptedDashboard.js%253F

%252Fgrafana%252Fdashboard%252Fscript%252FScriptedDashboard.js%253Fkiosk%2526orgId%253D1%2526deviceName%253DTest_Device_1%2526propertiesName%253D...and so on.

But this is not the case in Grafana v8.4.10.
%2Fgrafana%2Fdashboard%2Fscript%2FScriptedDashboard.js%3Fkiosk%26orgId%3D1%26deviceName%3DTest_Device_1%26propertiesName%3D...and so on.

and this is getting passed until the Grafana session is logged in and at the end, an issue occurs for the % property unit.

I am trying to find who and where the value gets assigned to this cookie “redirect_to”.
From what I am able to understand is that the redirect cookie is getting stored after encoding in v6.5.2, but not in the case of v8.4.10.

Hope I am making sense.

Thanks and Regards,
Bhushan

4

I believe this is the fix I am looking for.

But I am not sure how to implement this change for v8.4.10 in Linux server.
I am not able to find the file{login_oauth.go} in which the changes are done in my Grafana installation directory.

Any inputs would be very helpful.
@kallepersson
@grafanabot :slight_smile:

Thanks and Regards,
Bhushan