github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/app/saml.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "io" 8 "mime/multipart" 9 "net/http" 10 "os" 11 "path/filepath" 12 13 "github.com/mattermost/mattermost-server/model" 14 "github.com/mattermost/mattermost-server/utils" 15 ) 16 17 func (a *App) GetSamlMetadata() (string, *model.AppError) { 18 if a.Saml == nil { 19 err := model.NewAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented) 20 return "", err 21 } 22 23 if result, err := a.Saml.GetMetadata(); err != nil { 24 return "", model.NewAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message, err.StatusCode) 25 } else { 26 return result, nil 27 } 28 } 29 30 func WriteSamlFile(fileData *multipart.FileHeader) *model.AppError { 31 filename := filepath.Base(fileData.Filename) 32 33 if filename == "." || filename == string(filepath.Separator) { 34 return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, "", http.StatusBadRequest) 35 } 36 37 file, err := fileData.Open() 38 if err != nil { 39 return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error(), http.StatusInternalServerError) 40 } 41 defer file.Close() 42 43 configDir, _ := utils.FindDir("config") 44 out, err := os.Create(filepath.Join(configDir, filename)) 45 if err != nil { 46 return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error(), http.StatusInternalServerError) 47 } 48 defer out.Close() 49 50 io.Copy(out, file) 51 return nil 52 } 53 54 func (a *App) AddSamlPublicCertificate(fileData *multipart.FileHeader) *model.AppError { 55 if err := WriteSamlFile(fileData); err != nil { 56 return err 57 } 58 59 cfg := a.Config().Clone() 60 *cfg.SamlSettings.PublicCertificateFile = fileData.Filename 61 62 if err := cfg.IsValid(); err != nil { 63 return err 64 } 65 66 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 67 a.PersistConfig() 68 69 return nil 70 } 71 72 func (a *App) AddSamlPrivateCertificate(fileData *multipart.FileHeader) *model.AppError { 73 if err := WriteSamlFile(fileData); err != nil { 74 return err 75 } 76 77 cfg := a.Config().Clone() 78 *cfg.SamlSettings.PrivateKeyFile = fileData.Filename 79 80 if err := cfg.IsValid(); err != nil { 81 return err 82 } 83 84 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 85 a.PersistConfig() 86 87 return nil 88 } 89 90 func (a *App) AddSamlIdpCertificate(fileData *multipart.FileHeader) *model.AppError { 91 if err := WriteSamlFile(fileData); err != nil { 92 return err 93 } 94 95 cfg := a.Config().Clone() 96 *cfg.SamlSettings.IdpCertificateFile = fileData.Filename 97 98 if err := cfg.IsValid(); err != nil { 99 return err 100 } 101 102 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 103 a.PersistConfig() 104 105 return nil 106 } 107 108 func RemoveSamlFile(filename string) *model.AppError { 109 filename = filepath.Base(filename) 110 111 if filename == "." || filename == string(filepath.Separator) { 112 return model.NewAppError("AddSamlCertificate", "api.admin.remove_certificate.delete.app_error", nil, "", http.StatusBadRequest) 113 } 114 115 if err := os.Remove(utils.FindConfigFile(filename)); err != nil { 116 return model.NewAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error", map[string]interface{}{"Filename": filename}, err.Error(), http.StatusInternalServerError) 117 } 118 119 return nil 120 } 121 122 func (a *App) RemoveSamlPublicCertificate() *model.AppError { 123 if err := RemoveSamlFile(*a.Config().SamlSettings.PublicCertificateFile); err != nil { 124 return err 125 } 126 127 cfg := a.Config().Clone() 128 *cfg.SamlSettings.PublicCertificateFile = "" 129 *cfg.SamlSettings.Encrypt = false 130 131 if err := cfg.IsValid(); err != nil { 132 return err 133 } 134 135 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 136 a.PersistConfig() 137 138 return nil 139 } 140 141 func (a *App) RemoveSamlPrivateCertificate() *model.AppError { 142 if err := RemoveSamlFile(*a.Config().SamlSettings.PrivateKeyFile); err != nil { 143 return err 144 } 145 146 cfg := a.Config().Clone() 147 *cfg.SamlSettings.PrivateKeyFile = "" 148 *cfg.SamlSettings.Encrypt = false 149 150 if err := cfg.IsValid(); err != nil { 151 return err 152 } 153 154 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 155 a.PersistConfig() 156 157 return nil 158 } 159 160 func (a *App) RemoveSamlIdpCertificate() *model.AppError { 161 if err := RemoveSamlFile(*a.Config().SamlSettings.IdpCertificateFile); err != nil { 162 return err 163 } 164 165 cfg := a.Config().Clone() 166 *cfg.SamlSettings.IdpCertificateFile = "" 167 *cfg.SamlSettings.Enable = false 168 169 if err := cfg.IsValid(); err != nil { 170 return err 171 } 172 173 a.UpdateConfig(func(dest *model.Config) { *dest = *cfg }) 174 a.PersistConfig() 175 176 return nil 177 } 178 179 func (a *App) GetSamlCertificateStatus() *model.SamlCertificateStatus { 180 status := &model.SamlCertificateStatus{} 181 182 status.IdpCertificateFile = utils.FileExistsInConfigFolder(*a.Config().SamlSettings.IdpCertificateFile) 183 status.PrivateKeyFile = utils.FileExistsInConfigFolder(*a.Config().SamlSettings.PrivateKeyFile) 184 status.PublicCertificateFile = utils.FileExistsInConfigFolder(*a.Config().SamlSettings.PublicCertificateFile) 185 186 return status 187 }