github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/saml.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"mime/multipart"
     8  	"net/http"
     9  
    10  	"github.com/mattermost/mattermost-server/model"
    11  )
    12  
    13  func (api *API) InitSaml() {
    14  	api.BaseRoutes.SAML.Handle("/metadata", api.ApiHandler(getSamlMetadata)).Methods("GET")
    15  
    16  	api.BaseRoutes.SAML.Handle("/certificate/public", api.ApiSessionRequired(addSamlPublicCertificate)).Methods("POST")
    17  	api.BaseRoutes.SAML.Handle("/certificate/private", api.ApiSessionRequired(addSamlPrivateCertificate)).Methods("POST")
    18  	api.BaseRoutes.SAML.Handle("/certificate/idp", api.ApiSessionRequired(addSamlIdpCertificate)).Methods("POST")
    19  
    20  	api.BaseRoutes.SAML.Handle("/certificate/public", api.ApiSessionRequired(removeSamlPublicCertificate)).Methods("DELETE")
    21  	api.BaseRoutes.SAML.Handle("/certificate/private", api.ApiSessionRequired(removeSamlPrivateCertificate)).Methods("DELETE")
    22  	api.BaseRoutes.SAML.Handle("/certificate/idp", api.ApiSessionRequired(removeSamlIdpCertificate)).Methods("DELETE")
    23  
    24  	api.BaseRoutes.SAML.Handle("/certificate/status", api.ApiSessionRequired(getSamlCertificateStatus)).Methods("GET")
    25  }
    26  
    27  func getSamlMetadata(c *Context, w http.ResponseWriter, r *http.Request) {
    28  	metadata, err := c.App.GetSamlMetadata()
    29  	if err != nil {
    30  		c.Err = err
    31  		return
    32  	}
    33  
    34  	w.Header().Set("Content-Type", "application/xml")
    35  	w.Header().Set("Content-Disposition", "attachment; filename=\"metadata.xml\"")
    36  	w.Write([]byte(metadata))
    37  }
    38  
    39  func parseSamlCertificateRequest(r *http.Request, maxFileSize int64) (*multipart.FileHeader, *model.AppError) {
    40  	err := r.ParseMultipartForm(maxFileSize)
    41  	if err != nil {
    42  		return nil, model.NewAppError("addSamlCertificate", "api.admin.add_certificate.no_file.app_error", nil, err.Error(), http.StatusBadRequest)
    43  	}
    44  
    45  	m := r.MultipartForm
    46  
    47  	fileArray, ok := m.File["certificate"]
    48  	if !ok {
    49  		return nil, model.NewAppError("addSamlCertificate", "api.admin.add_certificate.no_file.app_error", nil, "", http.StatusBadRequest)
    50  	}
    51  
    52  	if len(fileArray) <= 0 {
    53  		return nil, model.NewAppError("addSamlCertificate", "api.admin.add_certificate.array.app_error", nil, "", http.StatusBadRequest)
    54  	}
    55  
    56  	return fileArray[0], nil
    57  }
    58  
    59  func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
    60  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
    61  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    62  		return
    63  	}
    64  
    65  	fileData, err := parseSamlCertificateRequest(r, *c.App.Config().FileSettings.MaxFileSize)
    66  	if err != nil {
    67  		c.Err = err
    68  		return
    69  	}
    70  
    71  	if err := c.App.AddSamlPublicCertificate(fileData); err != nil {
    72  		c.Err = err
    73  		return
    74  	}
    75  	ReturnStatusOK(w)
    76  }
    77  
    78  func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
    79  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
    80  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    81  		return
    82  	}
    83  
    84  	fileData, err := parseSamlCertificateRequest(r, *c.App.Config().FileSettings.MaxFileSize)
    85  	if err != nil {
    86  		c.Err = err
    87  		return
    88  	}
    89  
    90  	if err := c.App.AddSamlPrivateCertificate(fileData); err != nil {
    91  		c.Err = err
    92  		return
    93  	}
    94  	ReturnStatusOK(w)
    95  }
    96  
    97  func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
    98  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
    99  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   100  		return
   101  	}
   102  
   103  	fileData, err := parseSamlCertificateRequest(r, *c.App.Config().FileSettings.MaxFileSize)
   104  	if err != nil {
   105  		c.Err = err
   106  		return
   107  	}
   108  
   109  	if err := c.App.AddSamlIdpCertificate(fileData); err != nil {
   110  		c.Err = err
   111  		return
   112  	}
   113  	ReturnStatusOK(w)
   114  }
   115  
   116  func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
   117  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   118  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   119  		return
   120  	}
   121  
   122  	if err := c.App.RemoveSamlPublicCertificate(); err != nil {
   123  		c.Err = err
   124  		return
   125  	}
   126  
   127  	ReturnStatusOK(w)
   128  }
   129  
   130  func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
   131  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   132  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   133  		return
   134  	}
   135  
   136  	if err := c.App.RemoveSamlPrivateCertificate(); err != nil {
   137  		c.Err = err
   138  		return
   139  	}
   140  
   141  	ReturnStatusOK(w)
   142  }
   143  
   144  func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
   145  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   146  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   147  		return
   148  	}
   149  
   150  	if err := c.App.RemoveSamlIdpCertificate(); err != nil {
   151  		c.Err = err
   152  		return
   153  	}
   154  
   155  	ReturnStatusOK(w)
   156  }
   157  
   158  func getSamlCertificateStatus(c *Context, w http.ResponseWriter, r *http.Request) {
   159  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   160  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   161  		return
   162  	}
   163  
   164  	status := c.App.GetSamlCertificateStatus()
   165  	w.Write([]byte(status.ToJson()))
   166  }