github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/saml.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "mime/multipart" 8 "net/http" 9 10 "github.com/mattermost/mattermost-server/model" 11 ) 12 13 func (api *API) InitSaml() { 14 api.BaseRoutes.SAML.Handle("/metadata", api.ApiHandler(getSamlMetadata)).Methods("GET") 15 16 api.BaseRoutes.SAML.Handle("/certificate/public", api.ApiSessionRequired(addSamlPublicCertificate)).Methods("POST") 17 api.BaseRoutes.SAML.Handle("/certificate/private", api.ApiSessionRequired(addSamlPrivateCertificate)).Methods("POST") 18 api.BaseRoutes.SAML.Handle("/certificate/idp", api.ApiSessionRequired(addSamlIdpCertificate)).Methods("POST") 19 20 api.BaseRoutes.SAML.Handle("/certificate/public", api.ApiSessionRequired(removeSamlPublicCertificate)).Methods("DELETE") 21 api.BaseRoutes.SAML.Handle("/certificate/private", api.ApiSessionRequired(removeSamlPrivateCertificate)).Methods("DELETE") 22 api.BaseRoutes.SAML.Handle("/certificate/idp", api.ApiSessionRequired(removeSamlIdpCertificate)).Methods("DELETE") 23 24 api.BaseRoutes.SAML.Handle("/certificate/status", api.ApiSessionRequired(getSamlCertificateStatus)).Methods("GET") 25 } 26 27 func getSamlMetadata(c *Context, w http.ResponseWriter, r *http.Request) { 28 metadata, err := c.App.GetSamlMetadata() 29 if err != nil { 30 c.Err = err 31 return 32 } 33 34 w.Header().Set("Content-Type", "application/xml") 35 w.Header().Set("Content-Disposition", "attachment; filename=\"metadata.xml\"") 36 w.Write([]byte(metadata)) 37 } 38 39 func parseSamlCertificateRequest(r *http.Request, maxFileSize int64) (*multipart.FileHeader, *model.AppError) { 40 err := r.ParseMultipartForm(maxFileSize) 41 if err != nil { 42 return nil, model.NewAppError("addSamlCertificate", "api.admin.add_certificate.no_file.app_error", nil, err.Error(), http.StatusBadRequest) 43 } 44 45 m := r.MultipartForm 46 47 fileArray, ok := m.File["certificate"] 48 if !ok { 49 return nil, model.NewAppError("addSamlCertificate", "api.admin.add_certificate.no_file.app_error", nil, "", http.StatusBadRequest) 50 } 51 52 if len(fileArray) <= 0 { 53 return nil, model.NewAppError("addSamlCertificate", "api.admin.add_certificate.array.app_error", nil, "", http.StatusBadRequest) 54 } 55 56 return fileArray[0], nil 57 } 58 59 func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) { 60 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 61 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 62 return 63 } 64 65 fileData, err := parseSamlCertificateRequest(r, *c.App.Config().FileSettings.MaxFileSize) 66 if err != nil { 67 c.Err = err 68 return 69 } 70 71 if err := c.App.AddSamlPublicCertificate(fileData); err != nil { 72 c.Err = err 73 return 74 } 75 ReturnStatusOK(w) 76 } 77 78 func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) { 79 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 80 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 81 return 82 } 83 84 fileData, err := parseSamlCertificateRequest(r, *c.App.Config().FileSettings.MaxFileSize) 85 if err != nil { 86 c.Err = err 87 return 88 } 89 90 if err := c.App.AddSamlPrivateCertificate(fileData); err != nil { 91 c.Err = err 92 return 93 } 94 ReturnStatusOK(w) 95 } 96 97 func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { 98 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 99 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 100 return 101 } 102 103 fileData, err := parseSamlCertificateRequest(r, *c.App.Config().FileSettings.MaxFileSize) 104 if err != nil { 105 c.Err = err 106 return 107 } 108 109 if err := c.App.AddSamlIdpCertificate(fileData); err != nil { 110 c.Err = err 111 return 112 } 113 ReturnStatusOK(w) 114 } 115 116 func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) { 117 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 118 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 119 return 120 } 121 122 if err := c.App.RemoveSamlPublicCertificate(); err != nil { 123 c.Err = err 124 return 125 } 126 127 ReturnStatusOK(w) 128 } 129 130 func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) { 131 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 132 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 133 return 134 } 135 136 if err := c.App.RemoveSamlPrivateCertificate(); err != nil { 137 c.Err = err 138 return 139 } 140 141 ReturnStatusOK(w) 142 } 143 144 func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { 145 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 146 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 147 return 148 } 149 150 if err := c.App.RemoveSamlIdpCertificate(); err != nil { 151 c.Err = err 152 return 153 } 154 155 ReturnStatusOK(w) 156 } 157 158 func getSamlCertificateStatus(c *Context, w http.ResponseWriter, r *http.Request) { 159 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 160 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 161 return 162 } 163 164 status := c.App.GetSamlCertificateStatus() 165 w.Write([]byte(status.ToJson())) 166 }