2023-11-08 03:50:01 -06:00
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
import (
|
2023-11-21 02:11:52 -06:00
|
|
|
"errors"
|
2023-11-14 09:07:51 -06:00
|
|
|
"net/http"
|
|
|
|
|
|
2023-11-08 03:50:01 -06:00
|
|
|
"github.com/grafana/grafana/pkg/api/response"
|
|
|
|
|
"github.com/grafana/grafana/pkg/api/routing"
|
|
|
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
|
|
|
|
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
|
|
|
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/ssosettings"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/ssosettings/models"
|
|
|
|
|
"github.com/grafana/grafana/pkg/web"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Api struct {
|
|
|
|
|
Log log.Logger
|
|
|
|
|
RouteRegister routing.RouteRegister
|
|
|
|
|
AccessControl ac.AccessControl
|
|
|
|
|
Features *featuremgmt.FeatureManager
|
|
|
|
|
SSOSettingsService ssosettings.Service
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func ProvideApi(
|
|
|
|
|
ssoSettingsSvc ssosettings.Service,
|
|
|
|
|
routeRegister routing.RouteRegister,
|
|
|
|
|
ac ac.AccessControl,
|
|
|
|
|
) *Api {
|
|
|
|
|
api := &Api{
|
|
|
|
|
SSOSettingsService: ssoSettingsSvc,
|
|
|
|
|
RouteRegister: routeRegister,
|
|
|
|
|
AccessControl: ac,
|
|
|
|
|
Log: log.New("ssosettings.api"),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return api
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RegisterAPIEndpoints Registers Endpoints on Grafana Router
|
|
|
|
|
func (api *Api) RegisterAPIEndpoints() {
|
|
|
|
|
api.RouteRegister.Group("/api/v1/sso-settings", func(router routing.RouteRegister) {
|
|
|
|
|
auth := ac.Middleware(api.AccessControl)
|
|
|
|
|
|
|
|
|
|
scopeKey := ac.Parameter(":key")
|
2023-11-16 02:15:51 -06:00
|
|
|
settingsScope := ac.ScopeSettingsOAuth(scopeKey)
|
2023-11-08 03:50:01 -06:00
|
|
|
|
2023-11-16 02:15:51 -06:00
|
|
|
reqWriteAccess := auth(ac.EvalPermission(ac.ActionSettingsWrite, settingsScope))
|
2023-11-08 03:50:01 -06:00
|
|
|
|
2023-11-16 02:15:51 -06:00
|
|
|
router.Get("/", auth(ac.EvalPermission(ac.ActionSettingsRead)), routing.Wrap(api.listAllProvidersSettings))
|
2023-11-08 03:50:01 -06:00
|
|
|
router.Get("/:key", auth(ac.EvalPermission(ac.ActionSettingsRead, settingsScope)), routing.Wrap(api.getProviderSettings))
|
|
|
|
|
router.Put("/:key", reqWriteAccess, routing.Wrap(api.updateProviderSettings))
|
|
|
|
|
router.Delete("/:key", reqWriteAccess, routing.Wrap(api.removeProviderSettings))
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (api *Api) listAllProvidersSettings(c *contextmodel.ReqContext) response.Response {
|
|
|
|
|
providers, err := api.SSOSettingsService.List(c.Req.Context(), c.SignedInUser)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return response.Error(500, "Failed to get providers", err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.JSON(http.StatusOK, providers)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (api *Api) getProviderSettings(c *contextmodel.ReqContext) response.Response {
|
|
|
|
|
key, ok := web.Params(c.Req)[":key"]
|
|
|
|
|
if !ok {
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusBadRequest, "Missing key", nil)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
settings, err := api.SSOSettingsService.GetForProvider(c.Req.Context(), key)
|
|
|
|
|
if err != nil {
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusNotFound, "The provider was not found", err)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.JSON(http.StatusOK, settings)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (api *Api) updateProviderSettings(c *contextmodel.ReqContext) response.Response {
|
|
|
|
|
key, ok := web.Params(c.Req)[":key"]
|
|
|
|
|
if !ok {
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusBadRequest, "Missing key", nil)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var newSettings models.SSOSetting
|
|
|
|
|
if err := web.Bind(c.Req, &newSettings); err != nil {
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusBadRequest, "Failed to parse request body", err)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err := api.SSOSettingsService.Upsert(c.Req.Context(), key, newSettings.Settings)
|
|
|
|
|
// TODO: first check whether the error is referring to validation errors
|
|
|
|
|
|
|
|
|
|
// other error
|
|
|
|
|
if err != nil {
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusInternalServerError, "Failed to update provider settings", err)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.JSON(http.StatusNoContent, nil)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
2023-11-17 06:07:26 -06:00
|
|
|
// swagger:route DELETE /v1/sso-settings/{key} sso_settings removeProviderSettings
|
|
|
|
|
//
|
|
|
|
|
// # Remove SSO Settings
|
|
|
|
|
//
|
|
|
|
|
// # Remove an SSO Settings entry by Key
|
|
|
|
|
//
|
|
|
|
|
// You need to have a permission with action `settings:write` with scope `settings:auth.<provider>:*`.
|
|
|
|
|
//
|
|
|
|
|
// Responses:
|
|
|
|
|
// 204: okResponse
|
|
|
|
|
// 400: badRequestError
|
|
|
|
|
// 401: unauthorisedError
|
|
|
|
|
// 403: forbiddenError
|
|
|
|
|
// 500: internalServerError
|
2023-11-08 03:50:01 -06:00
|
|
|
func (api *Api) removeProviderSettings(c *contextmodel.ReqContext) response.Response {
|
|
|
|
|
key, ok := web.Params(c.Req)[":key"]
|
|
|
|
|
if !ok {
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusBadRequest, "Missing key", nil)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err := api.SSOSettingsService.Delete(c.Req.Context(), key)
|
|
|
|
|
if err != nil {
|
2023-11-21 02:11:52 -06:00
|
|
|
if errors.Is(err, ssosettings.ErrNotFound) {
|
|
|
|
|
return response.Error(http.StatusNotFound, "The provider was not found", err)
|
|
|
|
|
}
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.Error(http.StatusInternalServerError, "Failed to delete provider settings", err)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
|
|
|
|
|
2023-11-14 09:07:51 -06:00
|
|
|
return response.JSON(http.StatusNoContent, nil)
|
2023-11-08 03:50:01 -06:00
|
|
|
}
|
2023-11-17 06:07:26 -06:00
|
|
|
|
|
|
|
|
// swagger:parameters removeProviderSettings
|
|
|
|
|
type RemoveProviderSettingsParams struct {
|
|
|
|
|
// in:path
|
|
|
|
|
// required:true
|
|
|
|
|
Key string `json:"key"`
|
|
|
|
|
}
|
