2017-04-12 08:27:57 -04:00
|
|
|
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
2017-01-25 09:32:42 -05:00
|
|
|
// See License.txt for license information.
|
|
|
|
|
|
|
|
|
|
package app
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"io"
|
|
|
|
|
"mime/multipart"
|
|
|
|
|
"net/http"
|
|
|
|
|
"os"
|
2017-09-06 17:12:54 -05:00
|
|
|
"path/filepath"
|
|
|
|
|
|
2017-09-06 23:05:10 -07:00
|
|
|
"github.com/mattermost/mattermost-server/model"
|
|
|
|
|
"github.com/mattermost/mattermost-server/utils"
|
2017-01-25 09:32:42 -05:00
|
|
|
)
|
|
|
|
|
|
2017-09-19 18:31:35 -05:00
|
|
|
func (a *App) GetSamlMetadata() (string, *model.AppError) {
|
|
|
|
|
if a.Saml == nil {
|
2017-03-13 08:26:23 -04:00
|
|
|
err := model.NewAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented)
|
2017-01-25 09:32:42 -05:00
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-19 18:31:35 -05:00
|
|
|
if result, err := a.Saml.GetMetadata(); err != nil {
|
2017-03-16 17:00:00 -04:00
|
|
|
return "", model.NewAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message, err.StatusCode)
|
2017-01-25 09:32:42 -05:00
|
|
|
} else {
|
|
|
|
|
return result, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-13 08:26:23 -04:00
|
|
|
func WriteSamlFile(fileData *multipart.FileHeader) *model.AppError {
|
2017-03-22 16:24:05 -03:00
|
|
|
filename := filepath.Base(fileData.Filename)
|
|
|
|
|
|
|
|
|
|
if filename == "." || filename == string(filepath.Separator) {
|
2017-09-01 16:42:02 +01:00
|
|
|
return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, "", http.StatusBadRequest)
|
2017-03-22 16:24:05 -03:00
|
|
|
}
|
|
|
|
|
|
2017-01-25 09:32:42 -05:00
|
|
|
file, err := fileData.Open()
|
|
|
|
|
if err != nil {
|
2017-09-01 16:42:02 +01:00
|
|
|
return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error(), http.StatusInternalServerError)
|
2017-01-25 09:32:42 -05:00
|
|
|
}
|
2017-11-03 10:25:38 -05:00
|
|
|
defer file.Close()
|
2017-01-25 09:32:42 -05:00
|
|
|
|
2017-05-23 11:06:25 -04:00
|
|
|
configDir, _ := utils.FindDir("config")
|
2018-03-21 14:27:14 -04:00
|
|
|
out, err := os.Create(filepath.Join(configDir, filename))
|
2017-01-25 09:32:42 -05:00
|
|
|
if err != nil {
|
2017-09-01 16:42:02 +01:00
|
|
|
return model.NewAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error(), http.StatusInternalServerError)
|
2017-01-25 09:32:42 -05:00
|
|
|
}
|
|
|
|
|
defer out.Close()
|
|
|
|
|
|
|
|
|
|
io.Copy(out, file)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) AddSamlPublicCertificate(fileData *multipart.FileHeader) *model.AppError {
|
2017-03-13 08:26:23 -04:00
|
|
|
if err := WriteSamlFile(fileData); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
cfg := a.Config().Clone()
|
2017-03-13 08:26:23 -04:00
|
|
|
*cfg.SamlSettings.PublicCertificateFile = fileData.Filename
|
|
|
|
|
|
|
|
|
|
if err := cfg.IsValid(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
a.UpdateConfig(func(dest *model.Config) { *dest = *cfg })
|
2017-10-31 09:39:31 -05:00
|
|
|
a.PersistConfig()
|
2017-03-13 08:26:23 -04:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) AddSamlPrivateCertificate(fileData *multipart.FileHeader) *model.AppError {
|
2017-03-13 08:26:23 -04:00
|
|
|
if err := WriteSamlFile(fileData); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
cfg := a.Config().Clone()
|
2017-03-13 08:26:23 -04:00
|
|
|
*cfg.SamlSettings.PrivateKeyFile = fileData.Filename
|
|
|
|
|
|
|
|
|
|
if err := cfg.IsValid(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
a.UpdateConfig(func(dest *model.Config) { *dest = *cfg })
|
2017-10-31 09:39:31 -05:00
|
|
|
a.PersistConfig()
|
2017-03-13 08:26:23 -04:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) AddSamlIdpCertificate(fileData *multipart.FileHeader) *model.AppError {
|
2017-03-13 08:26:23 -04:00
|
|
|
if err := WriteSamlFile(fileData); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
cfg := a.Config().Clone()
|
2017-03-13 08:26:23 -04:00
|
|
|
*cfg.SamlSettings.IdpCertificateFile = fileData.Filename
|
|
|
|
|
|
|
|
|
|
if err := cfg.IsValid(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
a.UpdateConfig(func(dest *model.Config) { *dest = *cfg })
|
2017-10-31 09:39:31 -05:00
|
|
|
a.PersistConfig()
|
2017-03-13 08:26:23 -04:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func RemoveSamlFile(filename string) *model.AppError {
|
2017-03-22 16:24:05 -03:00
|
|
|
filename = filepath.Base(filename)
|
|
|
|
|
|
|
|
|
|
if filename == "." || filename == string(filepath.Separator) {
|
2017-09-01 16:42:02 +01:00
|
|
|
return model.NewAppError("AddSamlCertificate", "api.admin.remove_certificate.delete.app_error", nil, "", http.StatusBadRequest)
|
2017-03-22 16:24:05 -03:00
|
|
|
}
|
|
|
|
|
|
2017-01-25 09:32:42 -05:00
|
|
|
if err := os.Remove(utils.FindConfigFile(filename)); err != nil {
|
2017-09-01 16:42:02 +01:00
|
|
|
return model.NewAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error", map[string]interface{}{"Filename": filename}, err.Error(), http.StatusInternalServerError)
|
2017-01-25 09:32:42 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) RemoveSamlPublicCertificate() *model.AppError {
|
|
|
|
|
if err := RemoveSamlFile(*a.Config().SamlSettings.PublicCertificateFile); err != nil {
|
2017-03-13 08:26:23 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
cfg := a.Config().Clone()
|
2017-03-13 08:26:23 -04:00
|
|
|
*cfg.SamlSettings.PublicCertificateFile = ""
|
|
|
|
|
*cfg.SamlSettings.Encrypt = false
|
|
|
|
|
|
|
|
|
|
if err := cfg.IsValid(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
a.UpdateConfig(func(dest *model.Config) { *dest = *cfg })
|
2017-10-31 09:39:31 -05:00
|
|
|
a.PersistConfig()
|
2017-03-13 08:26:23 -04:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) RemoveSamlPrivateCertificate() *model.AppError {
|
|
|
|
|
if err := RemoveSamlFile(*a.Config().SamlSettings.PrivateKeyFile); err != nil {
|
2017-03-13 08:26:23 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
cfg := a.Config().Clone()
|
2017-03-13 08:26:23 -04:00
|
|
|
*cfg.SamlSettings.PrivateKeyFile = ""
|
|
|
|
|
*cfg.SamlSettings.Encrypt = false
|
|
|
|
|
|
|
|
|
|
if err := cfg.IsValid(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
a.UpdateConfig(func(dest *model.Config) { *dest = *cfg })
|
2017-10-31 09:39:31 -05:00
|
|
|
a.PersistConfig()
|
2017-03-13 08:26:23 -04:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) RemoveSamlIdpCertificate() *model.AppError {
|
|
|
|
|
if err := RemoveSamlFile(*a.Config().SamlSettings.IdpCertificateFile); err != nil {
|
2017-03-13 08:26:23 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
cfg := a.Config().Clone()
|
2017-03-13 08:26:23 -04:00
|
|
|
*cfg.SamlSettings.IdpCertificateFile = ""
|
|
|
|
|
*cfg.SamlSettings.Enable = false
|
|
|
|
|
|
|
|
|
|
if err := cfg.IsValid(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
a.UpdateConfig(func(dest *model.Config) { *dest = *cfg })
|
2017-10-31 09:39:31 -05:00
|
|
|
a.PersistConfig()
|
2017-03-13 08:26:23 -04:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
func (a *App) GetSamlCertificateStatus() *model.SamlCertificateStatus {
|
2017-03-13 08:26:23 -04:00
|
|
|
status := &model.SamlCertificateStatus{}
|
2017-01-25 09:32:42 -05:00
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
status.IdpCertificateFile = utils.FileExistsInConfigFolder(*a.Config().SamlSettings.IdpCertificateFile)
|
|
|
|
|
status.PrivateKeyFile = utils.FileExistsInConfigFolder(*a.Config().SamlSettings.PrivateKeyFile)
|
|
|
|
|
status.PublicCertificateFile = utils.FileExistsInConfigFolder(*a.Config().SamlSettings.PublicCertificateFile)
|
2017-01-25 09:32:42 -05:00
|
|
|
|
|
|
|
|
return status
|
|
|
|
|
}
|
