mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
Scott Bishel
mattermod
@@ -4718,10 +4718,6 @@
|
||||
"id": "model.config.is_valid.saml_canonical_algorithm.app_error",
|
||||
"translation": "Invalid Canonical Algorithm."
|
||||
},
|
||||
{
|
||||
"id": "model.config.is_valid.saml_digest_algorithm.app_error",
|
||||
"translation": "Invalid Digest Algorithm."
|
||||
},
|
||||
{
|
||||
"id": "model.config.is_valid.saml_email_attribute.app_error",
|
||||
"translation": "Invalid Email attribute. Must be set."
|
||||
|
||||
@@ -141,14 +141,9 @@ const (
|
||||
|
||||
SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA1 = "RSAwithSHA1"
|
||||
SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA256 = "RSAwithSHA256"
|
||||
SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA384 = "RSAwithSHA384"
|
||||
SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA512 = "RSAwithSHA512"
|
||||
SAML_SETTINGS_DEFAULT_SIGNATURE_ALGORITHM = SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA1
|
||||
|
||||
SAML_SETTINGS_DIGEST_ALGORITHM_SHA1 = "SHA1"
|
||||
SAML_SETTINGS_DIGEST_ALGORITHM_SHA256 = "SHA256"
|
||||
SAML_SETTINGS_DEFAULT_DIGEST_ALGORITHM = SAML_SETTINGS_DIGEST_ALGORITHM_SHA1
|
||||
|
||||
SAML_SETTINGS_CANONICAL_ALGORITHM_C14N = "Canonical1.0"
|
||||
SAML_SETTINGS_CANONICAL_ALGORITHM_C14N11 = "Canonical1.1"
|
||||
SAML_SETTINGS_DEFAULT_CANONICAL_ALGORITHM = SAML_SETTINGS_CANONICAL_ALGORITHM_C14N
|
||||
@@ -1911,7 +1906,6 @@ type SamlSettings struct {
|
||||
AssertionConsumerServiceURL *string
|
||||
|
||||
SignatureAlgorithm *string
|
||||
DigestAlgorithm *string
|
||||
CanonicalAlgorithm *string
|
||||
|
||||
ScopingIDPProviderId *string
|
||||
@@ -1968,10 +1962,6 @@ func (s *SamlSettings) SetDefaults() {
|
||||
s.SignatureAlgorithm = NewString(SAML_SETTINGS_DEFAULT_SIGNATURE_ALGORITHM)
|
||||
}
|
||||
|
||||
if s.DigestAlgorithm == nil {
|
||||
s.DigestAlgorithm = NewString(SAML_SETTINGS_DEFAULT_DIGEST_ALGORITHM)
|
||||
}
|
||||
|
||||
if s.CanonicalAlgorithm == nil {
|
||||
s.CanonicalAlgorithm = NewString(SAML_SETTINGS_DEFAULT_CANONICAL_ALGORITHM)
|
||||
}
|
||||
@@ -2852,12 +2842,9 @@ func (ss *SamlSettings) isValid() *AppError {
|
||||
return NewAppError("Config.IsValid", "model.config.is_valid.saml_email_attribute.app_error", nil, "", http.StatusBadRequest)
|
||||
}
|
||||
|
||||
if !(*ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA1 || *ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA256 || *ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA384 || *ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA512) {
|
||||
if !(*ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA1 || *ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA256 || *ss.SignatureAlgorithm == SAML_SETTINGS_SIGNATURE_ALGORITHM_SHA512) {
|
||||
return NewAppError("Config.IsValid", "model.config.is_valid.saml_signature_algorithm.app_error", nil, "", http.StatusBadRequest)
|
||||
}
|
||||
if !(*ss.DigestAlgorithm == SAML_SETTINGS_DIGEST_ALGORITHM_SHA1 || *ss.DigestAlgorithm == SAML_SETTINGS_DIGEST_ALGORITHM_SHA256) {
|
||||
return NewAppError("Config.IsValid", "model.config.is_valid.saml_digest_algorithm.app_error", nil, "", http.StatusBadRequest)
|
||||
}
|
||||
if !(*ss.CanonicalAlgorithm == SAML_SETTINGS_CANONICAL_ALGORITHM_C14N || *ss.CanonicalAlgorithm == SAML_SETTINGS_CANONICAL_ALGORITHM_C14N11) {
|
||||
return NewAppError("Config.IsValid", "model.config.is_valid.saml_canonical_algorithm.app_error", nil, "", http.StatusBadRequest)
|
||||
}
|
||||
|
||||
@@ -103,9 +103,6 @@ func TestConfigDefaultSignatureAlgorithm(t *testing.T) {
|
||||
t.Fatal("SamlSettings.SignatureAlgorithm default not set")
|
||||
}
|
||||
|
||||
if *c1.SamlSettings.DigestAlgorithm != SAML_SETTINGS_DEFAULT_DIGEST_ALGORITHM {
|
||||
t.Fatal("SamlSettings.DigestAlgorithm default not set")
|
||||
}
|
||||
if *c1.SamlSettings.CanonicalAlgorithm != SAML_SETTINGS_DEFAULT_CANONICAL_ALGORITHM {
|
||||
t.Fatal("SamlSettings.CanonicalAlgorithm default not set")
|
||||
}
|
||||
@@ -117,7 +114,6 @@ func TestConfigOverwriteSignatureAlgorithm(t *testing.T) {
|
||||
SamlSettings: SamlSettings{
|
||||
CanonicalAlgorithm: NewString(testAlgorithm),
|
||||
SignatureAlgorithm: NewString(testAlgorithm),
|
||||
DigestAlgorithm: NewString(testAlgorithm),
|
||||
},
|
||||
}
|
||||
|
||||
@@ -126,9 +122,6 @@ func TestConfigOverwriteSignatureAlgorithm(t *testing.T) {
|
||||
if *c1.SamlSettings.SignatureAlgorithm != testAlgorithm {
|
||||
t.Fatal("SamlSettings.SignatureAlgorithm should be overwritten")
|
||||
}
|
||||
if *c1.SamlSettings.DigestAlgorithm != testAlgorithm {
|
||||
t.Fatal("SamlSettings.DigestAlgorithm should be overwritten")
|
||||
}
|
||||
if *c1.SamlSettings.CanonicalAlgorithm != testAlgorithm {
|
||||
t.Fatal("SamlSettings.CanonicalAlgorithm should be overwritten")
|
||||
}
|
||||
@@ -177,15 +170,7 @@ func TestConfigIsValidFakeAlgorithm(t *testing.T) {
|
||||
require.Equal(t, "model.config.is_valid.saml_canonical_algorithm.app_error", err.Message)
|
||||
*c1.SamlSettings.CanonicalAlgorithm = temp
|
||||
|
||||
temp = *c1.SamlSettings.DigestAlgorithm
|
||||
*c1.SamlSettings.DigestAlgorithm = "Fake Algorithm"
|
||||
err = c1.SamlSettings.isValid()
|
||||
if err == nil {
|
||||
t.Fatal("SAMLSettings validation should pass fake digest Algorithm")
|
||||
}
|
||||
require.Equal(t, "model.config.is_valid.saml_digest_algorithm.app_error", err.Message)
|
||||
*c1.SamlSettings.DigestAlgorithm = temp
|
||||
|
||||
temp = *c1.SamlSettings.SignatureAlgorithm
|
||||
*c1.SamlSettings.SignatureAlgorithm = "Fake Algorithm"
|
||||
err = c1.SamlSettings.isValid()
|
||||
if err == nil {
|
||||
|
||||
Reference in New Issue
Block a user