diff options
author | enahum <nahumhbl@gmail.com> | 2016-07-05 15:49:00 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-05 15:49:00 -0400 |
commit | 5f04dc4f45b9657d46380499f92ae6e5c1bf5506 (patch) | |
tree | 86670cb20e038f9716eca3ab9dcb7f2f71263286 /api/admin.go | |
parent | f91b9d4a654ff27777580651d853b6372a425af6 (diff) | |
download | chat-5f04dc4f45b9657d46380499f92ae6e5c1bf5506.tar.gz chat-5f04dc4f45b9657d46380499f92ae6e5c1bf5506.tar.bz2 chat-5f04dc4f45b9657d46380499f92ae6e5c1bf5506.zip |
SAML support (#3494)
* PLT-3073: Implement SAML/Okta Server side (EE) (#3422)
* PLT-3137 Support for SAML configuration
* PLT-3410 SAML Database Store
* PLT-3411 CLI to add Identity Provider Certificate and Service Provider Private Key
* PLT-3409 SAML Interface for EE
* PLT-3139 Handle SAML authentication server side
* Add localization messages
* PLT-3443 SAML Obtain SP metadata
* PLT-3142 Login & Switch to/from SAML
* Remove Certs for Database & Clean SAML Request
* Make required Username, FirstName and LastName
* PLT-3140 Add SAML to System Console (#3476)
* PLT-3140 Add SAML to System Console
* Move web_client functions to client.jsx
* Fix issues found by PM
* update package.json mattermost driver
* Fix text messages for SAML
Diffstat (limited to 'api/admin.go')
-rw-r--r-- | api/admin.go | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/api/admin.go b/api/admin.go index f0db5a4af..4d1528104 100644 --- a/api/admin.go +++ b/api/admin.go @@ -5,6 +5,7 @@ package api import ( "bufio" + "io" "io/ioutil" "net/http" "os" @@ -41,6 +42,9 @@ func InitAdmin() { BaseRoutes.Admin.Handle("/reset_mfa", ApiAdminSystemRequired(adminResetMfa)).Methods("POST") BaseRoutes.Admin.Handle("/reset_password", ApiAdminSystemRequired(adminResetPassword)).Methods("POST") BaseRoutes.Admin.Handle("/ldap_sync_now", ApiAdminSystemRequired(ldapSyncNow)).Methods("POST") + BaseRoutes.Admin.Handle("/saml_metadata", ApiAppHandler(samlMetadata)).Methods("GET") + BaseRoutes.Admin.Handle("/add_certificate", ApiAdminSystemRequired(addCertificate)).Methods("POST") + BaseRoutes.Admin.Handle("/remove_certificate", ApiAdminSystemRequired(removeCertificate)).Methods("POST") } func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { @@ -582,3 +586,76 @@ func ldapSyncNow(c *Context, w http.ResponseWriter, r *http.Request) { rdata["status"] = "ok" w.Write([]byte(model.MapToJson(rdata))) } + +func samlMetadata(c *Context, w http.ResponseWriter, r *http.Request) { + samlInterface := einterfaces.GetSamlInterface() + + if samlInterface == nil { + c.Err = model.NewLocAppError("loginWithSaml", "api.admin.saml.not_available.app_error", nil, "") + c.Err.StatusCode = http.StatusFound + return + } + + if result, err := samlInterface.GetMetadata(); err != nil { + c.Err = model.NewLocAppError("loginWithSaml", "api.admin.saml.metadata.app_error", nil, "err="+err.Message) + return + } else { + w.Header().Set("Content-Type", "application/xml") + w.Header().Set("Content-Disposition", "attachment; filename=\"metadata.xml\"") + w.Write([]byte(result)) + } +} + +func addCertificate(c *Context, w http.ResponseWriter, r *http.Request) { + err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + m := r.MultipartForm + + fileArray, ok := m.File["certificate"] + if !ok { + c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.no_file.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if len(fileArray) <= 0 { + c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.array.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + fileData := fileArray[0] + + file, err := fileData.Open() + defer file.Close() + if err != nil { + c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error()) + return + } + + out, err := os.Create(utils.FindDir("config") + fileData.Filename) + if err != nil { + c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error()) + return + } + defer out.Close() + + io.Copy(out, file) + ReturnStatusOK(w) +} + +func removeCertificate(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.MapFromJson(r.Body) + + filename := props["filename"] + if err := os.Remove(utils.FindConfigFile(filename)); err != nil { + c.Err = model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error", + map[string]interface{}{"Filename": filename}, err.Error()) + return + } + ReturnStatusOK(w) +} |