From 3559fb7959cf008b038239f2e7c43e604c44cd31 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 13 Mar 2017 08:26:23 -0400
Subject: Implement SAML endpoints for APIv4 (#5671)

* Implement SAML endpoints for APIv4

* Fix unit test

* Only disable encryption when removing puplic/private certs
---
 app/saml.go | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 132 insertions(+), 11 deletions(-)

(limited to 'app/saml.go')

diff --git a/app/saml.go b/app/saml.go
index cc39d4540..444214302 100644
--- a/app/saml.go
+++ b/app/saml.go
@@ -16,21 +16,19 @@ import (
 
 func GetSamlMetadata() (string, *model.AppError) {
 	samlInterface := einterfaces.GetSamlInterface()
-
 	if samlInterface == nil {
-		err := model.NewLocAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "")
-		err.StatusCode = http.StatusNotImplemented
+		err := model.NewAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented)
 		return "", err
 	}
 
 	if result, err := samlInterface.GetMetadata(); err != nil {
-		return "", model.NewLocAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message)
+		return "", model.NewAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message, http.StatusInternalServerError)
 	} else {
 		return result, nil
 	}
 }
 
-func AddSamlCertificate(fileData *multipart.FileHeader) *model.AppError {
+func WriteSamlFile(fileData *multipart.FileHeader) *model.AppError {
 	file, err := fileData.Open()
 	defer file.Close()
 	if err != nil {
@@ -47,7 +45,67 @@ func AddSamlCertificate(fileData *multipart.FileHeader) *model.AppError {
 	return nil
 }
 
-func RemoveSamlCertificate(filename string) *model.AppError {
+func AddSamlPublicCertificate(fileData *multipart.FileHeader) *model.AppError {
+	if err := WriteSamlFile(fileData); err != nil {
+		return err
+	}
+
+	cfg := &model.Config{}
+	*cfg = *utils.Cfg
+
+	*cfg.SamlSettings.PublicCertificateFile = fileData.Filename
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	return nil
+}
+
+func AddSamlPrivateCertificate(fileData *multipart.FileHeader) *model.AppError {
+	if err := WriteSamlFile(fileData); err != nil {
+		return err
+	}
+
+	cfg := &model.Config{}
+	*cfg = *utils.Cfg
+
+	*cfg.SamlSettings.PrivateKeyFile = fileData.Filename
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	return nil
+}
+
+func AddSamlIdpCertificate(fileData *multipart.FileHeader) *model.AppError {
+	if err := WriteSamlFile(fileData); err != nil {
+		return err
+	}
+
+	cfg := &model.Config{}
+	*cfg = *utils.Cfg
+
+	*cfg.SamlSettings.IdpCertificateFile = fileData.Filename
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	return nil
+}
+
+func RemoveSamlFile(filename string) *model.AppError {
 	if err := os.Remove(utils.FindConfigFile(filename)); err != nil {
 		return model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error",
 			map[string]interface{}{"Filename": filename}, err.Error())
@@ -56,12 +114,75 @@ func RemoveSamlCertificate(filename string) *model.AppError {
 	return nil
 }
 
-func GetSamlCertificateStatus() map[string]interface{} {
-	status := make(map[string]interface{})
+func RemoveSamlPublicCertificate() *model.AppError {
+	if err := RemoveSamlFile(*utils.Cfg.SamlSettings.PublicCertificateFile); err != nil {
+		return err
+	}
+
+	cfg := &model.Config{}
+	*cfg = *utils.Cfg
+
+	*cfg.SamlSettings.PublicCertificateFile = ""
+	*cfg.SamlSettings.Encrypt = false
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	return nil
+}
+
+func RemoveSamlPrivateCertificate() *model.AppError {
+	if err := RemoveSamlFile(*utils.Cfg.SamlSettings.PrivateKeyFile); err != nil {
+		return err
+	}
+
+	cfg := &model.Config{}
+	*cfg = *utils.Cfg
+
+	*cfg.SamlSettings.PrivateKeyFile = ""
+	*cfg.SamlSettings.Encrypt = false
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	return nil
+}
+
+func RemoveSamlIdpCertificate() *model.AppError {
+	if err := RemoveSamlFile(*utils.Cfg.SamlSettings.IdpCertificateFile); err != nil {
+		return err
+	}
+
+	cfg := &model.Config{}
+	*cfg = *utils.Cfg
+
+	*cfg.SamlSettings.IdpCertificateFile = ""
+	*cfg.SamlSettings.Enable = false
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	return nil
+}
+
+func GetSamlCertificateStatus() *model.SamlCertificateStatus {
+	status := &model.SamlCertificateStatus{}
 
-	status["IdpCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.IdpCertificateFile)
-	status["PrivateKeyFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PrivateKeyFile)
-	status["PublicCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PublicCertificateFile)
+	status.IdpCertificateFile = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.IdpCertificateFile)
+	status.PrivateKeyFile = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PrivateKeyFile)
+	status.PublicCertificateFile = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PublicCertificateFile)
 
 	return status
 }
-- 
cgit v1.2.3-1-g7c22