7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] IAM - add delete option & fix test connection

This commit is contained in:
FreddleSpl0it 2023-03-31 14:55:05 +02:00
parent cb6c2cd662
commit 960f232a7d
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
3 changed files with 52 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
data/web/inc/functions.inc.php
View File

@ -1998,14 +1998,20 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
return true; return true;
break; break;
case 'test': case 'test':
$identity_provider_settings = identity_provider('get'); if ($_SESSION['mailcow_cc_role'] != "admin") {
$url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token"; $_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
return false;
}
$url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
$req = http_build_query(array( $req = http_build_query(array(
'grant_type' => 'password', 'grant_type' => 'client_credentials',
'client_id' => $identity_provider_settings['client_id'], 'client_id' => $_data['client_id'],
'client_secret' => $identity_provider_settings['client_secret'], 'client_secret' => $_data['client_secret']
'username' => "test",
'password' => "test",
)); ));
$curl = curl_init(); $curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_URL, $url);
@ -2013,13 +2019,29 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
curl_setopt($curl, CURLOPT_POSTFIELDS, $req); curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded')); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$res = json_decode(curl_exec($curl), true); $res = curl_exec($curl);
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close ($curl); curl_close ($curl);
if ($res["error"] && $res["error"] === 'invalid_grant'){ if ($code != 200) {
return true; return false;
} }
return false; return true;
break;
case "delete":
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data),
'msg' => 'access_denied'
);
return false;
}
$stmt = $pdo->prepare("DELETE FROM identity_provider;");
$stmt->execute();
return true;
break; break;
} }
} }

12
data/web/js/site/admin.js
View File

@ -752,14 +752,22 @@ jQuery(function($){
// IAM test connection // IAM test connection
$('#iam_test_connection').click(async function(e){ $('#iam_test_connection').click(async function(e){
e.preventDefault(); e.preventDefault();
var res = await fetch("/api/v1/get/status/identity-provider", { method:'GET', cache:'no-cache' }); var data = { attr: $('form[data-id="iam_sso"]').serializeObject() };
var res = await fetch("/api/v1/edit/identity-provider-test", {
headers: {
"Content-Type": "application/json",
},
method:'POST',
cache:'no-cache',
body: JSON.stringify(data)
});
res = await res.json(); res = await res.json();
console.log(res);
if (res.type === 'success'){ if (res.type === 'success'){
return mailcow_alert_box(lang_success.iam_test_connection, 'success'); return mailcow_alert_box(lang_success.iam_test_connection, 'success');
} }
return mailcow_alert_box(lang_danger.iam_test_connection, 'danger'); return mailcow_alert_box(lang_danger.iam_test_connection, 'danger');
}); });
$('#iam_rolemap_add').click(async function(e){ $('#iam_rolemap_add').click(async function(e){
e.preventDefault(); e.preventDefault();

21
data/web/json_api.php
View File

@ -1608,19 +1608,6 @@ if (isset($_GET['query'])) {
'version' => $GLOBALS['MAILCOW_GIT_VERSION'] 'version' => $GLOBALS['MAILCOW_GIT_VERSION']
)); ));
break; break;
case "identity-provider":
if (identity_provider('test')){
echo json_encode(array(
'type' => 'success',
'msg' => 'connection successfull'
));
} else {
echo json_encode(array(
'type' => 'error',
'msg' => 'connection failed'
));
}
break;
} }
} }
break; break;
@ -1778,6 +1765,9 @@ if (isset($_GET['query'])) {
case "rlhash": case "rlhash":
echo ratelimit('delete', null, implode($items)); echo ratelimit('delete', null, implode($items));
break; break;
case "identity-provider":
process_delete_return(identity_provider('delete'));
break;
// return no route found if no case is matched // return no route found if no case is matched
default: default:
http_response_code(404); http_response_code(404);
@ -1980,9 +1970,12 @@ if (isset($_GET['query'])) {
process_edit_return(edit_user_account($attr)); process_edit_return(edit_user_account($attr));
} }
break; break;
case "identity_provider": case "identity-provider":
process_edit_return(identity_provider('edit', $attr)); process_edit_return(identity_provider('edit', $attr));
break; break;
case "identity-provider-test":
process_edit_return(identity_provider('test', $attr));
break;
// return no route found if no case is matched // return no route found if no case is matched
default: default:
http_response_code(404); http_response_code(404);