[Web] IAM - add delete option & fix test connection

2025-01-08 04:05:03 +02:00 · 2023-03-31 14:55:05 +02:00 · 2023-03-31 14:55:05 +02:00 · 3c62a7fd9f
commit 3c62a7fd9f
parent 61ab17d8a1
3 changed files with 52 additions and 28 deletions
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -2166,15 +2166,21 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
      );
      return true;
    break;
-    case 'test':  
-      $identity_provider_settings = identity_provider('get');
-      $url = "{$identity_provider_settings['server_url']}/realms/{$identity_provider_settings['realm']}/protocol/openid-connect/token";
+    case 'test':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $url = "{$_data['server_url']}/realms/{$_data['realm']}/protocol/openid-connect/token";
      $req = http_build_query(array(
-        'grant_type'    => 'password',
-        'client_id'     => $identity_provider_settings['client_id'],
-        'client_secret' => $identity_provider_settings['client_secret'],
-        'username'      => "test",
-        'password'      => "test",
+        'grant_type'    => 'client_credentials',
+        'client_id'     => $_data['client_id'],
+        'client_secret' => $_data['client_secret']
      ));
      $curl = curl_init();
      curl_setopt($curl, CURLOPT_URL, $url);
@ -2182,13 +2188,29 @@ function identity_provider($_action, $_data = null, $hide_secret = false) {
      curl_setopt($curl, CURLOPT_POSTFIELDS, $req);
      curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-      $res = json_decode(curl_exec($curl), true);
+      $res = curl_exec($curl);
+      $code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
      curl_close ($curl);
-
-      if ($res["error"] && $res["error"] === 'invalid_grant'){
-        return true;
+      
+      if ($code != 200) {
+        return false;
      }
-      return false;
+      return true;
+    break;
+    case "delete":
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      
+      $stmt = $pdo->prepare("DELETE FROM identity_provider;");
+      $stmt->execute();
+
+      return true;
    break;
  }
 }
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@ -752,14 +752,22 @@ jQuery(function($){
  // IAM test connection
  $('#iam_test_connection').click(async function(e){
    e.preventDefault();
-    var res = await fetch("/api/v1/get/status/identity-provider", { method:'GET', cache:'no-cache' });
+    var data = { attr: $('form[data-id="iam_sso"]').serializeObject() };
+    var res = await fetch("/api/v1/edit/identity-provider-test", { 
+      headers: {
+        "Content-Type": "application/json",
+      },
+      method:'POST', 
+      cache:'no-cache', 
+      body: JSON.stringify(data) 
+    });
    res = await res.json();
-    console.log(res);
    if (res.type === 'success'){
      return mailcow_alert_box(lang_success.iam_test_connection, 'success');
    }
    return mailcow_alert_box(lang_danger.iam_test_connection, 'danger');
  });
+
  $('#iam_rolemap_add').click(async function(e){
    e.preventDefault();

--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@ -1702,19 +1702,6 @@ if (isset($_GET['query'])) {
                    'version' => $GLOBALS['MAILCOW_GIT_VERSION']
                  ));
                break;
-                case "identity-provider":
-                  if (identity_provider('test')){
-                    echo json_encode(array(
-                      'type' => 'success',
-                      'msg' => 'connection successfull'
-                    ));
-                  } else {
-                    echo json_encode(array(
-                      'type' => 'error',
-                      'msg' => 'connection failed'
-                    ));
-                  }
-                break;
              }
            }
          break;
@ -1879,6 +1866,9 @@ if (isset($_GET['query'])) {
        case "rlhash":
          echo ratelimit('delete', null, implode($items));
        break;
+        case "identity-provider":
+          process_delete_return(identity_provider('delete'));
+        break;
        // return no route found if no case is matched
        default:
          http_response_code(404);
@ -2098,8 +2088,12 @@ if (isset($_GET['query'])) {
        case "cors":
          process_edit_return(cors('edit', $attr));
        case "identity_provider":
+        case "identity-provider":
          process_edit_return(identity_provider('edit', $attr));
        break;
+        case "identity-provider-test":
+          process_edit_return(identity_provider('test', $attr));
+        break;
        // return no route found if no case is matched
        default:
          http_response_code(404);