Commit 01d777cd authored by o@immerda.ch's avatar o@immerda.ch
Browse files

send decrypted sso token to the backend, for requests that require it

parent 24fdd6fa
......@@ -31,7 +31,7 @@ class AppPasswordsController < ApplicationController
end
elsif params[:delete]
begin
ApiBackend::app_password_delete(current_user, params[:delete])
ApiBackend::app_password_delete(current_user, params[:delete], sso_token)
rescue ApiBackend::ApiError
flash[:notice] = :failed
end
......
......@@ -127,5 +127,11 @@ class ApplicationController < ActionController::Base
session[:mail_crypt_recovery_token] = nil
reset_session
session[:locale] = I18n.locale
session[:sso_token] = nil
end
def sso_token
session[:sso_token]
end
helper_method :sso_token
end
......@@ -71,8 +71,9 @@ module ApiBackend
get(['users', 'app_passwords'], {'email' => email})
end
def self.app_password_delete(email, pw_name)
def self.app_password_delete(email, pw_name, sso)
post(['users', 'app_password_delete'], {'email' => email,
'sso' => sso,
'pw_name' => pw_name})
end
......@@ -82,12 +83,21 @@ module ApiBackend
'pw_name' => pw_name})
end
def self.user_info(email, include_deleted=false)
get(['users_admin', 'info'], {'email' => email, 'include_deleted' => include_deleted })
def self.user_info(admin_email, sso, email, include_deleted=false)
get(['users_admin', 'info'], {
'admin_email' => admin_email,
'sso' => sso,
'email' => email,
'include_deleted' => include_deleted})
end
def self.user_update(email, action, value)
post(['users_admin', 'update'], {'email' => email, 'action' => action, 'value' => value})
def self.user_update(admin_email, sso, email, action, value)
post(['users_admin', 'update'], {
'admin_email' => admin_email,
'sso' => sso,
'email' => email,
'action' => action,
'value' => value})
end
def self.check_invite(token)
......@@ -98,11 +108,14 @@ module ApiBackend
get(['users', 'check_valid_new_email'], {'email' => email})
end
def self.list(filter = nil, domain = nil, mailbox = nil, deleted = nil)
get(['users_admin', 'list'], {'filter' => filter,
'domain' => domain,
'mailbox' => mailbox,
'deleted' => deleted,})
def self.list(admin_email, sso, filter = nil, domain = nil, mailbox = nil, deleted = nil)
get(['users_admin', 'list'], {
'admin_email' => admin_email,
'sso' => sso,
'filter' => filter,
'domain' => domain,
'mailbox' => mailbox,
'deleted' => deleted,})
end
def self.list_public_domains
......@@ -260,19 +273,25 @@ module ApiBackend
})
end
def self.create_new_mailbox_admin(email, pw, forward, mail_crypt_enabled, recovery_email, keep_recovery_token, storagehost)
post(['users_admin', 'create_new_mailbox'], {"email" => email,
"password" => pw,
"forward" => forward,
"storagehost" => storagehost,
"mail_crypt_enabled" => mail_crypt_enabled,
"recovery_email" => recovery_email,
"keep_recovery_token" => keep_recovery_token,
})
def self.create_new_mailbox_admin(admin_email, sso, email, pw, forward, mail_crypt_enabled, recovery_email, keep_recovery_token, storagehost)
post(['users_admin', 'create_new_mailbox'], {
'admin_email' => admin_email,
'sso' => sso,
"email" => email,
"password" => pw,
"forward" => forward,
"storagehost" => storagehost,
"mail_crypt_enabled" => mail_crypt_enabled,
"recovery_email" => recovery_email,
"keep_recovery_token" => keep_recovery_token,
})
end
def self.create_new_forward_admin(email, forwards)
post(['users_admin', 'create_new_forward'], {"email" => email,
"forwards" => forwards})
post(['users_admin', 'create_new_forward'], {
'admin_email' => admin_email,
'sso' => sso,
"email" => email,
"forwards" => forwards})
end
end
......@@ -15,6 +15,7 @@ class SamlController < ApplicationController
if response.is_valid?
# authorize_success, log the user
session[:user_id] = response.name_id
session[:sso_token] = Base64.encode64(response.decrypted_document.to_s)
update_session_expiry
session[:saml_attributes] = response.attributes
else
......
......@@ -5,7 +5,7 @@ class UsersController < AdminController
@only_mailbox = (params['only_mailbox'] == 'true') || nil
@deleted = (params['deleted'] == 'true') || nil
begin
res = ApiBackend::list(@filter, @domain, @only_mailbox, @deleted)
res = ApiBackend::list(current_user, sso_token, @filter, @domain, @only_mailbox, @deleted)
@users = res['users']
rescue ApiBackend::ApiError
flash[:notice] = :fail
......@@ -15,9 +15,11 @@ class UsersController < AdminController
def create
full_email = "#{params[:alias]}@#{params[:domain]}"
if params[:forward].present? && !params[:password].present?
ApiBackend::create_new_forward_admin(full_email, params[:forward])
ApiBackend::create_new_forward_admin(current_user, sso_token, full_email, params[:forward])
else
ApiBackend::create_new_mailbox_admin(
current_user,
sso_token,
full_email,
params[:password],
params[:forward],
......@@ -82,13 +84,13 @@ class UsersController < AdminController
end)
if action
begin
ApiBackend::user_update(params[:email], action, value)
ApiBackend::user_update(current_user, sso_token, params[:email], action, value)
flash[:notice] = :success
if [:delete,:purge].include?(action)
redirect_to users_path and return
end
if [:legacy_password, :mail_crypt_secret_box, :mail_crypt_force_password, ].include?(action) && (params[:admin_lock] == 'yes')
ApiBackend::user_update(params[:email], :lock, true)
ApiBackend::user_update(current_user, sso_token, params[:email], :lock, true)
end
rescue ApiBackend::ApiError
flash[:notice] = :failed
......@@ -110,7 +112,7 @@ class UsersController < AdminController
@email = params[:email]
@the_user = nil
res = ApiBackend::user_info(@email, true)
res = ApiBackend::user_info(current_user, sso_token, @email, true)
@the_user = res['user']
rescue ApiBackend::ApiError
flash[:notice] = :fail
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment