Commit 34fb1782 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

Merge branch 'saml'

parents ecc43eb8 64a7998b
......@@ -39,6 +39,8 @@ gem 'rotp'
gem 'rucaptcha'
gem 'jsobfu'
gem 'ruby-saml', '~> 1.9.0'
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
......
......@@ -157,6 +157,8 @@ GEM
rotp (3.3.1)
rqrcode (0.10.1)
chunky_png (~> 1.0)
ruby-saml (1.9.0)
nokogiri (>= 1.5.10)
ruby_dep (1.5.0)
rubyzip (1.2.1)
rucaptcha (2.3.0)
......@@ -227,6 +229,7 @@ DEPENDENCIES
rest-client
rotp
rqrcode
ruby-saml (~> 1.9.0)
rucaptcha
sass-rails (~> 5.0)
selenium-webdriver
......
class AclController < AdminController
include ApiBackend
def show
begin
@acl = api.acl_show
rescue ApiBackend::ApiError => e
flash[:notice] = e.api_msg
end
end
end
class AppPasswordsController < ApplicationController
include ApiBackend
def show
begin
res = ApiBackend::app_passwords(current_user)
res = api.app_passwords
puts res
@passwords = res['res']
if session[:app_pw]
......@@ -23,15 +25,15 @@ class AppPasswordsController < ApplicationController
def edit
if params[:app_name]
begin
res = ApiBackend::app_password_create(
current_user, params[:password], params[:app_name])
res = api.app_password_create(
params[:password], params[:app_name])
session[:app_pw] = res['app_pw']
rescue ApiBackend::ApiError => e
flash[:notice] = e.api_msg || :failed
end
elsif params[:delete]
begin
ApiBackend::app_password_delete(current_user, params[:delete])
api.app_password_delete(params[:delete])
rescue ApiBackend::ApiError
flash[:notice] = :failed
end
......
......@@ -65,7 +65,7 @@ class ApplicationController < ActionController::Base
helper_method :recovery_email_set?
def resource_enabled?(resource)
session[:possible_resources][resource].present?
(session[:possible_resources]||{})[resource].present?
end
helper_method :resource_enabled?
......@@ -75,7 +75,7 @@ class ApplicationController < ActionController::Base
helper_method :any_resources_enabled?
def admin?
@is_admin ||= Admin::Enabled && Admin::Admins.include?(current_user)
@is_admin ||= Admin::Enabled && session[:is_admin]
end
helper_method :admin?
......@@ -124,8 +124,15 @@ class ApplicationController < ActionController::Base
def reset_user_session
session[:user_id] = nil
session[:is_admin] = false
session[:mail_crypt_recovery_token] = nil
reset_session
session[:locale] = I18n.locale
session[:api_token] = nil
update_session_expiry
end
def api_token
session[:api_token]
end
end
......@@ -9,11 +9,33 @@ module ApiBackend
end
end
def self.sanitize(parts)
class TheBackendImplementation
def sanitize(parts)
parts.map{|v| URI.encode(v)}.join("/")
end
def self.post(what, data)
def initialize(controller)
@controller = controller
end
def session
@controller.session
end
def merge_token(data)
unless session[:user_id]
return data
end
auth = {"token" => session[:api_token]}
if Admin::Enabled
auth["admin_email"] = session[:user_id]
else
auth["email"] = session[:user_id]
end
auth.merge(data)
end
def post(what, data = {})
data = merge_token(data)
res = RestClient::Resource.new("#{IAPI::Endpoint}/#{sanitize(what)}",
:ssl_client_cert => IAPI::Cert,
:ssl_client_key => IAPI::Key,
......@@ -34,7 +56,9 @@ module ApiBackend
end
end
def self.get(what, data)
def get(what, data = {})
data = merge_token(data)
puts data
res = RestClient::Resource.new("#{IAPI::Endpoint}/#{sanitize(what)}",
:ssl_client_cert => IAPI::Cert,
:ssl_client_key => IAPI::Key,
......@@ -55,138 +79,109 @@ module ApiBackend
end
end
def self.auth(user, pw, handoff, options = {})
if EmailValidation::immerda_email_conform(user)
return post(['auth', if handoff then 'handoff' else 'master' end],
{"email"=>user, "password" => pw}.merge(options))
end
false
def account_properties
get(['users', 'properties'])
end
def self.pre_auth(email)
get(['auth', 'pre_auth'], {'email' => email})
def app_passwords
get(['users', 'app_passwords'])
end
def self.app_passwords(email)
get(['users', 'app_passwords'], {'email' => email})
def app_password_delete(pw_name)
post(['users', 'app_password_delete'], {'pw_name' => pw_name})
end
def self.app_password_delete(email, pw_name)
post(['users', 'app_password_delete'], {'email' => email,
def app_password_create(pw, pw_name)
post(['users', 'app_password_create'], {'password' => pw,
'pw_name' => pw_name})
end
def self.app_password_create(email, pw, pw_name)
post(['users', 'app_password_create'], {'email' => email,
'password' => pw,
'pw_name' => pw_name})
end
def self.user_info(email, include_deleted=false)
get(['users_admin', 'info'], {'email' => email, 'include_deleted' => include_deleted })
end
def self.user_update(email, action, value)
post(['users_admin', 'update'], {'email' => email, 'action' => action, 'value' => value})
end
def self.check_invite(token)
def check_invite(token)
get(['invites', 'validate'], {'token' => token})
end
def self.valid_new_email?(email)
def valid_new_email?(email)
get(['users', 'check_valid_new_email'], {'email' => email})
end
def self.list(filter = nil, domain = nil, mailbox = nil, deleted = nil)
get(['users_admin', 'list'], {'filter' => filter,
'domain' => domain,
'mailbox' => mailbox,
'deleted' => deleted,})
end
def self.list_public_domains
@public_domains ||= get(['domains', 'list_public'], {})['domains']
end
def self.list_domains
def list_domains
get(['domains', 'list'], {})['domains']
end
def self.get_domain(domain)
def get_domain(domain)
get(['domains', 'get'], {'domain' => domain})
end
def self.update_domain(domain, values)
def update_domain(domain, values)
post(['domains', 'update'], {'domain' => domain, 'values' => values})
end
def self.create_domain(domain, values)
def create_domain(domain, values)
post(['domains', 'create'], {'domain' => domain, 'values' => values})
end
def self.delete_domain(domain)
def delete_domain(domain)
post(['domains', 'delete'], {'domain' => domain})
end
def self.storagehosts
def storagehosts
get(['mail', 'storagehosts'], {})
end
def self.jabber_get_jid(email, jid, host = nil, include_deleted = false)
def jabber_get_jid(jid, host = nil, include_deleted = false)
get(['jabber', 'info'], {
'email' => email,
'jid' => jid,
'host' => host,
'include_deleted' => include_deleted,
})
end
def self.jabber_delete_jid(email, jid, password)
def jabber_delete_jid(jid, password)
post(['jabber', 'delete'], {
'email' => email,
'jid' => jid,
'account_password' => password,
})
end
def self.jabber_create(email, jid_alias = nil, domain = nil)
def jabber_create(jid_alias = nil, domain = nil)
post(['jabber', 'create'], {
'email' => email,
'jid_alias' => jid_alias,
'domain' => domain,
})
end
def self.jabber_reset_password(email, jid)
def jabber_reset_password(jid)
post(['jabber', 'reset_password'], {
'email' => email,
'jid' => jid,
})
end
def self.jabber_purge_jid(jid)
def jabber_purge_jid(jid)
post(['jabber', 'purge'], {
'jid' => jid,
})
end
def self.jabber_get_jids(filter = {})
get(['jabber', 'list'], filter)
def jabber_get_jids_admin(filter)
get(['jabber', 'list_admin'], filter)
end
def self.jabber_domains_public
get(['jabber_domains', 'list_public'], {})['domains']
def jabber_get_jids
get(['jabber', 'list'])
end
def self.jabber_domains
get(['jabber_domains', 'list'], {})['domains']
def jabber_domains_public
get(['jabber_domains', 'list_public'])['domains']
end
def self.jabber_get_domain(domain)
def jabber_domains
get(['jabber_domains', 'list'])['domains']
end
def jabber_get_domain(domain)
get(['jabber_domains', 'get'],{
'domain' => domain,
})
end
def self.jabber_create_domain(domain, host, ispublic = false)
def jabber_create_domain(domain, host, ispublic = false)
post(['jabber_domains', 'create'],{
'domain' => domain,
'host' => host,
......@@ -194,11 +189,13 @@ module ApiBackend
})
end
def self.jabber_get_jabberhosts
get(['jabber_domains', 'jabberhosts'], {})['hosts']
def jabber_delete_domain(domain)
post(['jabber_domains', 'delete'],{
'domain' => domain,
})
end
def self.jabber_update_domain(domain, host, ispublic = false)
def jabber_update_domain(domain, host, ispublic = false)
post(['jabber_domains', 'update'],{
'domain' => domain,
'host' => host,
......@@ -206,49 +203,44 @@ module ApiBackend
})
end
def self.jabber_delete_domain(domain)
post(['jabber_domains', 'delete'],{
'domain' => domain,
})
def jabber_get_jabberhosts
get(['jabber_domains', 'jabberhosts'], {})['hosts']
end
def self.change_password(user, old, pw)
post(['users', 'change_password'], {"email"=>user, "current_password" => old, "new_password" => pw})
def change_password(old, pw)
post(['users', 'change_password'], {"current_password" => old, "new_password" => pw})
end
def self.delete_account(user, pw)
post(['users', 'delete_account'], {"email"=> user, "password" => pw})
def delete_account(pw)
post(['users', 'delete_account'], {"password" => pw})
end
def self.mail_crypt_enable(user, pw)
post(['users', 'enable_mail_crypt'], {"email"=> user, "password" => pw})
def mail_crypt_enable(pw)
post(['users', 'enable_mail_crypt'], {"password" => pw})
end
def self.enable_totp(user, name)
post(['users', 'enable_totp'], {"email"=> user, 'name' => name})
def enable_totp(name)
post(['users', 'enable_totp'], {'name' => name})
end
def self.get_totp_names(user)
get(['users', 'totp_names'], {"email" => user })
def get_totp_names
get(['users', 'totp_names'])
end
def self.delete_totp(user, name)
post(['users', 'delete_totp'], {"email" => user, 'name' => name })
def delete_totp(name)
post(['users', 'delete_totp'], {'name' => name })
end
def self.mail_crypt_token(user, pw)
post(['users', 'generate_recovery_token'], {"email"=> user, "password" => pw})
def mail_crypt_token(pw)
post(['users', 'generate_recovery_token'], {"password" => pw})
end
def self.set_recovery_email(email, recovery, email_token, pass = nil)
post(['users', 'set_recovery_email'], {"email"=> email, "recovery_email" => recovery, 'email_recovery_token' => email_token, 'password' => pass})
def set_recovery_email(recovery, email_token, pass = nil)
post(['users', 'set_recovery_email'], {"recovery_email" => recovery, 'email_recovery_token' => email_token, 'password' => pass})
end
def self.generate_invites(num, expire, allow_admin_account, domains=nil)
post(['invites', 'generate'], {"number" => num, "expire" => expire, "domains" => domains, 'allow_admin_account' => allow_admin_account})
end
def self.create_new_mailbox(email, pw, mail_crypt_enabled, invite, recovery_email, recovery_token)
def create_new_mailbox(email, pw, mail_crypt_enabled, invite, recovery_email, recovery_token)
post(['users', 'create_new_mailbox'], {"email" => email,
"password" => pw,
"mail_crypt_enabled" => mail_crypt_enabled,
......@@ -260,8 +252,36 @@ module ApiBackend
})
end
def self.create_new_mailbox_admin(email, pw, forward, mail_crypt_enabled, recovery_email, keep_recovery_token, storagehost)
post(['users_admin', 'create_new_mailbox'], {"email" => email,
def generate_invites(num, expire, allow_admin_account, domains=nil)
post(['invites', 'generate'], {"number" => num, "expire" => expire, "domains" => domains, 'allow_admin_account' => allow_admin_account})
end
def user_info(email, include_deleted=false)
get(['users_admin', 'info'], {
'email' => email,
'include_deleted' => include_deleted})
end
def user_update(email, action, value)
post(['users_admin', 'update'], {
'email' => email,
'action' => action,
'value' => value})
end
def list(filter = nil, domain = nil, mailbox = nil, deleted = nil)
get(['users_admin', 'list'], {
'filter' => filter,
'domain' => domain,
'mailbox' => mailbox,
'deleted' => deleted,})
end
def create_new_mailbox_admin(email, pw, forward, mail_crypt_enabled, recovery_email, keep_recovery_token, storagehost)
post(['users_admin', 'create_new_mailbox'], {
"email" => email,
"password" => pw,
"forward" => forward,
"storagehost" => storagehost,
......@@ -271,8 +291,18 @@ module ApiBackend
})
end
def self.create_new_forward_admin(email, forwards)
post(['users_admin', 'create_new_forward'], {"email" => email,
def create_new_forward_admin(email, forwards)
post(['users_admin', 'create_new_forward'], {
"email" => email,
"forwards" => forwards})
end
def acl_show()
get ['acl', 'show']
end
end
def api
@the_api ||= TheBackendImplementation.new(self)
end
end
class DeleteAccountController < ApplicationController
include ApiBackend
def delete
if (p = params[:pass]).present?
begin
ApiBackend::delete_account(current_user, p)
api.delete_account(p)
flash[:notice] = :delete_success
reset_user_session
redirect_to '/' and return
......
class DomainsController < AdminController
include ApiBackend
before_action :fetch_domain, :only => ['delete','edit','update']
def index
@domains = ApiBackend::list_domains
@domains = api.list_domains
end
def new
......@@ -15,7 +17,7 @@ class DomainsController < AdminController
'iscatchall' => (params[:iscatchall] == 'yes'),
'ispublic' => (params[:ispublic] == 'yes'),
}
ApiBackend::update_domain(@domain['domain'], values)
api.update_domain(@domain['domain'], values)
redirect_to '/domains' and return
rescue ApiBackend::ApiError
flash[:notice] = :fail
......@@ -24,7 +26,7 @@ class DomainsController < AdminController
end
def delete
ApiBackend::delete_domain(@domain['domain'])
api.delete_domain(@domain['domain'])
redirect_to domains_path and return
rescue ApiBackend::ApiError
flash[:notice] = :fail
......@@ -37,7 +39,7 @@ class DomainsController < AdminController
'iscatchall' => (params[:iscatchall] == 'yes'),
'ispublic' => (params[:ispublic] == 'yes'),
}
ApiBackend::create_domain(params[:domain], values)
api.create_domain(params[:domain], values)
redirect_to domains_path and return
rescue ApiBackend::ApiError
flash[:notice] = :fail
......@@ -47,7 +49,7 @@ class DomainsController < AdminController
private
def fetch_domain
@domain = ApiBackend::get_domain(params[:domain])['domain']
@domain = api.get_domain(params[:domain])['domain']
rescue ApiBackend::ApiError
flash[:notice] = :fail
redirect_to domains_path
......
class InvitesController < AdminController
include ApiBackend
def show
e = params['expire']
e = "#{e["by(1i)"]}-#{e["by(2i)"]}-#{e["by(3i)"]}"
......@@ -6,9 +8,9 @@ class InvitesController < AdminController
begin
allow_admin_account = !!params['allow_admin_account']
if params['domains'] != ''
res = ApiBackend::generate_invites(params['num_tokens'], expire, allow_admin_account, params['domains'])
res = api.generate_invites(params['num_tokens'], expire, allow_admin_account, params['domains'])
else
res = ApiBackend::generate_invites(params['num_tokens'], expire, allow_admin_account)
res = api.generate_invites(params['num_tokens'], expire, allow_admin_account)
end
@tokens = res['tokens']
rescue ApiBackend::ApiError => e
......
class JabberController < ApplicationController
include ApiBackend
before_action :ensure_jabber_enabled?
before_action :fetch_public_domains, :only => ['index']
def index
api_res = ApiBackend.jabber_get_jids(email: current_user)
api_res = api.jabber_get_jids
@jids = api_res['jids']
@possible_jids = api_res['possible_jids']
rescue ApiBackend::ApiError
......@@ -11,14 +13,14 @@ class JabberController < ApplicationController
end
def show
@jid = ApiBackend.jabber_get_jid(current_user, params[:jid])
@jid = api.jabber_get_jid(params[:jid])
rescue ApiBackend::ApiError
flash[:notice] = :failed
redirect_to jabber_path
end
def reset_password
@jid = ApiBackend.jabber_reset_password(current_user, params[:jid])
@jid = api.jabber_reset_password(params[:jid])
render :show
rescue ApiBackend::ApiError
flash[:notice] = :failed
......@@ -26,7 +28,7 @@ class JabberController < ApplicationController
end
def delete
ApiBackend.jabber_delete_jid(current_user, params[:jid], params[:password])
api.jabber_delete_jid(params[:jid], params[:password])
redirect_to jabber_path and return
rescue ApiBackend::ApiError => e
if ['failed','auth_fail'].include?(e.api_msg)
......@@ -38,7 +40,7 @@ class JabberController < ApplicationController
end
def create
@jid = ApiBackend.jabber_create(current_user, params[:jid_alias], params[:domain])
@jid = api.jabber_create(params[:jid_alias], params[:domain])
render :show
rescue ApiBackend::ApiError => e
flash[:notice] = e.api_msg
......@@ -47,7 +49,7 @@ class JabberController < ApplicationController
private
def fetch_public_domains
@public_jabber_domains = ApiBackend.jabber_domains_public
@public_jabber_domains = api.jabber_domains_public
rescue ApiBackend::ApiError
flash[:notice] = :failed
redirect_to root_path
......