working on SSO SAMLissue-5663

author: Till Glöggler <till@gundk.it> 2025-06-25 23:40:10 +0200
committer: Till Glöggler <till@gundk.it> 2025-06-25 23:40:10 +0200
commit: 3e7179651cfee753606ad906c07c1e5214c66fd9 (patch)
tree: 0af39b5af7305a7a764a3b133a29134dc0c5533f /lib/classes/JsonApi
parent: 4f60c4922ed96d60c0fa3b77a590e355b21841ca (diff)
4 files changed, 112 insertions, 0 deletions
diff --git a/lib/classes/JsonApi/RouteMap.php b/lib/classes/JsonApi/RouteMap.php
index 86c6d92..530ae96 100644
--- a/lib/classes/JsonApi/RouteMap.php
+++ b/lib/classes/JsonApi/RouteMap.php
@@ -141,6 +141,7 @@ class RouteMap
         $this->addAuthenticatedStudyAreasRoutes($group);
         $this->addAuthenticatedUserFilterRoutes($group);
         $this->addAuthenticatedWikiRoutes($group);
+        $this->addAuthenticatedSAMLRoutes($group);
     }
 
     /**
@@ -743,6 +744,12 @@ class RouteMap
 
     }
 
+    private function addAuthenticatedSAMLRoutes(RouteCollectorProxy $group): void
+    {
+        $group->get('/saml/configuration', Routes\SAML\ConfigurationShow::class);
+        $group->patch('/saml/configuration', Routes\SAML\ConfigurationUpdate::class);
+    }
+
     private function addRelationship(RouteCollectorProxy $group, string $url, string $handler): void
     {
         $group->map(['GET', 'PATCH', 'POST', 'DELETE'], $url, $handler);
diff --git a/lib/classes/JsonApi/Routes/SAML/ConfigurationShow.php b/lib/classes/JsonApi/Routes/SAML/ConfigurationShow.php
new file mode 100644
index 0000000..e3b9ce3
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/SAML/ConfigurationShow.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace JsonApi\Routes\SAML;
+
+use JsonApi\Errors\AuthorizationFailedException;
+use JsonApi\Routes\Route;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Studip\SAML\SetupInformation;
+
+class ConfigurationShow extends Route
+{
+    public function __invoke(Request $request, Response $response, array $args): Response
+    {
+        if (!$GLOBALS['perm']->have_perm('root')) {
+            throw new AuthorizationFailedException();
+        }
+
+        $setupInformation = $this->container->get(SetupInformation::class);
+        $config = $setupInformation->getConfiguration();
+
+        return $this->jsonResponse($response, [
+            'data' => [
+                'type' => 'saml-configuration',
+                'id' => '1',
+                'attributes' => $config,
+            ],
+        ]);
+    }
+}
+\ No newline at end of file
diff --git a/lib/classes/JsonApi/Routes/SAML/ConfigurationUpdate.php b/lib/classes/JsonApi/Routes/SAML/ConfigurationUpdate.php
new file mode 100644
index 0000000..7845d2d
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/SAML/ConfigurationUpdate.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace JsonApi\Routes\SAML;
+
+use JsonApi\Errors\AuthorizationFailedException;
+use JsonApi\Routes\Route;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Studip\SAML\SetupInformation;
+
+class ConfigurationUpdate extends Route
+{
+    public function __invoke(Request $request, Response $response, array $args): Response
+    {
+        if (!$GLOBALS['perm']->have_perm('root')) {
+            throw new AuthorizationFailedException();
+        }
+
+        $data = $this->getJsonApiData($request);
+        $attributes = $data['attributes'] ?? [];
+
+        $setupInformation = $this->container->get(SetupInformation::class);
+        $setupInformation->updateConfiguration($attributes);
+
+        $updatedConfig = $setupInformation->getConfiguration();
+
+        return $this->jsonResponse($response, [
+            'data' => [
+                'type' => 'saml-configuration',
+                'id' => '1',
+                'attributes' => $updatedConfig,
+            ],
+        ]);
+    }
+}
+\ No newline at end of file
diff --git a/lib/classes/JsonApi/Routes/SAML/SetupInformation.php b/lib/classes/JsonApi/Routes/SAML/SetupInformation.php
new file mode 100644
index 0000000..6dc8f44
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/SAML/SetupInformation.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Studip\SAML;
+
+use Config;
+
+class SetupInformation
+{
+    private const CONFIG_KEY = 'SAML_CONFIG';
+
+    public function getConfiguration(): array
+    {
+        $config = Config::get();
+        $samlConfig = json_decode($config->{self::CONFIG_KEY} ?? '{}', true);
+
+        return [
+            'entityId' => $samlConfig['entityId'] ?? '',
+            'assertionConsumerService' => $samlConfig['assertionConsumerService'] ?? '',
+            'singleLogoutService' => $samlConfig['singleLogoutService'] ?? '',
+            'nameIdFormat' => $samlConfig['nameIdFormat'] ?? '',
+            'x509cert' => $samlConfig['x509cert'] ?? '',
+            'privateKey' => $samlConfig['privateKey'] ?? '',
+            'security' => [
+                'authnRequestsSigned' => $samlConfig['security']['authnRequestsSigned'] ?? false,
+                'wantMessagesSigned' => $samlConfig['security']['wantMessagesSigned'] ?? false,
+                'wantAssertionsSigned' => $samlConfig['security']['wantAssertionsSigned'] ?? false,
+            ],
+        ];
+    }
+
+    public function updateConfiguration(array $config): void
+    {
+        $existingConfig = $this->getConfiguration();
+        $updatedConfig = array_merge($existingConfig, $config);
+
+        $configInstance = Config::get();
+        $configInstance->{self::CONFIG_KEY} = json_encode($updatedConfig);
+        $configInstance->store(self::CONFIG_KEY, $configInstance->{self::CONFIG_KEY});
+    }
+}
+\ No newline at end of file
author	Till Glöggler <till@gundk.it>	2025-06-25 23:40:10 +0200
committer	Till Glöggler <till@gundk.it>	2025-06-25 23:40:10 +0200
commit	3e7179651cfee753606ad906c07c1e5214c66fd9 (patch)
tree	0af39b5af7305a7a764a3b133a29134dc0c5533f /lib/classes/JsonApi
parent	4f60c4922ed96d60c0fa3b77a590e355b21841ca (diff)