Improvement/attribute mapping

.github/workflows/linter.yml

@@ -8,8 +8,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
       - name: Lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.53.3
+          version: v1.58

Dockerfile

@@ -33,6 +33,7 @@ RUN apk upgrade
 
 COPY --from=build /app ./
 COPY conf/*.sql ./conf/
+COPY html/*.html ./html/
 
 COPY openapi.yaml ./
 COPY metadata.json ./

README.md

@@ -28,7 +28,7 @@ This initialization can be handled by the `reset.sql` script.
 
 - `LOG_LEVEL`(optional): defines the minimum level that should be [logged](https://github.com/eliona-smart-building-assistant/go-utils/blob/main/log/README.md). The default level is `info`.
 
-- `SSO_SERVER_PORT` (optional): defines the port for Single Sign On Services, here SAML 2.0. The default value is Port `8081`.
+- `SSO_SERVER_PORT` (optional): defines the port for Single Sign On Services, here SAML 2.0. The default value is Port `8081`. MUST provide unauthenticated and unauthorized access.
 
 ### Database tables ###
 

apiserver/README.md

@@ -13,7 +13,7 @@ To see how to make this your own, look here:
 [README](https://openapi-generator.tech)
 
 - API version: 1.0.0
-- Build date: 2024-02-02T12:01:58.629258516Z[Etc/UTC]
+- Build date: 2024-02-13T18:20:07.718913864Z[Etc/UTC]
 
 
 ### Running the server

apiserver/model_permissions.go

@@ -15,17 +15,23 @@ type Permissions struct {
 	// Configuration Id refer to config's id. Can only be 1
 	Id int32 `json:"id,omitempty"`
 
-	DefaultSystemRole string `json:"default_system_role,omitempty"`
+	DefaultSystemRole string `json:"defaultSystemRole,omitempty"`
 
-	DefaultProjRole string `json:"default_proj_role,omitempty"`
+	DefaultProjRole string `json:"defaultProjRole,omitempty"`
 
-	SystemRoleSamlAttribute *string `json:"system_role_saml_attribute,omitempty"`
+	DefaultLanguage string `json:"defaultLanguage,omitempty"`
 
-	SystemRoleMap *[]RoleMap `json:"system_role_map,omitempty"`
+	SystemRoleSamlAttribute *string `json:"systemRoleSamlAttribute,omitempty"`
 
-	ProjRoleSamlAttribute *string `json:"proj_role_saml_attribute,omitempty"`
+	SystemRoleMap *[]RoleMap `json:"systemRoleMap,omitempty"`
 
-	ProjRoleMap *[]RoleMap `json:"proj_role_map,omitempty"`
+	ProjRoleSamlAttribute *string `json:"projRoleSamlAttribute,omitempty"`
+
+	ProjRoleMap *[]RoleMap `json:"projRoleMap,omitempty"`
+
+	LanguageSamlAttribute *string `json:"languageSamlAttribute,omitempty"`
+
+	LanguageMap *[]RoleMap `json:"languageMap,omitempty"`
 }
 
 // AssertPermissionsRequired checks if the required fields are not zero-ed
@@ -44,6 +50,13 @@ func AssertPermissionsRequired(obj Permissions) error {
 			}
 		}
 	}
+	if obj.LanguageMap != nil {
+		for _, el := range *obj.LanguageMap {
+			if err := AssertRoleMapRequired(el); err != nil {
+				return err
+			}
+		}
+	}
 	return nil
 }
 

app.go

@@ -36,8 +36,6 @@ const (
 	LOG_REGIO       = "app"
 	API_SERVER_PORT = 3000
 	SSO_SERVER_PORT = 8081 // Publicly accessible without auth. See wiki.
-
-	SAML_SPECIFIC_ENDPOINT_PATH = "/saml/"
 )
 
 func initialize() {
@@ -86,7 +84,7 @@ func run() {
 	} else if config.IdpMetadataXml != nil {
 		metadata = []byte(*config.IdpMetadataXml)
 	} else {
-		log.Error(LOG_REGIO, "not able to set IdP Metadata")
+		log.Warn(LOG_REGIO, "not able to set IdP Metadata. PLS setup the IdP Metadata in config!")
 	}
 
 	apiPort := common.Getenv("API_SERVER_PORT", strconv.Itoa(API_SERVER_PORT))
@@ -104,6 +102,7 @@ func run() {
 		&config.SignedRequest,
 		&config.ForceAuthn,
 		&config.CookieSecure,
+		saml.PUBLIC_BASE_PATH,
 	)
 	if err != nil {
 		log.Fatal(LOG_REGIO, "cannot initialize saml service provider: %v", err)
@@ -122,29 +121,27 @@ func run() {
 	)
 
 	go func() {
+		log.Info(LOG_REGIO, "api server started @ %v", apiPort)
 		err := http.ListenAndServe(":"+apiPort, router)
 		if err != nil {
 			log.Fatal(LOG_REGIO, "app api server: %v", err)
 		}
 	}()
 
 	// saml specific handle (no RESTful) to router
-	elionaAuth := eliona.NewSingleSignOn(config.OwnUrl,
+	sso := eliona.NewSingleSignOn(config.OwnUrl,
 		config.UserToArchive, config.LoginFailedUrl)
 
-	activeHandleFunc := http.HandlerFunc(elionaAuth.ActiveHandle)
+	activeHandleFunc := http.HandlerFunc(sso.ActiveHandle)
 	http.Handle(eliona.ENDPOINT_SSO_GENERIC_ACTIVE, activeHandleFunc)
-	authHandleFunc := http.HandlerFunc(elionaAuth.Authentication) // TODO: Not completely implemented.
+	samlErrHandleFunc := http.HandlerFunc(sso.DefaultLoginError)
+	http.Handle(eliona.ENDPOINT_SSO_GENERIC_ERROR, samlErrHandleFunc)
+	authHandleFunc := http.HandlerFunc(sso.Authentication)
 	http.Handle(eliona.ENDPOINT_SSO_GENERIC_VERIFICATION,
-		sp.GetMiddleWare().RequireAccount(authHandleFunc))
-	http.Handle(SAML_SPECIFIC_ENDPOINT_PATH, sp.GetMiddleWare())
-
-	// for backwards compatibility, can be removed when the frontend is reworked to the new generic /sso/* endpoints
-	http.Handle("/adfs/active/", activeHandleFunc)
-	http.Handle("/adfs/auth/",
-		sp.GetMiddleWare().RequireAccount(authHandleFunc))
+		sp.FixPath((sp.GetMiddleWare().RequireAccount(authHandleFunc))))
+	http.Handle(saml.SP_HANDLE_BASE_PATH, sp.FixPath(sp.GetMiddleWare()))
 
-	log.Info(LOG_REGIO, "started @ %v", samlSpPort)
+	log.Info(LOG_REGIO, "public http server started @ %v", samlSpPort)
 	err = http.ListenAndServe(":"+samlSpPort, nil)
 	if err != nil {
 		log.Error("sp app", "exiting due to an error: %v", err)