plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/AuthorizeSAMLSSOCmd.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.api.command;

 import com.cloud.domain.Domain;
 import com.cloud.user.Account;
 import com.cloud.user.UserAccount;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.IdpResponse;
 import org.apache.cloudstack.api.response.SuccessResponse;
 import org.apache.cloudstack.api.response.UserResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.saml.SAML2AuthManager;

 import javax.inject.Inject;

 @APICommand(name = "authorizeSamlSso", description = "Allow or disallow a user to use SAML SSO", responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class AuthorizeSAMLSSOCmd extends BaseCmd {


     @Inject
     SAML2AuthManager _samlAuthManager;

     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////

     @Parameter(name = ApiConstants.USER_ID, type = CommandType.UUID, entityType = UserResponse.class, required = true, description = "User uuid")
     private Long id;

     @Parameter(name = ApiConstants.ENABLE, type = CommandType.BOOLEAN, required = true, description = "If true, authorizes user to be able to use SAML for Single Sign. If False, disable user to user SAML SSO.")
     private Boolean enable;

     public Boolean getEnable() {
         return enable;
     }

     public String getEntityId() {
         return entityId;
     }

     @Parameter(name = ApiConstants.ENTITY_ID, type = CommandType.STRING, entityType = IdpResponse.class, description = "The Identity Provider ID the user is allowed to get single signed on from")
     private String entityId;

     public Long getId() {
         return id;
     }

     @Override
     public long getEntityOwnerId() {
         return Account.ACCOUNT_ID_SYSTEM;
     }

     @Override
     public void execute() {
         // Check permissions
         UserAccount userAccount = _accountService.getUserAccountById(getId());
         if (userAccount == null) {
             throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR , "Unable to find a user account with the given ID");
         }
         Domain domain = _domainService.getDomain(userAccount.getDomainId());
         Account account = _accountService.getAccount(userAccount.getAccountId());
         _accountService.checkAccess(CallContext.current().getCallingAccount(), domain);
         _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.OperateEntry, true, account);

         CallContext.current().setEventDetails("UserId: " + getId());
         SuccessResponse response = new SuccessResponse();
         Boolean status = false;

         if (_samlAuthManager.authorizeUser(getId(), getEntityId(), getEnable())) {
             status = true;
         }
         response.setResponseName(getCommandName());
         response.setSuccess(status);
         setResponseObject(response);
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package org.apache.cloudstack.api.command;

	import com.cloud.domain.Domain;
	import com.cloud.user.Account;
	import com.cloud.user.UserAccount;
	import org.apache.cloudstack.acl.SecurityChecker;
	import org.apache.cloudstack.api.APICommand;
	import org.apache.cloudstack.api.ApiConstants;
	import org.apache.cloudstack.api.ApiErrorCode;
	import org.apache.cloudstack.api.BaseCmd;
	import org.apache.cloudstack.api.Parameter;
	import org.apache.cloudstack.api.ServerApiException;
	import org.apache.cloudstack.api.response.IdpResponse;
	import org.apache.cloudstack.api.response.SuccessResponse;
	import org.apache.cloudstack.api.response.UserResponse;
	import org.apache.cloudstack.context.CallContext;
	import org.apache.cloudstack.saml.SAML2AuthManager;

	import javax.inject.Inject;

	@APICommand(name = "authorizeSamlSso", description = "Allow or disallow a user to use SAML SSO", responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
	public class AuthorizeSAMLSSOCmd extends BaseCmd {


	@Inject
	SAML2AuthManager _samlAuthManager;

	/////////////////////////////////////////////////////
	//////////////// API parameters /////////////////////
	/////////////////////////////////////////////////////

	@Parameter(name = ApiConstants.USER_ID, type = CommandType.UUID, entityType = UserResponse.class, required = true, description = "User uuid")
	private Long id;

	@Parameter(name = ApiConstants.ENABLE, type = CommandType.BOOLEAN, required = true, description = "If true, authorizes user to be able to use SAML for Single Sign. If False, disable user to user SAML SSO.")
	private Boolean enable;

	public Boolean getEnable() {
	return enable;
	}

	public String getEntityId() {
	return entityId;
	}

	@Parameter(name = ApiConstants.ENTITY_ID, type = CommandType.STRING, entityType = IdpResponse.class, description = "The Identity Provider ID the user is allowed to get single signed on from")
	private String entityId;

	public Long getId() {
	return id;
	}

	@Override
	public long getEntityOwnerId() {
	return Account.ACCOUNT_ID_SYSTEM;
	}

	@Override
	public void execute() {
	// Check permissions
	UserAccount userAccount = _accountService.getUserAccountById(getId());
	if (userAccount == null) {
	throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR , "Unable to find a user account with the given ID");
	}
	Domain domain = _domainService.getDomain(userAccount.getDomainId());
	Account account = _accountService.getAccount(userAccount.getAccountId());
	_accountService.checkAccess(CallContext.current().getCallingAccount(), domain);
	_accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.OperateEntry, true, account);

	CallContext.current().setEventDetails("UserId: " + getId());
	SuccessResponse response = new SuccessResponse();
	Boolean status = false;

	if (_samlAuthManager.authorizeUser(getId(), getEntityId(), getEnable())) {
	status = true;
	}
	response.setResponseName(getCommandName());
	response.setSuccess(status);
	setResponseObject(response);
	}
	}