# == Schema Information # # Table name: account_saml_settings # # id :bigint not null, primary key # certificate :text # role_mappings :json # sso_url :string # created_at :datetime not null # updated_at :datetime not null # account_id :bigint not null # idp_entity_id :string # sp_entity_id :string # # Indexes # # index_account_saml_settings_on_account_id (account_id) # class AccountSamlSettings < ApplicationRecord belongs_to :account validates :account_id, presence: true validates :sso_url, presence: true validates :certificate, presence: true validates :idp_entity_id, presence: true validate :certificate_must_be_valid_x509 before_validation :set_sp_entity_id, if: :sp_entity_id_needs_generation? after_create_commit :update_account_users_provider after_destroy_commit :reset_account_users_provider def saml_enabled? sso_url.present? && certificate.present? end def certificate_fingerprint return nil if certificate.blank? begin cert = OpenSSL::X509::Certificate.new(certificate) OpenSSL::Digest::SHA1.new(cert.to_der).hexdigest .upcase.gsub(/(.{2})(?=.)/, '\1:') rescue OpenSSL::X509::CertificateError nil end end private def set_sp_entity_id base_url = GlobalConfigService.load('FRONTEND_URL', 'http://localhost:3000') self.sp_entity_id = "#{base_url}/saml/sp/#{account_id}" end def sp_entity_id_needs_generation? sp_entity_id.blank? end def installation_name GlobalConfigService.load('INSTALLATION_NAME', 'Chatwoot') end def update_account_users_provider Saml::UpdateAccountUsersProviderJob.perform_later(account_id, 'saml') end def reset_account_users_provider Saml::UpdateAccountUsersProviderJob.perform_later(account_id, 'email') end def certificate_must_be_valid_x509 return if certificate.blank? OpenSSL::X509::Certificate.new(certificate) rescue OpenSSL::X509::CertificateError errors.add(:certificate, I18n.t('errors.account_saml_settings.invalid_certificate')) end end