Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 8095b9405a
Branches Tags
zammad
/
app
/
models
/
setting
/
validation
/
saml
/
tls.rb

tls.rb 1.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. class Setting::Validation::Saml::TLS < Setting::Validation::Base
    4. 

  4. 

  5.   def run
    6. 

  6.     return result_success if value.blank?
    7. 

  7. 

  8.     msg = check_tls_verification
    9. 

  9.     return result_failed(msg) if !msg.nil?
    10. 

  10. 

  11.     result_success
    12. 

  12.   end
    13. 

  13. 

  14.   private
    15. 

  15. 

  16.   def check_tls_verification
    17. 

  17.     return nil if !value[:ssl_verify]
    18. 

  18. 

  19.     url = value[:idp_sso_target_url]
    20. 

  20.     return nil if !url.starts_with?('https://')
    21. 

  21. 

  22.     resp = UserAgent.get(
    23. 

  23.       url,
    24. 

  24.       {},
    25. 

  25.       {
    26. 

  26.         verify_ssl: true,
    27. 

  27.         log:        { facility: 'SAML' }
    28. 

  28.       }
    29. 

  29.     )
    30. 

  30. 

  31.     return nil if resp.error.nil?
    32. 

  32.     return nil if resp.error.include?('#<Net::HTTP')
    33. 

  33. 

  34.     Rails.logger.error("SAML: TLS verification failed for '#{url}': #{resp.error}")
    35. 

  35. 

  36.     if resp.error.starts_with?('#<OpenSSL::SSL::SSLError')
    37. 

  37.       __('The verification of the TLS connection failed. Please check the SAML IDP certificate.')
    38. 

  38.     else
    39. 

  39.       __('The verification of the TLS connection is not possible. Please check the SAML IDP connection.')
    40. 

  40.     end
    41. 

  41.   end
    42. 

  42. end
    43.