1/**
2 * Controller for LDAP
3 *
4 * @module app/access-control
5 * @exports ldapController
6 * @name ldapController
7 */
8
9window.angular && (function(angular) {
10  'use strict';
11
12  angular.module('app.accessControl').controller('ldapController', [
13    '$scope', 'APIUtils', '$q', 'toastService',
14    function($scope, APIUtils, $q, toastService) {
15      $scope.loading = false;
16      $scope.isSecure = false;
17      $scope.ldapProperties = {};
18      $scope.originalProperties = {};
19      $scope.submitted = false;
20      $scope.roleGroups = [];
21      $scope.roleGroupType = '';
22      $scope.clientCertificateExpires = '';
23
24      $scope.$on('$viewContentLoaded', function() {
25        $scope.loadLdap();
26      });
27
28      $scope.loadLdap = function() {
29        $scope.loading = true;
30        $scope.submitted = false;
31        var getLdapProperties =
32            APIUtils.getAllUserAccountProperties()
33                .then(function(data) {
34                  $scope.ldapProperties = {
35                    'ServiceEnabled': data.LDAP.ServiceEnabled ?
36                        data.LDAP.ServiceEnabled :
37                        data.ActiveDirectory.ServiceEnabled ?
38                        data.ActiveDirectory.ServiceEnabled :
39                        false,
40                    'LDAPServiceEnabled': data.LDAP.ServiceEnabled,
41                    'ADServiceEnabled': data.ActiveDirectory.ServiceEnabled,
42                    'EnabledServiceType': data.LDAP.ServiceEnabled ?
43                        'ldap' :
44                        data.ActiveDirectory.ServiceEnabled ? 'ad' : '',
45                    'ServiceAddresses': data.LDAP.ServiceEnabled ?
46                        data.LDAP.ServiceAddresses :
47                        data.ActiveDirectory.ServiceEnabled ?
48                        data.ActiveDirectory.ServiceAddresses :
49                        [],
50                    'useSSL': $scope.isSSL(
51                        data.LDAP.ServiceEnabled ?
52                            data.LDAP.ServiceAddresses[0] :
53                            data.ActiveDirectory.ServiceAddresses[0]),
54                    'Username': data.LDAP.ServiceEnabled ?
55                        data.LDAP.Authentication.Username :
56                        data.ActiveDirectory.ServiceEnabled ?
57                        data.ActiveDirectory.Authentication.Username :
58                        '',
59                    'BaseDistinguishedNames': data.LDAP.ServiceEnabled ?
60                        data.LDAP.LDAPService.SearchSettings
61                            .BaseDistinguishedNames :
62                        data.ActiveDirectory.ServiceEnabled ?
63                        data.ActiveDirectory.LDAPService.SearchSettings
64                                .BaseDistinguishedNames :
65                        [],
66                    'GroupsAttribute': data.LDAP.ServiceEnabled ?
67                        data.LDAP.LDAPService.SearchSettings.GroupsAttribute :
68                        data.ActiveDirectory.ServiceEnabled ?
69                        data.ActiveDirectory.LDAPService.SearchSettings
70                                .GroupsAttribute :
71                        '',
72                    'UsernameAttribute': data.LDAP.ServiceEnabled ?
73                        data.LDAP.LDAPService.SearchSettings.UsernameAttribute :
74                        data.ActiveDirectory.ServiceEnabled ?
75                        data.ActiveDirectory.LDAPService.SearchSettings
76                                .UsernameAttribute :
77                        '',
78                    'AuthenticationType': data.LDAP.ServiceEnabled ?
79                        data.LDAP.Authentication.AuthenticationType :
80                        data.ActiveDirectory.Authentication.AuthenticationType,
81                  };
82
83                  $scope.roleGroupType =
84                      $scope.ldapProperties.EnabledServiceType;
85
86                  if ($scope.ldapProperties.ServiceEnabled) {
87                    if ($scope.ldapProperties.LDAPServiceEnabled) {
88                      $scope.roleGroups = data.LDAP.RemoteRoleMapping;
89                    } else if ($scope.ldapProperties.ADServiceEnabled) {
90                      $scope.roleGroups =
91                          data.ActiveDirectory.RemoteRoleMapping;
92                    }
93                  }
94                })
95                .catch(function(error) {
96                  console.log(JSON.stringify(error));
97                });
98        var getClientCertificate =
99            APIUtils
100                .getCertificate('/redfish/v1/AccountService/LDAP/Certificates')
101                .then(function(data) {
102                  if (data.Members) {
103                    var certificate = data.Members[0];
104                    APIUtils.getCertificate(certificate['@odata.id'])
105                        .then(
106                            function(data) {
107                              $scope.clientCertificateExpires =
108                                  data.ValidNotAfter;
109                            },
110                            function(error) {
111                              console.log(JSON.stringify(error));
112                            })
113                  }
114                })
115                .catch(function(error) {
116                  console.log(JSON.stringify(error));
117                });
118
119        var promises = [getLdapProperties, getClientCertificate];
120        $q.all(promises).finally(function() {
121          $scope.loading = false;
122        });
123      };
124
125      $scope.saveLdapSettings = function() {
126        for (var i in $scope.ldapProperties.ServiceAddresses) {
127          if ($scope.ldapProperties.useSSL !==
128              $scope.isSSL($scope.ldapProperties.ServiceAddresses[i])) {
129            toastService.error(
130                'Server URI ' + $scope.ldapProperties.ServiceAddresses[i] +
131                ' must begin with ' +
132                ($scope.ldapProperties.useSSL ? 'ldaps:// ' : 'ldap:// ') +
133                'when SSL is ' +
134                ($scope.ldapProperties.useSSL ? 'configured. ' :
135                                                'not configured.'));
136          }
137        }
138
139        // Default LDAP and AD Attributes
140        let LDAP = {};
141
142        let ActiveDirectory = {};
143
144        // Data to pass to request
145        let data = {};
146        data.LDAP = LDAP;
147        data.ActiveDirectory = ActiveDirectory;
148
149        // Values to update the service type object
150        let Authentication = {};
151        Authentication.Username = $scope.ldapProperties.Username;
152        Authentication.Password = $scope.ldapProperties.Password;
153        Authentication.AuthenticationType =
154            $scope.ldapProperties.AuthenticationType;
155
156        let LDAPService = {};
157        LDAPService.SearchSettings = {};
158        LDAPService.SearchSettings.BaseDistinguishedNames =
159            $scope.ldapProperties.BaseDistinguishedNames;
160        LDAPService.SearchSettings.GroupsAttribute =
161            $scope.ldapProperties.GroupsAttribute;
162        LDAPService.SearchSettings.UsernameAttribute =
163            $scope.ldapProperties.UsernameAttribute;
164
165        let ServiceAddresses = $scope.ldapProperties.ServiceAddresses;
166        if ($scope.ldapProperties.EnabledServiceType == 'ldap') {
167          ActiveDirectory.ServiceEnabled = false;
168          LDAP.ServiceEnabled = true;
169          LDAP.Authentication = Authentication;
170          LDAP.LDAPService = LDAPService;
171          LDAP.ServiceAddresses = ServiceAddresses;
172        } else if ($scope.ldapProperties.EnabledServiceType == 'ad') {
173          ActiveDirectory.ServiceEnabled = true;
174          LDAP.ServiceEnabled = false;
175          ActiveDirectory.Authentication = Authentication;
176          ActiveDirectory.LDAPService = LDAPService;
177          ActiveDirectory.ServiceAddresses = ServiceAddresses;
178        }
179
180        APIUtils.saveLdapProperties(data).then(
181            function(response) {
182              if (!response.data.hasOwnProperty('error')) {
183                toastService.success('Successfully updated LDAP settings.');
184                $scope.loadLdap();
185              } else {
186                toastService.error('Unable to update LDAP settings.');
187                console.log(JSON.stringify(response.data.error.message));
188              }
189            },
190            function(error) {
191              toastService.error('Unable to update LDAP settings.');
192              console.log(JSON.stringify(error));
193            });
194      };
195
196      $scope.isSSL = function(uri) {
197        return uri.startsWith('ldaps://');
198      };
199      $scope.updateServiceEnabled = function() {
200        if (!$scope.ldapProperties.ServiceEnabled) {
201          $scope.ldapProperties.EnabledServiceType = '';
202          let data = {};
203          let LDAP = {};
204          data.LDAP = LDAP;
205          LDAP.ServiceEnabled = false;
206          let ActiveDirectory = {};
207          data.ActiveDirectory = ActiveDirectory;
208          ActiveDirectory.ServiceEnabled = false;
209
210          APIUtils.saveLdapProperties(data).then(
211              function(response) {
212                toastService.success('Successfully disabled LDAP.');
213                $scope.roleGroups = [];
214                $scope.loadLdap();
215              },
216              function(error) {
217                toastService.error('Unable to disable LDAP.');
218                console.log(JSON.stringify(error));
219              });
220        }
221      }
222    }
223  ]);
224})(angular);
225