feat: SAML UI [CW-2958] (#12345)

Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com> Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2025-09-15 19:33:54 +05:30
parent 3ad2c33220
commit 300d68f3f7
17 changed files with 659 additions and 3 deletions
--- a/enterprise/app/controllers/api/v1/accounts/saml_settings_controller.rb
+++ b/enterprise/app/controllers/api/v1/accounts/saml_settings_controller.rb
@@ -7,11 +7,19 @@ class Api::V1::Accounts::SamlSettingsController < Api::V1::Accounts::BaseControl

  def create
    @saml_settings = Current.account.build_saml_settings(saml_settings_params)
-    @saml_settings.save!
+    if @saml_settings.save
+      render :show
+    else
+      render json: { errors: @saml_settings.errors.full_messages }, status: :unprocessable_entity
+    end
  end

  def update
-    @saml_settings.update!(saml_settings_params)
+    if @saml_settings.update(saml_settings_params)
+      render :show
+    else
+      render json: { errors: @saml_settings.errors.full_messages }, status: :unprocessable_entity
+    end
  end

  def destroy
--- a/enterprise/app/controllers/enterprise/devise_overrides/passwords_controller.rb
+++ b/enterprise/app/controllers/enterprise/devise_overrides/passwords_controller.rb
@@ -5,6 +5,7 @@ module Enterprise::DeviseOverrides::PasswordsController
    if saml_user_attempting_password_auth?(params[:email])
      render json: {
        success: false,
+        message: I18n.t('messages.reset_password_saml_user'),
        errors: [I18n.t('messages.reset_password_saml_user')]
      }, status: :forbidden
      return
--- a/enterprise/app/controllers/enterprise/devise_overrides/sessions_controller.rb
+++ b/enterprise/app/controllers/enterprise/devise_overrides/sessions_controller.rb
@@ -5,6 +5,7 @@ module Enterprise::DeviseOverrides::SessionsController
    if saml_user_attempting_password_auth?(params[:email], sso_auth_token: params[:sso_auth_token])
      render json: {
        success: false,
+        message: I18n.t('messages.login_saml_user'),
        errors: [I18n.t('messages.login_saml_user')]
      }, status: :unauthorized
      return
--- a/enterprise/app/models/account_saml_settings.rb
+++ b/enterprise/app/models/account_saml_settings.rb
@@ -23,6 +23,7 @@ class AccountSamlSettings < ApplicationRecord
  validates :sso_url, presence: true
  validates :certificate, presence: true
  validates :idp_entity_id, presence: true
+  validate :certificate_must_be_valid_x509

  before_validation :set_sp_entity_id, if: :sp_entity_id_needs_generation?

@@ -56,4 +57,12 @@ class AccountSamlSettings < ApplicationRecord
  def installation_name
    GlobalConfigService.load('INSTALLATION_NAME', 'Chatwoot')
  end
+
+  def certificate_must_be_valid_x509
+    return if certificate.blank?
+
+    OpenSSL::X509::Certificate.new(certificate)
+  rescue OpenSSL::X509::CertificateError
+    errors.add(:certificate, I18n.t('errors.account_saml_settings.invalid_certificate'))
+  end
 end