Maintenance: Add ssl verification option to i-doit integration.

Co-authored-by: Florian Liebe <[email protected]>
jackwurth · Sep 5, 2023 · d2cbf54 · d2cbf54
1 parent 93fc1a0
commit d2cbf54
Show file tree

Hide file tree

Showing 7 changed files with 100 additions and 10 deletions.
diff --git a/app/assets/javascripts/app/controllers/_integration/idoit.coffee b/app/assets/javascripts/app/controllers/_integration/idoit.coffee
@@ -36,10 +36,22 @@ class Form extends App.Controller
   render: =>
     @config = @currentConfig()
 
-    @html App.view('integration/idoit')(
-      config: @config
+    verify_ssl = App.UiElement.boolean.render(
+      name: 'verify_ssl'
+      null: false
+      default: true
+      value: @config.verify_ssl
+      class: 'form-control form-control--small'
     )
 
+    content = $(App.view('integration/idoit')(
+      config: @config
+    ))
+
+    content.find('.js-sslVerify').html verify_ssl
+
+    @html content
+
   update: (e) =>
     e.preventDefault()
     @config = @formParam(e.target)
@@ -55,6 +67,7 @@ class Form extends App.Controller
         api_token: @config.api_token
         endpoint: @config.endpoint
         client_id: @config.client_id
+        verify_ssl: @config.verify_ssl
       )
       success: (data, status, xhr) =>
         if data.result is 'failed'

diff --git a/app/assets/javascripts/app/views/integration/idoit.jst.eco b/app/assets/javascripts/app/views/integration/idoit.jst.eco
@@ -17,6 +17,9 @@
         <tr>
           <td class="settings-list-row-control"><%- @T('Client ID') %>
           <td class="settings-list-control-cell"><input type="text" class="form-control form-control--small" value="<%= @config.client_id %>" name="client_id">
+        <tr>
+          <td class="settings-list-row-control"><%- @T('SSL verification') %>
+          <td class="settings-list-control-cell js-sslVerify">
       </tbody>
     </table>
   </div>

diff --git a/app/controllers/integration/idoit_controller.rb b/app/controllers/integration/idoit_controller.rb
@@ -4,7 +4,7 @@ class Integration::IdoitController < ApplicationController
   prepend_before_action :authenticate_and_authorize!
 
   def verify
-    response = ::Idoit.verify(params[:api_token], params[:endpoint], params[:client_id])
+    response = ::Idoit.verify(params[:api_token], params[:endpoint], params[:client_id], verify_ssl: params[:verify_ssl])
     render json: {
       result:   'ok',
       response: response,

diff --git a/db/migrate/20230904123822_set_idoit_ssl_default.rb b/db/migrate/20230904123822_set_idoit_ssl_default.rb
@@ -0,0 +1,13 @@
+# Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
+
+class SetIdoitSslDefault < ActiveRecord::Migration[6.1]
+  def change
+    # return if it's a new setup
+    return if !Setting.exists?(name: 'system_init_done')
+
+    config = Setting.get('idoit_config')
+    return if config.blank?
+
+    Setting.set('idoit_config', config.merge('verify_ssl' => false))
+  end
+end
diff --git a/i18n/zammad.pot b/i18n/zammad.pot
@@ -9560,6 +9560,7 @@ msgstr ""
 msgid "SSL Verify"
 msgstr ""
 
+#: app/assets/javascripts/app/views/integration/idoit.jst.eco
 #: app/assets/javascripts/app/views/integration/ldap_ssl_verify_row.jst.eco
 msgid "SSL verification"
 msgstr ""

diff --git a/lib/idoit.rb b/lib/idoit.rb
@@ -14,15 +14,15 @@ class Idoit
 
 =end
 
-  def self.verify(api_token, endpoint, _client_id = nil)
+  def self.verify(api_token, endpoint, _client_id = nil, verify_ssl: false)
     raise 'api_token required' if api_token.blank?
     raise 'endpoint required' if endpoint.blank?
 
     params = {
       apikey: api_token,
     }
 
-    _query('cmdb.object_types', params, _url_cleanup(endpoint))
+    _query('cmdb.object_types', params, _url_cleanup(endpoint), verify_ssl: verify_ssl)
   end
 
 =begin
@@ -98,10 +98,10 @@ def self.query(method, filter = {})
     if filter.present?
       params[:filter] = filter
     end
-    _query(method, params, _url_cleanup(setting[:endpoint]))
+    _query(method, params, _url_cleanup(setting[:endpoint]), verify_ssl: setting[:verify_ssl])
   end
 
-  def self._query(method, params, url)
+  def self._query(method, params, url, verify_ssl: false)
     result = UserAgent.post(
       url,
       {
@@ -114,6 +114,7 @@ def self._query(method, params, url)
         id:      42,
       },
       {
+        verify_ssl:   verify_ssl,
         json:         true,
         open_timeout: 6,
         read_timeout: 16,

diff --git a/spec/requests/integration/idoit_spec.rb b/spec/requests/integration/idoit_spec.rb
@@ -3,7 +3,6 @@
 require 'rails_helper'
 
 RSpec.describe 'Idoit', type: :request do
-
   let!(:admin) do
     create(:admin, groups: Group.all)
   end
@@ -20,6 +19,10 @@
     'https://idoit.example.com/i-doit/'
   end
 
+  def read_message(file)
+    Rails.root.join('test', 'data', 'idoit', "#{file}.json").read
+  end
+
   before do
     Setting.set('idoit_integration', true)
     Setting.set('idoit_config', {
@@ -148,9 +151,65 @@
       expect(json_response['response']['result'][0]['cmdb_status_title']).to eq('in operation')
 
     end
+  end
+
+  describe 'SSL verification' do
+    describe '.verify' do
+      def request(verify: false)
+        params = {
+          api_token:  token,
+          endpoint:   endpoint,
+          client_id:  '',
+          verify_ssl: verify
+        }
+        authenticated_as(admin)
+        post '/api/v1/integration/idoit/verify', params: params, as: :json
+        expect(response).to have_http_status(:ok)
+      end
+
+      it 'does verify SSL' do
+        allow(UserAgent).to receive(:get_http)
+        request(verify: true)
+        expect(UserAgent).to have_received(:get_http).with(URI::HTTPS, hash_including(verify_ssl: true)).once
+      end
+
+      it 'does not verify SSL' do
+        allow(UserAgent).to receive(:get_http)
+        request
+        expect(UserAgent).to have_received(:get_http).with(URI::HTTPS, hash_including(verify_ssl: false)).once
+      end
+    end
 
-    def read_message(file)
-      Rails.root.join('test', 'data', 'idoit', "#{file}.json").read
+    describe '.query' do
+      def request(verify: false)
+        Setting.set('idoit_config', Setting.get('idoit_config').merge(verify_ssl: verify))
+
+        stub_request(:post, "#{endpoint}src/jsonrpc.php")
+          .with(body: "{\"method\":\"cmdb.object_types\",\"params\":{\"apikey\":\"#{token}\"},\"version\":\"2.0\",\"id\":42}")
+          .to_return(status: 200, body: read_message('object_types_response'), headers: {})
+
+        params = {
+          method: 'cmdb.objects',
+          filter: {
+            ids: ['33']
+          },
+        }
+        authenticated_as(agent)
+        post '/api/v1/integration/idoit', params: params, as: :json
+        expect(response).to have_http_status(:ok)
+      end
+
+      it 'does verify SSL' do
+        allow(UserAgent).to receive(:get_http)
+        request(verify: true)
+        expect(UserAgent).to have_received(:get_http).with(URI::HTTPS, hash_including(verify_ssl: true)).once
+      end
+
+      it 'does not verify SSL' do
+        allow(UserAgent).to receive(:get_http)
+        request
+        expect(UserAgent).to have_received(:get_http).with(URI::HTTPS, hash_including(verify_ssl: false)).once
+      end
     end
   end
 end