From 89a7611c18fe218a22335414ad09f544f2827b95 Mon Sep 17 00:00:00 2001
From: David Leimroth <leimrothd@haufe.com>
Date: Mon, 7 Feb 2022 17:39:48 +0100
Subject: [PATCH] added a route and a method to store sso configs to the
 ApiController

---
 server/ApiController.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/server/ApiController.js b/server/ApiController.js
index 6a13130e6..808cd54c0 100644
--- a/server/ApiController.js
+++ b/server/ApiController.js
@@ -162,6 +162,7 @@ class ApiController {
     this.router.delete('/authors/:id', this.deleteAuthor.bind(this))
 
     this.router.patch('/serverSettings', this.updateServerSettings.bind(this))
+    this.router.patch('/SSOSettings', this.updateSSOSettings.bind(this))
 
     this.router.post('/authorize', this.authorize.bind(this))
 
@@ -290,6 +291,27 @@ class ApiController {
     })
   }
 
+  async updateSSOSettings(req, res) {
+    if (!req.user.isRoot) {
+      Logger.error('User other than root attempting to update sso settings', req.user)
+      return res.sendStatus(403)
+    }
+    let SSOUpdate = req.body
+    if (!SSOUpdate || !isObject(SSOUpdate)) {
+      return res.status(500).send('Invalid settings update object')
+    }
+
+    console.log("SSOUpdate", JSON.stringify(SSOUpdate))
+    var madeUpdates = this.db.SSOSettings.update(SSOUpdate)
+    if (madeUpdates) {
+      await this.db.updateEntity('sso', this.db.SSOUpdate)
+    }
+    return res.json({
+      success: true,
+      SSOUpdate: this.db.SSOUpdate
+    })
+  }
+
   async download(req, res) {
     if (!req.user.canDownload) {
       Logger.error('User attempting to download without permission', req.user)