1 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
3 # see file 'COPYING' for use and warranty information
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from ipsilon.util import config as pconfig
20 from ipsilon.admin.common import AdminPage
21 from ipsilon.admin.common import ADMIN_STATUS_OK
22 from ipsilon.admin.common import ADMIN_STATUS_ERROR
23 from ipsilon.admin.common import ADMIN_STATUS_WARN
24 from ipsilon.admin.common import get_mapping_list_value
25 from ipsilon.admin.common import get_complex_list_value
26 from ipsilon.providers.saml2.provider import ServiceProvider
27 from ipsilon.providers.saml2.provider import ServiceProviderCreator
28 from ipsilon.providers.saml2.provider import InvalidProviderId
29 from copy import deepcopy
34 class NewSPAdminPage(AdminPage):
36 def __init__(self, site, parent):
37 super(NewSPAdminPage, self).__init__(site, form=True)
39 self.title = 'New Service Provider'
40 self.back = parent.url
41 self.url = '%s/new' % (parent.url,)
43 def form_new(self, message=None, message_type=None):
44 return self._template('admin/providers/saml2_sp_new.html',
47 message_type=message_type,
48 name='saml2_sp_new_form',
49 back=self.back, action=self.url)
51 def GET(self, *args, **kwargs):
52 return self.form_new()
54 def POST(self, *args, **kwargs):
56 if self.user.is_admin:
57 # TODO: allow authenticated user to create SPs on their own
58 # set the owner in that case
61 if 'content-type' not in cherrypy.request.headers:
62 self.debug("Invalid request, missing content-type")
63 message = "Malformed request"
64 message_type = ADMIN_STATUS_ERROR
65 return self.form_new(message, message_type)
66 ctype = cherrypy.request.headers['content-type'].split(';')[0]
67 if ctype != 'multipart/form-data':
68 self.debug("Invalid form type (%s), trying to cope" % (
69 cherrypy.request.content_type,))
70 for key, value in kwargs.iteritems():
73 elif key == 'metatext':
76 elif key == 'metafile':
77 if hasattr(value, 'content_type'):
78 meta = value.fullvalue()
80 self.debug("Invalid format for 'meta'")
81 elif key == 'metaurl':
84 r = requests.get(value)
87 except Exception, e: # pylint: disable=broad-except
88 self.debug("Failed to fetch metadata: " + repr(e))
89 message = "Failed to fetch metadata: " + repr(e)
90 message_type = ADMIN_STATUS_ERROR
91 return self.form_new(message, message_type)
95 spc = ServiceProviderCreator(self.parent.cfg)
96 sp = spc.create_from_buffer(name, meta)
97 sp_page = self.parent.add_sp(name, sp)
98 message = "SP Successfully added"
99 message_type = ADMIN_STATUS_OK
100 return sp_page.root_with_msg(message, message_type)
101 except InvalidProviderId, e:
103 message_type = ADMIN_STATUS_ERROR
104 except Exception, e: # pylint: disable=broad-except
106 message = "Failed to create Service Provider!"
107 message_type = ADMIN_STATUS_ERROR
109 message = "A name and a metadata file must be provided"
110 message_type = ADMIN_STATUS_ERROR
112 message = "Unauthorized"
113 message_type = ADMIN_STATUS_ERROR
115 return self.form_new(message, message_type)
118 class InvalidValueFormat(Exception):
122 class UnauthorizedUser(Exception):
126 class SPAdminPage(AdminPage):
128 def __init__(self, sp, site, parent):
129 super(SPAdminPage, self).__init__(site, form=True)
133 self.url = '%s/sp/%s' % (parent.url, sp.name)
135 self.back = parent.url
137 def root_with_msg(self, message=None, message_type=None):
138 return self._template('admin/option_config.html', title=self.title,
139 menu=self.menu, action=self.url, back=self.back,
140 message=message, message_type=message_type,
141 name='saml2_sp_%s_form' % (self.sp.name),
142 config=self.sp.get_config_obj())
144 def GET(self, *args, **kwargs):
145 return self.root_with_msg()
147 def POST(self, *args, **kwargs):
149 message = "Nothing was modified."
150 message_type = "info"
151 new_db_values = dict()
153 conf = self.sp.get_config_obj()
155 for name, option in conf.iteritems():
158 if isinstance(option, pconfig.List):
159 value = [x.strip() for x in value.split('\n')]
160 elif isinstance(option, pconfig.Condition):
163 if isinstance(option, pconfig.Condition):
165 elif isinstance(option, pconfig.Choice):
167 for a in option.get_allowed():
168 aname = '%s_%s' % (name, a)
171 elif type(option) is pconfig.ComplexList:
172 current = deepcopy(option.get_value())
173 value = get_complex_list_value(name,
176 # if current value is None do nothing
178 if option.get_value() is None:
180 # else pass and let it continue as None
181 elif type(option) is pconfig.MappingList:
182 current = deepcopy(option.get_value())
183 value = get_mapping_list_value(name,
186 # if current value is None do nothing
188 if option.get_value() is None:
190 # else pass and let it continue as None
194 if value != option.get_value():
195 if (type(option) is pconfig.List and
196 set(value) == set(option.get_value())):
198 cherrypy.log.error("Storing %s = %s" %
199 (name, value), severity=logging.DEBUG)
200 new_db_values[name] = value
202 if len(new_db_values) != 0:
204 # Validate user can make these changes
205 for (key, value) in new_db_values.iteritems():
207 if (not self.user.is_admin and
208 self.user.name != self.sp.owner):
209 raise UnauthorizedUser("Unauthorized to set owner")
210 elif key in ['Owner', 'Default NameID', 'Allowed NameIDs',
211 'Attribute Mapping', 'Allowed Attributes']:
212 if not self.user.is_admin:
213 raise UnauthorizedUser(
214 "Unauthorized to set %s" % key
217 # Make changes in current config
218 for name, option in conf.iteritems():
219 value = new_db_values.get(name, False)
220 # A value of None means remove from the data store
221 if value is False or value == []:
224 if not self.sp.is_valid_name(value):
225 raise InvalidValueFormat(
226 'Invalid name! Use only numbers and'
230 self.url = '%s/sp/%s' % (self.parent.url, value)
231 self.parent.rename_sp(option.get_value(), value)
232 elif name == 'User Owner':
233 self.sp.owner = value
234 elif name == 'Default NameID':
235 self.sp.default_nameid = value
236 elif name == 'Allowed NameIDs':
237 self.sp.allowed_nameids = value
238 elif name == 'Attribute Mapping':
239 self.sp.attribute_mappings = value
240 elif name == 'Allowed Attributes':
241 self.sp.allowed_attributes = value
242 except InvalidValueFormat, e:
244 message_type = ADMIN_STATUS_WARN
245 return self.root_with_msg(message, message_type)
246 except UnauthorizedUser, e:
248 message_type = ADMIN_STATUS_ERROR
249 return self.root_with_msg(message, message_type)
250 except Exception as e: # pylint: disable=broad-except
251 self.debug("Error: %s" % repr(e))
252 message = "Internal Error"
253 message_type = ADMIN_STATUS_ERROR
254 return self.root_with_msg(message, message_type)
257 self.sp.save_properties()
258 message = "Properties successfully changed"
259 message_type = ADMIN_STATUS_OK
260 except Exception as e: # pylint: disable=broad-except
261 self.error('Failed to save data: %s' % e)
262 message = "Failed to save data!"
263 message_type = ADMIN_STATUS_ERROR
265 self.sp.refresh_config()
267 return self.root_with_msg(message=message,
268 message_type=message_type)
271 self.parent.del_sp(self.sp.name)
272 self.sp.permanently_delete()
273 return self.parent.root()
274 delete.public_function = True
277 class Saml2AdminPage(AdminPage):
278 def __init__(self, site, config):
279 super(Saml2AdminPage, self).__init__(site)
285 self.sp = AdminPage(self._site)
287 def add_sp(self, name, sp):
288 page = SPAdminPage(sp, self._site, self)
289 self.sp.add_subtree(name, page)
290 self.providers.append(sp)
293 def rename_sp(self, oldname, newname):
294 page = getattr(self.sp, oldname)
295 self.sp.del_subtree(oldname)
296 self.sp.add_subtree(newname, page)
298 def del_sp(self, name):
300 page = getattr(self.sp, name)
301 self.providers.remove(page.sp)
302 self.sp.del_subtree(name)
303 except Exception, e: # pylint: disable=broad-except
304 self.debug("Failed to remove provider %s: %s" % (name, str(e)))
308 for p in self.cfg.idp.get_providers():
310 sp = ServiceProvider(self.cfg, p)
312 self.add_sp(sp.name, sp)
313 except Exception, e: # pylint: disable=broad-except
314 self.debug("Failed to find provider %s: %s" % (p, str(e)))
316 def mount(self, page):
317 self.menu = page.menu
318 self.url = '%s/%s' % (page.url, self.name)
320 self.add_subtree('new', NewSPAdminPage(self._site, self))
321 page.add_subtree(self.name, self)
323 def root(self, *args, **kwargs):
324 return self._template('admin/providers/saml2.html',
325 title='SAML2 Administration',
326 providers=self.providers,