projects / cascardo / ipsilon.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Admin functions to add new Service Providers
[cascardo/ipsilon.git] / ipsilon / providers / saml2 / admin.py
1 #!/usr/bin/python
2 #
3 # Copyright (C) 2014  Simo Sorce <simo@redhat.com>
4 #
5 # see file 'COPYING' for use and warranty information
6 #
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
19
20 import cherrypy
21 from ipsilon.util.page import Page
22 from ipsilon.providers.saml2.provider import ServiceProvider
23 from ipsilon.providers.saml2.provider import ServiceProviderCreator
24 from ipsilon.providers.saml2.provider import InvalidProviderId
25
26
27 class NewSPAdminPage(Page):
28
29     def __init__(self, site, parent):
30         super(NewSPAdminPage, self).__init__(site)
31         self.parent = parent
32         self.title = 'New Service Provider'
33         self.backurl = parent.url
34         self.url = '%s/new' % (parent.url,)
35
36     def form_new(self, message=None, message_type=None):
37         return self._template('admin/providers/saml2_sp_new.html',
38                               title=self.title,
39                               message=message,
40                               message_type=message_type,
41                               name='saml2_sp_new_form',
42                               backurl=self.backurl, action=self.url)
43
44     def GET(self, *args, **kwargs):
45         return self.form_new()
46
47     def POST(self, *args, **kwargs):
48
49         if self.user.is_admin:
50             #TODO: allow authenticated user to create SPs on their own
51             #      set the owner in that case
52             name = None
53             meta = None
54             if 'content-type' not in cherrypy.request.headers:
55                 self._debug("Invalid request, missing content-type")
56                 message = "Malformed request"
57                 message_type = "error"
58                 return self.form_new(message, message_type)
59             ctype = cherrypy.request.headers['content-type'].split(';')[0]
60             if ctype != 'multipart/form-data':
61                 self._debug("Invalid form type (%s), trying to cope" % (
62                             cherrypy.request.content_type,))
63             for key, value in kwargs.iteritems():
64                 if key == 'name':
65                     name = value
66                 elif key == 'meta':
67                     if hasattr(value, 'content_type'):
68                         meta = value.fullvalue()
69                     else:
70                         self._debug("Invalid format for 'meta'")
71
72             if name and meta:
73                 try:
74                     spc = ServiceProviderCreator(self.parent.cfg)
75                     sp = spc.create_from_buffer(name, meta)
76                     sp_page = self.parent.add_sp(name, sp)
77                     message = "SP Successfully added"
78                     message_type = "success"
79                     return sp_page.form_standard(message, message_type)
80                 except InvalidProviderId, e:
81                     message = str(e)
82                     message_type = "error"
83                 except Exception, e:  # pylint: disable=broad-except
84                     self._debug(repr(e))
85                     message = "Failed to create Service Provider!"
86                     message_type = "error"
87             else:
88                 message = "A name and a metadata file must be provided"
89                 message_type = "error"
90         else:
91             message = "Unauthorized"
92             message_type = "error"
93
94         return self.form_new(message, message_type)
95
96     def root(self, *args, **kwargs):
97         op = getattr(self, cherrypy.request.method, self.GET)
98         if callable(op):
99             return op(*args, **kwargs)
100
101
102 class SPAdminPage(Page):
103
104     def __init__(self, sp, site, parent):
105         super(SPAdminPage, self).__init__(site)
106         self.sp = sp
107         self.title = sp.name
108         self.backurl = parent.url
109         self.url = '%s/sp/%s' % (parent.url, sp.name)
110
111     def form_standard(self, message=None, message_type=None):
112         return self._template('admin/providers/saml2_sp.html',
113                               message=message,
114                               message_type=message_type,
115                               title=self.title,
116                               name='saml2_sp_%s_form' % self.sp.name,
117                               backurl=self.backurl, action=self.url,
118                               data=self.sp)
119
120     def GET(self, *args, **kwargs):
121         return self.form_standard()
122
123     def POST(self, *args, **kwargs):
124
125         message = "Nothing was modified."
126         message_type = "info"
127         save = False
128
129         for key, value in kwargs.iteritems():
130             if key == 'name':
131                 if value != self.sp.name:
132                     if self.user.is_admin or self.user.name == self.sp.owner:
133                         self._debug("Replacing %s: %s -> %s" %
134                                     (key, self.sp.name, value))
135                         self.sp.name = value
136                         save = True
137                     else:
138                         message = "Unauthorized to rename object"
139                         message_type = "error"
140                         return self.form_standard(message, message_type)
141
142             elif key == 'owner':
143                 if value != self.sp.owner:
144                     if self.user.is_admin:
145                         self._debug("Replacing %s: %s -> %s" %
146                                     (key, self.sp.owner, value))
147                         self.sp.owner = value
148                         save = True
149                     else:
150                         message = "Unauthorized to set owner value"
151                         message_type = "error"
152                         return self.form_standard(message, message_type)
153
154             elif key == 'default_nameid':
155                 if value != self.sp.default_nameid:
156                     if self.user.is_admin:
157                         self._debug("Replacing %s: %s -> %s" %
158                                     (key, self.sp.default_nameid, value))
159                         self.sp.default_nameid = value
160                         save = True
161                     else:
162                         message = "Unauthorized to set default nameid value"
163                         message_type = "error"
164                         return self.form_standard(message, message_type)
165
166             elif key == 'allowed_nameids':
167                 v = set([x.strip() for x in value.split(',')])
168                 if v != set(self.sp.allowed_nameids):
169                     if self.user.is_admin:
170                         self._debug("Replacing %s: %s -> %s" %
171                                     (key, self.sp.allowed_nameids, list(v)))
172                         self.sp.allowed_nameids = list(v)
173                         save = True
174                     else:
175                         message = "Unauthorized to set allowed nameids value"
176                         message_type = "error"
177                         return self.form_standard(message, message_type)
178
179         if save:
180             try:
181                 self.sp.save_properties()
182                 message = "Properties succssfully changed"
183                 message_type = "success"
184             except Exception:  # pylint: disable=broad-except
185                 message = "Failed to save data!"
186                 message_type = "error"
187
188         return self.form_standard(message, message_type)
189
190     def root(self, *args, **kwargs):
191         op = getattr(self, cherrypy.request.method, self.GET)
192         if callable(op):
193             return op(*args, **kwargs)
194
195
196 class AdminPage(Page):
197     def __init__(self, site, config):
198         super(AdminPage, self).__init__(site)
199         self.name = 'admin'
200         self.cfg = config
201         self.providers = []
202         self.menu = []
203         self.url = None
204         self.sp = Page(self._site)
205
206     def add_sp(self, name, sp):
207         page = SPAdminPage(sp, self._site, self)
208         self.sp.add_subtree(name, page)
209         self.providers.append(sp)
210         return page
211
212     def mount(self, page):
213         self.menu = page.menu
214         self.url = '%s/%s' % (page.url, self.name)
215         for p in self.cfg.idp.get_providers():
216             try:
217                 sp = ServiceProvider(self.cfg, p)
218                 self.add_sp(sp.name, sp)
219             except Exception, e:  # pylint: disable=broad-except
220                 self._debug("Failed to find provider %s: %s" % (p, str(e)))
221         self.add_subtree('new', NewSPAdminPage(self._site, self))
222         page.add_subtree(self.name, self)
223
224     def root(self, *args, **kwargs):
225         return self._template('admin/providers/saml2.html',
226                               title='SAML2 Administration',
227                               providers=self.providers,
228                               baseurl=self.url,
229                               menu=self.menu)
Unnamed repository; edit this file 'description' to name the repository.