3 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
5 # see file 'COPYING' for use and warranty information
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from ipsilon.util.page import Page
22 from ipsilon.providers.saml2.provider import ServiceProvider
23 from ipsilon.providers.saml2.provider import ServiceProviderCreator
24 from ipsilon.providers.saml2.provider import InvalidProviderId
27 class NewSPAdminPage(Page):
29 def __init__(self, site, parent):
30 super(NewSPAdminPage, self).__init__(site)
32 self.title = 'New Service Provider'
33 self.backurl = parent.url
34 self.url = '%s/new' % (parent.url,)
36 def form_new(self, message=None, message_type=None):
37 return self._template('admin/providers/saml2_sp_new.html',
40 message_type=message_type,
41 name='saml2_sp_new_form',
42 backurl=self.backurl, action=self.url)
44 def GET(self, *args, **kwargs):
45 return self.form_new()
47 def POST(self, *args, **kwargs):
49 if self.user.is_admin:
50 #TODO: allow authenticated user to create SPs on their own
51 # set the owner in that case
54 if 'content-type' not in cherrypy.request.headers:
55 self._debug("Invalid request, missing content-type")
56 message = "Malformed request"
57 message_type = "error"
58 return self.form_new(message, message_type)
59 ctype = cherrypy.request.headers['content-type'].split(';')[0]
60 if ctype != 'multipart/form-data':
61 self._debug("Invalid form type (%s), trying to cope" % (
62 cherrypy.request.content_type,))
63 for key, value in kwargs.iteritems():
67 if hasattr(value, 'content_type'):
68 meta = value.fullvalue()
70 self._debug("Invalid format for 'meta'")
74 spc = ServiceProviderCreator(self.parent.cfg)
75 sp = spc.create_from_buffer(name, meta)
76 sp_page = self.parent.add_sp(name, sp)
77 message = "SP Successfully added"
78 message_type = "success"
79 return sp_page.form_standard(message, message_type)
80 except InvalidProviderId, e:
82 message_type = "error"
83 except Exception, e: # pylint: disable=broad-except
85 message = "Failed to create Service Provider!"
86 message_type = "error"
88 message = "A name and a metadata file must be provided"
89 message_type = "error"
91 message = "Unauthorized"
92 message_type = "error"
94 return self.form_new(message, message_type)
96 def root(self, *args, **kwargs):
97 op = getattr(self, cherrypy.request.method, self.GET)
99 return op(*args, **kwargs)
102 class SPAdminPage(Page):
104 def __init__(self, sp, site, parent):
105 super(SPAdminPage, self).__init__(site)
109 self.backurl = parent.url
110 self.url = '%s/sp/%s' % (parent.url, sp.name)
112 def form_standard(self, message=None, message_type=None):
113 return self._template('admin/providers/saml2_sp.html',
115 message_type=message_type,
117 name='saml2_sp_%s_form' % self.sp.name,
118 backurl=self.backurl, action=self.url,
121 def GET(self, *args, **kwargs):
122 return self.form_standard()
124 def POST(self, *args, **kwargs):
126 message = "Nothing was modified."
127 message_type = "info"
131 for key, value in kwargs.iteritems():
133 if value != self.sp.name:
134 if self.user.is_admin or self.user.name == self.sp.owner:
135 self._debug("Replacing %s: %s -> %s" %
136 (key, self.sp.name, value))
138 rename = [self.sp.name, value]
141 message = "Unauthorized to rename object"
142 message_type = "error"
143 return self.form_standard(message, message_type)
146 if value != self.sp.owner:
147 if self.user.is_admin:
148 self._debug("Replacing %s: %s -> %s" %
149 (key, self.sp.owner, value))
150 self.sp.owner = value
153 message = "Unauthorized to set owner value"
154 message_type = "error"
155 return self.form_standard(message, message_type)
157 elif key == 'default_nameid':
158 if value != self.sp.default_nameid:
159 if self.user.is_admin:
160 self._debug("Replacing %s: %s -> %s" %
161 (key, self.sp.default_nameid, value))
162 self.sp.default_nameid = value
165 message = "Unauthorized to set default nameid value"
166 message_type = "error"
167 return self.form_standard(message, message_type)
169 elif key == 'allowed_nameids':
170 v = set([x.strip() for x in value.split(',')])
171 if v != set(self.sp.allowed_nameids):
172 if self.user.is_admin:
173 self._debug("Replacing %s: %s -> %s" %
174 (key, self.sp.allowed_nameids, list(v)))
175 self.sp.allowed_nameids = list(v)
178 message = "Unauthorized to set allowed nameids value"
179 message_type = "error"
180 return self.form_standard(message, message_type)
184 self.sp.save_properties()
186 self.parent.rename_sp(rename[0], rename[1])
187 message = "Properties succssfully changed"
188 message_type = "success"
189 except Exception: # pylint: disable=broad-except
190 message = "Failed to save data!"
191 message_type = "error"
193 return self.form_standard(message, message_type)
195 def root(self, *args, **kwargs):
196 op = getattr(self, cherrypy.request.method, self.GET)
198 return op(*args, **kwargs)
201 self.parent.del_sp(self.sp.name)
202 self.sp.permanently_delete()
203 return self.parent.root()
204 delete.exposed = True
207 class AdminPage(Page):
208 def __init__(self, site, config):
209 super(AdminPage, self).__init__(site)
215 self.sp = Page(self._site)
217 def add_sp(self, name, sp):
218 page = SPAdminPage(sp, self._site, self)
219 self.sp.add_subtree(name, page)
220 self.providers.append(sp)
223 def rename_sp(self, oldname, newname):
224 page = getattr(self.sp, oldname)
225 self.sp.del_subtree(oldname)
226 self.sp.add_subtree(newname, page)
228 def del_sp(self, name):
230 page = getattr(self.sp, name)
231 self.providers.remove(page.sp)
232 self.sp.del_subtree(name)
233 except Exception, e: # pylint: disable=broad-except
234 self._debug("Failed to remove provider %s: %s" % (name, str(e)))
236 def mount(self, page):
237 self.menu = page.menu
238 self.url = '%s/%s' % (page.url, self.name)
239 for p in self.cfg.idp.get_providers():
241 sp = ServiceProvider(self.cfg, p)
242 self.add_sp(sp.name, sp)
243 except Exception, e: # pylint: disable=broad-except
244 self._debug("Failed to find provider %s: %s" % (p, str(e)))
245 self.add_subtree('new', NewSPAdminPage(self._site, self))
246 page.add_subtree(self.name, self)
248 def root(self, *args, **kwargs):
249 return self._template('admin/providers/saml2.html',
250 title='SAML2 Administration',
251 providers=self.providers,