ipsilon/providers/saml2/admin.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (C) 2014  Simo Sorce <simo@redhat.com>
   4 #
   5 # see file 'COPYING' for use and warranty information
   6 #
   7 # This program is free software; you can redistribute it and/or modify
   8 # it under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation, either version 3 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # This program is distributed in the hope that it will be useful,
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 # GNU General Public License for more details.
  16 #
  17 # You should have received a copy of the GNU General Public License
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19
  20 import cherrypy
  21 from ipsilon.util.page import Page
  22 from ipsilon.providers.saml2.provider import ServiceProvider
  23 from ipsilon.providers.saml2.provider import ServiceProviderCreator
  24 from ipsilon.providers.saml2.provider import InvalidProviderId
  25
  26
  27 class NewSPAdminPage(Page):
  28
  29     def __init__(self, site, parent):
  30         super(NewSPAdminPage, self).__init__(site)
  31         self.parent = parent
  32         self.title = 'New Service Provider'
  33         self.backurl = parent.url
  34         self.url = '%s/new' % (parent.url,)
  35
  36     def form_new(self, message=None, message_type=None):
  37         return self._template('admin/providers/saml2_sp_new.html',
  38                               title=self.title,
  39                               message=message,
  40                               message_type=message_type,
  41                               name='saml2_sp_new_form',
  42                               backurl=self.backurl, action=self.url)
  43
  44     def GET(self, *args, **kwargs):
  45         return self.form_new()
  46
  47     def POST(self, *args, **kwargs):
  48
  49         if self.user.is_admin:
  50             #TODO: allow authenticated user to create SPs on their own
  51             #      set the owner in that case
  52             name = None
  53             meta = None
  54             if 'content-type' not in cherrypy.request.headers:
  55                 self._debug("Invalid request, missing content-type")
  56                 message = "Malformed request"
  57                 message_type = "error"
  58                 return self.form_new(message, message_type)
  59             ctype = cherrypy.request.headers['content-type'].split(';')[0]
  60             if ctype != 'multipart/form-data':
  61                 self._debug("Invalid form type (%s), trying to cope" % (
  62                             cherrypy.request.content_type,))
  63             for key, value in kwargs.iteritems():
  64                 if key == 'name':
  65                     name = value
  66                 elif key == 'meta':
  67                     if hasattr(value, 'content_type'):
  68                         meta = value.fullvalue()
  69                     else:
  70                         self._debug("Invalid format for 'meta'")
  71
  72             if name and meta:
  73                 try:
  74                     spc = ServiceProviderCreator(self.parent.cfg)
  75                     sp = spc.create_from_buffer(name, meta)
  76                     sp_page = self.parent.add_sp(name, sp)
  77                     message = "SP Successfully added"
  78                     message_type = "success"
  79                     return sp_page.form_standard(message, message_type)
  80                 except InvalidProviderId, e:
  81                     message = str(e)
  82                     message_type = "error"
  83                 except Exception, e:  # pylint: disable=broad-except
  84                     self._debug(repr(e))
  85                     message = "Failed to create Service Provider!"
  86                     message_type = "error"
  87             else:
  88                 message = "A name and a metadata file must be provided"
  89                 message_type = "error"
  90         else:
  91             message = "Unauthorized"
  92             message_type = "error"
  93
  94         return self.form_new(message, message_type)
  95
  96     def root(self, *args, **kwargs):
  97         op = getattr(self, cherrypy.request.method, self.GET)
  98         if callable(op):
  99             return op(*args, **kwargs)
 100
 101
 102 class SPAdminPage(Page):
 103
 104     def __init__(self, sp, site, parent):
 105         super(SPAdminPage, self).__init__(site)
 106         self.parent = parent
 107         self.sp = sp
 108         self.title = sp.name
 109         self.backurl = parent.url
 110         self.url = '%s/sp/%s' % (parent.url, sp.name)
 111
 112     def form_standard(self, message=None, message_type=None):
 113         return self._template('admin/providers/saml2_sp.html',
 114                               message=message,
 115                               message_type=message_type,
 116                               title=self.title,
 117                               name='saml2_sp_%s_form' % self.sp.name,
 118                               backurl=self.backurl, action=self.url,
 119                               data=self.sp)
 120
 121     def GET(self, *args, **kwargs):
 122         return self.form_standard()
 123
 124     def POST(self, *args, **kwargs):
 125
 126         message = "Nothing was modified."
 127         message_type = "info"
 128         rename = None
 129         save = False
 130
 131         for key, value in kwargs.iteritems():
 132             if key == 'name':
 133                 if value != self.sp.name:
 134                     if self.user.is_admin or self.user.name == self.sp.owner:
 135                         self._debug("Replacing %s: %s -> %s" %
 136                                     (key, self.sp.name, value))
 137                         self.sp.name = value
 138                         rename = [self.sp.name, value]
 139                         save = True
 140                     else:
 141                         message = "Unauthorized to rename object"
 142                         message_type = "error"
 143                         return self.form_standard(message, message_type)
 144
 145             elif key == 'owner':
 146                 if value != self.sp.owner:
 147                     if self.user.is_admin:
 148                         self._debug("Replacing %s: %s -> %s" %
 149                                     (key, self.sp.owner, value))
 150                         self.sp.owner = value
 151                         save = True
 152                     else:
 153                         message = "Unauthorized to set owner value"
 154                         message_type = "error"
 155                         return self.form_standard(message, message_type)
 156
 157             elif key == 'default_nameid':
 158                 if value != self.sp.default_nameid:
 159                     if self.user.is_admin:
 160                         self._debug("Replacing %s: %s -> %s" %
 161                                     (key, self.sp.default_nameid, value))
 162                         self.sp.default_nameid = value
 163                         save = True
 164                     else:
 165                         message = "Unauthorized to set default nameid value"
 166                         message_type = "error"
 167                         return self.form_standard(message, message_type)
 168
 169             elif key == 'allowed_nameids':
 170                 v = set([x.strip() for x in value.split(',')])
 171                 if v != set(self.sp.allowed_nameids):
 172                     if self.user.is_admin:
 173                         self._debug("Replacing %s: %s -> %s" %
 174                                     (key, self.sp.allowed_nameids, list(v)))
 175                         self.sp.allowed_nameids = list(v)
 176                         save = True
 177                     else:
 178                         message = "Unauthorized to set allowed nameids value"
 179                         message_type = "error"
 180                         return self.form_standard(message, message_type)
 181
 182         if save:
 183             try:
 184                 self.sp.save_properties()
 185                 if rename:
 186                     self.parent.rename_sp(rename[0], rename[1])
 187                 message = "Properties succssfully changed"
 188                 message_type = "success"
 189             except Exception:  # pylint: disable=broad-except
 190                 message = "Failed to save data!"
 191                 message_type = "error"
 192
 193         return self.form_standard(message, message_type)
 194
 195     def root(self, *args, **kwargs):
 196         op = getattr(self, cherrypy.request.method, self.GET)
 197         if callable(op):
 198             return op(*args, **kwargs)
 199
 200     def delete(self):
 201         self.parent.del_sp(self.sp.name)
 202         self.sp.permanently_delete()
 203         return self.parent.root()
 204     delete.exposed = True
 205
 206
 207 class AdminPage(Page):
 208     def __init__(self, site, config):
 209         super(AdminPage, self).__init__(site)
 210         self.name = 'admin'
 211         self.cfg = config
 212         self.providers = []
 213         self.menu = []
 214         self.url = None
 215         self.sp = Page(self._site)
 216
 217     def add_sp(self, name, sp):
 218         page = SPAdminPage(sp, self._site, self)
 219         self.sp.add_subtree(name, page)
 220         self.providers.append(sp)
 221         return page
 222
 223     def rename_sp(self, oldname, newname):
 224         page = getattr(self.sp, oldname)
 225         self.sp.del_subtree(oldname)
 226         self.sp.add_subtree(newname, page)
 227
 228     def del_sp(self, name):
 229         try:
 230             page = getattr(self.sp, name)
 231             self.providers.remove(page.sp)
 232             self.sp.del_subtree(name)
 233         except Exception, e:  # pylint: disable=broad-except
 234             self._debug("Failed to remove provider %s: %s" % (name, str(e)))
 235
 236     def mount(self, page):
 237         self.menu = page.menu
 238         self.url = '%s/%s' % (page.url, self.name)
 239         for p in self.cfg.idp.get_providers():
 240             try:
 241                 sp = ServiceProvider(self.cfg, p)
 242                 self.add_sp(sp.name, sp)
 243             except Exception, e:  # pylint: disable=broad-except
 244                 self._debug("Failed to find provider %s: %s" % (p, str(e)))
 245         self.add_subtree('new', NewSPAdminPage(self._site, self))
 246         page.add_subtree(self.name, self)
 247
 248     def root(self, *args, **kwargs):
 249         return self._template('admin/providers/saml2.html',
 250                               title='SAML2 Administration',
 251                               providers=self.providers,
 252                               baseurl=self.url,
 253                               menu=self.menu)