1 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
3 # see file 'COPYING' for use and warranty information
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from ipsilon.util import config as pconfig
20 from ipsilon.admin.common import AdminPage
21 from ipsilon.admin.common import ADMIN_STATUS_OK
22 from ipsilon.admin.common import ADMIN_STATUS_ERROR
23 from ipsilon.admin.common import ADMIN_STATUS_WARN
24 from ipsilon.admin.common import get_mapping_list_value
25 from ipsilon.admin.common import get_complex_list_value
26 from ipsilon.providers.saml2.provider import ServiceProvider
27 from ipsilon.providers.saml2.provider import ServiceProviderCreator
28 from ipsilon.providers.saml2.provider import InvalidProviderId
29 from copy import deepcopy
33 class NewSPAdminPage(AdminPage):
35 def __init__(self, site, parent):
36 super(NewSPAdminPage, self).__init__(site, form=True)
38 self.title = 'New Service Provider'
39 self.back = parent.url
40 self.url = '%s/new' % (parent.url,)
42 def form_new(self, message=None, message_type=None):
43 return self._template('admin/providers/saml2_sp_new.html',
46 message_type=message_type,
47 name='saml2_sp_new_form',
48 back=self.back, action=self.url)
50 def GET(self, *args, **kwargs):
51 return self.form_new()
53 def POST(self, *args, **kwargs):
55 if self.user.is_admin:
56 # TODO: allow authenticated user to create SPs on their own
57 # set the owner in that case
60 if 'content-type' not in cherrypy.request.headers:
61 self.debug("Invalid request, missing content-type")
62 message = "Malformed request"
63 message_type = ADMIN_STATUS_ERROR
64 return self.form_new(message, message_type)
65 ctype = cherrypy.request.headers['content-type'].split(';')[0]
66 if ctype != 'multipart/form-data':
67 self.debug("Invalid form type (%s), trying to cope" % (
68 cherrypy.request.content_type,))
69 for key, value in kwargs.iteritems():
72 elif key == 'metatext':
75 elif key == 'metafile':
76 if hasattr(value, 'content_type'):
77 meta = value.fullvalue()
79 self.debug("Invalid format for 'meta'")
80 elif key == 'metaurl':
83 r = requests.get(value)
86 except Exception, e: # pylint: disable=broad-except
87 self.debug("Failed to fetch metadata: " + repr(e))
88 message = "Failed to fetch metadata: " + repr(e)
89 message_type = ADMIN_STATUS_ERROR
90 return self.form_new(message, message_type)
94 spc = ServiceProviderCreator(self.parent.cfg)
95 sp = spc.create_from_buffer(name, meta)
96 sp_page = self.parent.add_sp(name, sp)
97 message = "SP Successfully added"
98 message_type = ADMIN_STATUS_OK
99 return sp_page.root_with_msg(message, message_type)
100 except InvalidProviderId, e:
102 message_type = ADMIN_STATUS_ERROR
103 except Exception, e: # pylint: disable=broad-except
105 message = "Failed to create Service Provider!"
106 message_type = ADMIN_STATUS_ERROR
108 message = "A name and a metadata file must be provided"
109 message_type = ADMIN_STATUS_ERROR
111 message = "Unauthorized"
112 message_type = ADMIN_STATUS_ERROR
114 return self.form_new(message, message_type)
117 class InvalidValueFormat(Exception):
121 class UnauthorizedUser(Exception):
125 class SPAdminPage(AdminPage):
127 def __init__(self, sp, site, parent):
128 super(SPAdminPage, self).__init__(site, form=True)
132 self.url = '%s/sp/%s' % (parent.url, sp.name)
134 self.back = parent.url
136 def root_with_msg(self, message=None, message_type=None):
137 return self._template('admin/option_config.html', title=self.title,
138 menu=self.menu, action=self.url, back=self.back,
139 message=message, message_type=message_type,
140 name='saml2_sp_%s_form' % (self.sp.name),
141 config=self.sp.get_config_obj())
143 def GET(self, *args, **kwargs):
144 return self.root_with_msg()
146 def POST(self, *args, **kwargs):
148 message = "Nothing was modified."
149 message_type = "info"
150 new_db_values = dict()
152 conf = self.sp.get_config_obj()
154 for name, option in conf.iteritems():
157 if isinstance(option, pconfig.List):
158 value = [x.strip() for x in value.split('\n')]
159 elif isinstance(option, pconfig.Condition):
162 if isinstance(option, pconfig.Condition):
164 elif isinstance(option, pconfig.Choice):
166 for a in option.get_allowed():
167 aname = '%s_%s' % (name, a)
170 elif type(option) is pconfig.ComplexList:
171 current = deepcopy(option.get_value())
172 value = get_complex_list_value(name,
175 # if current value is None do nothing
177 if option.get_value() is None:
179 # else pass and let it continue as None
180 elif type(option) is pconfig.MappingList:
181 current = deepcopy(option.get_value())
182 value = get_mapping_list_value(name,
185 # if current value is None do nothing
187 if option.get_value() is None:
189 # else pass and let it continue as None
193 if value != option.get_value():
194 if (type(option) is pconfig.List and
195 set(value) == set(option.get_value())):
197 cherrypy.log.error("Storing %s = %s" %
199 new_db_values[name] = value
201 if len(new_db_values) != 0:
203 # Validate user can make these changes
204 for (key, value) in new_db_values.iteritems():
206 if (not self.user.is_admin and
207 self.user.name != self.sp.owner):
208 raise UnauthorizedUser("Unauthorized to set owner")
209 elif key in ['Owner', 'Default NameID', 'Allowed NameIDs',
210 'Attribute Mapping', 'Allowed Attributes']:
211 if not self.user.is_admin:
212 raise UnauthorizedUser(
213 "Unauthorized to set %s" % key
216 # Make changes in current config
217 for name, option in conf.iteritems():
218 value = new_db_values.get(name, False)
219 # A value of None means remove from the data store
220 if value is False or value == []:
223 if not self.sp.is_valid_name(value):
224 raise InvalidValueFormat(
225 'Invalid name! Use only numbers and'
229 self.url = '%s/sp/%s' % (self.parent.url, value)
230 self.parent.rename_sp(option.get_value(), value)
231 elif name == 'User Owner':
232 self.sp.owner = value
233 elif name == 'Default NameID':
234 self.sp.default_nameid = value
235 elif name == 'Allowed NameIDs':
236 self.sp.allowed_nameids = value
237 elif name == 'Attribute Mapping':
238 self.sp.attribute_mappings = value
239 elif name == 'Allowed Attributes':
240 self.sp.allowed_attributes = value
241 except InvalidValueFormat, e:
243 message_type = ADMIN_STATUS_WARN
244 return self.root_with_msg(message, message_type)
245 except UnauthorizedUser, e:
247 message_type = ADMIN_STATUS_ERROR
248 return self.root_with_msg(message, message_type)
249 except Exception as e: # pylint: disable=broad-except
250 self.debug("Error: %s" % repr(e))
251 message = "Internal Error"
252 message_type = ADMIN_STATUS_ERROR
253 return self.root_with_msg(message, message_type)
256 self.sp.save_properties()
257 message = "Properties successfully changed"
258 message_type = ADMIN_STATUS_OK
259 except Exception as e: # pylint: disable=broad-except
260 self.error('Failed to save data: %s' % e)
261 message = "Failed to save data!"
262 message_type = ADMIN_STATUS_ERROR
264 self.sp.refresh_config()
266 return self.root_with_msg(message=message,
267 message_type=message_type)
270 self.parent.del_sp(self.sp.name)
271 self.sp.permanently_delete()
272 return self.parent.root()
273 delete.public_function = True
276 class Saml2AdminPage(AdminPage):
277 def __init__(self, site, config):
278 super(Saml2AdminPage, self).__init__(site)
284 self.sp = AdminPage(self._site)
286 def add_sp(self, name, sp):
287 page = SPAdminPage(sp, self._site, self)
288 self.sp.add_subtree(name, page)
289 self.providers.append(sp)
292 def rename_sp(self, oldname, newname):
293 page = getattr(self.sp, oldname)
294 self.sp.del_subtree(oldname)
295 self.sp.add_subtree(newname, page)
297 def del_sp(self, name):
299 page = getattr(self.sp, name)
300 self.providers.remove(page.sp)
301 self.sp.del_subtree(name)
302 except Exception, e: # pylint: disable=broad-except
303 self.debug("Failed to remove provider %s: %s" % (name, str(e)))
307 for p in self.cfg.idp.get_providers():
309 sp = ServiceProvider(self.cfg, p)
311 self.add_sp(sp.name, sp)
312 except Exception, e: # pylint: disable=broad-except
313 self.debug("Failed to find provider %s: %s" % (p, str(e)))
315 def mount(self, page):
316 self.menu = page.menu
317 self.url = '%s/%s' % (page.url, self.name)
319 self.add_subtree('new', NewSPAdminPage(self._site, self))
320 page.add_subtree(self.name, self)
322 def root(self, *args, **kwargs):
323 return self._template('admin/providers/saml2.html',
324 title='SAML2 Administration',
325 providers=self.providers,