ipsilon/providers/saml2/admin.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (C) 2014  Simo Sorce <simo@redhat.com>
   4 #
   5 # see file 'COPYING' for use and warranty information
   6 #
   7 # This program is free software; you can redistribute it and/or modify
   8 # it under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation, either version 3 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # This program is distributed in the hope that it will be useful,
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 # GNU General Public License for more details.
  16 #
  17 # You should have received a copy of the GNU General Public License
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19
  20 import cherrypy
  21 from ipsilon.util.page import Page
  22 from ipsilon.providers.saml2.provider import ServiceProvider
  23 from ipsilon.providers.saml2.provider import ServiceProviderCreator
  24 from ipsilon.providers.saml2.provider import InvalidProviderId
  25 import re
  26
  27
  28 VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
  29
  30
  31 class NewSPAdminPage(Page):
  32
  33     def __init__(self, site, parent):
  34         super(NewSPAdminPage, self).__init__(site)
  35         self.parent = parent
  36         self.title = 'New Service Provider'
  37         self.backurl = parent.url
  38         self.url = '%s/new' % (parent.url,)
  39
  40     def form_new(self, message=None, message_type=None):
  41         return self._template('admin/providers/saml2_sp_new.html',
  42                               title=self.title,
  43                               message=message,
  44                               message_type=message_type,
  45                               name='saml2_sp_new_form',
  46                               backurl=self.backurl, action=self.url)
  47
  48     def GET(self, *args, **kwargs):
  49         return self.form_new()
  50
  51     def POST(self, *args, **kwargs):
  52
  53         if self.user.is_admin:
  54             #TODO: allow authenticated user to create SPs on their own
  55             #      set the owner in that case
  56             name = None
  57             meta = None
  58             if 'content-type' not in cherrypy.request.headers:
  59                 self._debug("Invalid request, missing content-type")
  60                 message = "Malformed request"
  61                 message_type = "error"
  62                 return self.form_new(message, message_type)
  63             ctype = cherrypy.request.headers['content-type'].split(';')[0]
  64             if ctype != 'multipart/form-data':
  65                 self._debug("Invalid form type (%s), trying to cope" % (
  66                             cherrypy.request.content_type,))
  67             for key, value in kwargs.iteritems():
  68                 if key == 'name':
  69                     if re.search(VALID_IN_NAME, value):
  70                         message = "Invalid name!" \
  71                                   " Use only numbers and letters"
  72                         message_type = "error"
  73                         return self.form_new(message, message_type)
  74
  75                     name = value
  76                 elif key == 'meta':
  77                     if hasattr(value, 'content_type'):
  78                         meta = value.fullvalue()
  79                     else:
  80                         self._debug("Invalid format for 'meta'")
  81
  82             if name and meta:
  83                 try:
  84                     spc = ServiceProviderCreator(self.parent.cfg)
  85                     sp = spc.create_from_buffer(name, meta)
  86                     sp_page = self.parent.add_sp(name, sp)
  87                     message = "SP Successfully added"
  88                     message_type = "success"
  89                     return sp_page.form_standard(message, message_type)
  90                 except InvalidProviderId, e:
  91                     message = str(e)
  92                     message_type = "error"
  93                 except Exception, e:  # pylint: disable=broad-except
  94                     self._debug(repr(e))
  95                     message = "Failed to create Service Provider!"
  96                     message_type = "error"
  97             else:
  98                 message = "A name and a metadata file must be provided"
  99                 message_type = "error"
 100         else:
 101             message = "Unauthorized"
 102             message_type = "error"
 103
 104         return self.form_new(message, message_type)
 105
 106     def root(self, *args, **kwargs):
 107         op = getattr(self, cherrypy.request.method, self.GET)
 108         if callable(op):
 109             return op(*args, **kwargs)
 110
 111
 112 class SPAdminPage(Page):
 113
 114     def __init__(self, sp, site, parent):
 115         super(SPAdminPage, self).__init__(site)
 116         self.parent = parent
 117         self.sp = sp
 118         self.title = sp.name
 119         self.backurl = parent.url
 120         self.url = '%s/sp/%s' % (parent.url, sp.name)
 121
 122     def form_standard(self, message=None, message_type=None):
 123         return self._template('admin/providers/saml2_sp.html',
 124                               message=message,
 125                               message_type=message_type,
 126                               title=self.title,
 127                               name='saml2_sp_%s_form' % self.sp.name,
 128                               backurl=self.backurl, action=self.url,
 129                               data=self.sp)
 130
 131     def GET(self, *args, **kwargs):
 132         return self.form_standard()
 133
 134     def POST(self, *args, **kwargs):
 135
 136         message = "Nothing was modified."
 137         message_type = "info"
 138         rename = None
 139         save = False
 140
 141         for key, value in kwargs.iteritems():
 142             if key == 'name':
 143                 if value != self.sp.name:
 144                     if self.user.is_admin or self.user.name == self.sp.owner:
 145                         if re.search(VALID_IN_NAME, value):
 146                             message = "Invalid name!" \
 147                                       " Use only numbers and letters"
 148                             message_type = "error"
 149                             return self.form_standard(message, message_type)
 150
 151                         self._debug("Replacing %s: %s -> %s" %
 152                                     (key, self.sp.name, value))
 153                         self.sp.name = value
 154                         rename = [self.sp.name, value]
 155                         save = True
 156                     else:
 157                         message = "Unauthorized to rename object"
 158                         message_type = "error"
 159                         return self.form_standard(message, message_type)
 160
 161             elif key == 'owner':
 162                 if value != self.sp.owner:
 163                     if self.user.is_admin:
 164                         self._debug("Replacing %s: %s -> %s" %
 165                                     (key, self.sp.owner, value))
 166                         self.sp.owner = value
 167                         save = True
 168                     else:
 169                         message = "Unauthorized to set owner value"
 170                         message_type = "error"
 171                         return self.form_standard(message, message_type)
 172
 173             elif key == 'default_nameid':
 174                 if value != self.sp.default_nameid:
 175                     if self.user.is_admin:
 176                         self._debug("Replacing %s: %s -> %s" %
 177                                     (key, self.sp.default_nameid, value))
 178                         self.sp.default_nameid = value
 179                         save = True
 180                     else:
 181                         message = "Unauthorized to set default nameid value"
 182                         message_type = "error"
 183                         return self.form_standard(message, message_type)
 184
 185             elif key == 'allowed_nameids':
 186                 v = set([x.strip() for x in value.split(',')])
 187                 if v != set(self.sp.allowed_nameids):
 188                     if self.user.is_admin:
 189                         self._debug("Replacing %s: %s -> %s" %
 190                                     (key, self.sp.allowed_nameids, list(v)))
 191                         self.sp.allowed_nameids = list(v)
 192                         save = True
 193                     else:
 194                         message = "Unauthorized to set allowed nameids value"
 195                         message_type = "error"
 196                         return self.form_standard(message, message_type)
 197
 198         if save:
 199             try:
 200                 self.sp.save_properties()
 201                 if rename:
 202                     self.parent.rename_sp(rename[0], rename[1])
 203                 message = "Properties succssfully changed"
 204                 message_type = "success"
 205             except Exception:  # pylint: disable=broad-except
 206                 message = "Failed to save data!"
 207                 message_type = "error"
 208
 209         return self.form_standard(message, message_type)
 210
 211     def root(self, *args, **kwargs):
 212         op = getattr(self, cherrypy.request.method, self.GET)
 213         if callable(op):
 214             return op(*args, **kwargs)
 215
 216     def delete(self):
 217         self.parent.del_sp(self.sp.name)
 218         self.sp.permanently_delete()
 219         return self.parent.root()
 220     delete.exposed = True
 221
 222
 223 class AdminPage(Page):
 224     def __init__(self, site, config):
 225         super(AdminPage, self).__init__(site)
 226         self.name = 'admin'
 227         self.cfg = config
 228         self.providers = []
 229         self.menu = []
 230         self.url = None
 231         self.sp = Page(self._site)
 232
 233     def add_sp(self, name, sp):
 234         page = SPAdminPage(sp, self._site, self)
 235         self.sp.add_subtree(name, page)
 236         self.providers.append(sp)
 237         return page
 238
 239     def rename_sp(self, oldname, newname):
 240         page = getattr(self.sp, oldname)
 241         self.sp.del_subtree(oldname)
 242         self.sp.add_subtree(newname, page)
 243
 244     def del_sp(self, name):
 245         try:
 246             page = getattr(self.sp, name)
 247             self.providers.remove(page.sp)
 248             self.sp.del_subtree(name)
 249         except Exception, e:  # pylint: disable=broad-except
 250             self._debug("Failed to remove provider %s: %s" % (name, str(e)))
 251
 252     def mount(self, page):
 253         self.menu = page.menu
 254         self.url = '%s/%s' % (page.url, self.name)
 255         for p in self.cfg.idp.get_providers():
 256             try:
 257                 sp = ServiceProvider(self.cfg, p)
 258                 self.add_sp(sp.name, sp)
 259             except Exception, e:  # pylint: disable=broad-except
 260                 self._debug("Failed to find provider %s: %s" % (p, str(e)))
 261         self.add_subtree('new', NewSPAdminPage(self._site, self))
 262         page.add_subtree(self.name, self)
 263
 264     def root(self, *args, **kwargs):
 265         return self._template('admin/providers/saml2.html',
 266                               title='SAML2 Administration',
 267                               providers=self.providers,
 268                               baseurl=self.url,
 269                               menu=self.menu)