1 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
3 # see file 'COPYING' for use and warranty information
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from ipsilon.util import config as pconfig
20 from ipsilon.admin.common import AdminPage
21 from ipsilon.admin.common import ADMIN_STATUS_OK
22 from ipsilon.admin.common import ADMIN_STATUS_ERROR
23 from ipsilon.admin.common import ADMIN_STATUS_WARN
24 from ipsilon.admin.common import get_mapping_list_value
25 from ipsilon.admin.common import get_complex_list_value
26 from ipsilon.providers.saml2.provider import ServiceProvider
27 from ipsilon.providers.saml2.provider import ServiceProviderCreator
28 from ipsilon.providers.saml2.provider import InvalidProviderId
29 from copy import deepcopy
33 class NewSPAdminPage(AdminPage):
35 def __init__(self, site, parent):
36 super(NewSPAdminPage, self).__init__(site, form=True)
38 self.title = 'New Service Provider'
39 self.back = parent.url
40 self.url = '%s/new' % (parent.url,)
42 def form_new(self, message=None, message_type=None):
43 return self._template('admin/providers/saml2_sp_new.html',
46 message_type=message_type,
47 name='saml2_sp_new_form',
48 back=self.back, action=self.url)
50 def GET(self, *args, **kwargs):
51 return self.form_new()
53 def POST(self, *args, **kwargs):
55 if self.user.is_admin:
56 # TODO: allow authenticated user to create SPs on their own
57 # set the owner in that case
60 if 'content-type' not in cherrypy.request.headers:
61 self._debug("Invalid request, missing content-type")
62 message = "Malformed request"
63 message_type = ADMIN_STATUS_ERROR
64 return self.form_new(message, message_type)
65 ctype = cherrypy.request.headers['content-type'].split(';')[0]
66 if ctype != 'multipart/form-data':
67 self._debug("Invalid form type (%s), trying to cope" % (
68 cherrypy.request.content_type,))
69 for key, value in kwargs.iteritems():
72 elif key == 'metatext':
75 elif key == 'metafile':
76 if hasattr(value, 'content_type'):
77 meta = value.fullvalue()
79 self._debug("Invalid format for 'meta'")
80 elif key == 'metaurl':
83 r = requests.get(value)
86 except Exception, e: # pylint: disable=broad-except
87 self._debug("Failed to fetch metadata: " + repr(e))
88 message = "Failed to fetch metadata: " + repr(e)
89 message_type = ADMIN_STATUS_ERROR
90 return self.form_new(message, message_type)
94 spc = ServiceProviderCreator(self.parent.cfg)
95 sp = spc.create_from_buffer(name, meta)
96 sp_page = self.parent.add_sp(name, sp)
97 message = "SP Successfully added"
98 message_type = ADMIN_STATUS_OK
99 return sp_page.root_with_msg(message, message_type)
100 except InvalidProviderId, e:
102 message_type = ADMIN_STATUS_ERROR
103 except Exception, e: # pylint: disable=broad-except
105 message = "Failed to create Service Provider!"
106 message_type = ADMIN_STATUS_ERROR
108 message = "A name and a metadata file must be provided"
109 message_type = ADMIN_STATUS_ERROR
111 message = "Unauthorized"
112 message_type = ADMIN_STATUS_ERROR
114 return self.form_new(message, message_type)
117 class InvalidValueFormat(Exception):
121 class UnauthorizedUser(Exception):
125 class SPAdminPage(AdminPage):
127 def __init__(self, sp, site, parent):
128 super(SPAdminPage, self).__init__(site, form=True)
132 self.url = '%s/sp/%s' % (parent.url, sp.name)
134 self.back = parent.url
136 def root_with_msg(self, message=None, message_type=None):
137 return self._template('admin/option_config.html', title=self.title,
138 menu=self.menu, action=self.url, back=self.back,
139 message=message, message_type=message_type,
140 name='saml2_sp_%s_form' % (self.sp.name),
141 config=self.sp.get_config_obj())
143 def GET(self, *args, **kwargs):
144 return self.root_with_msg()
146 def POST(self, *args, **kwargs):
148 message = "Nothing was modified."
149 message_type = "info"
150 new_db_values = dict()
152 conf = self.sp.get_config_obj()
154 for name, option in conf.iteritems():
157 if isinstance(option, pconfig.List):
158 value = [x.strip() for x in value.split('\n')]
159 elif isinstance(option, pconfig.Condition):
162 if isinstance(option, pconfig.Condition):
164 elif isinstance(option, pconfig.Choice):
166 for a in option.get_allowed():
167 aname = '%s_%s' % (name, a)
170 elif type(option) is pconfig.ComplexList:
171 current = deepcopy(option.get_value())
172 value = get_complex_list_value(name,
177 elif type(option) is pconfig.MappingList:
178 current = deepcopy(option.get_value())
179 value = get_mapping_list_value(name,
187 if value != option.get_value():
188 if (type(option) is pconfig.List and
189 set(value) == set(option.get_value())):
191 cherrypy.log.error("Storing %s = %s" %
193 new_db_values[name] = value
195 if len(new_db_values) != 0:
197 # Validate user can make these changes
198 for (key, value) in new_db_values.iteritems():
200 if (not self.user.is_admin and
201 self.user.name != self.sp.owner):
202 raise UnauthorizedUser("Unauthorized to set owner")
203 elif key in ['Owner', 'Default NameID', 'Allowed NameIDs',
204 'Attribute Mapping', 'Allowed Attributes']:
205 if not self.user.is_admin:
206 raise UnauthorizedUser(
207 "Unauthorized to set %s" % key
210 # Make changes in current config
211 for name, option in conf.iteritems():
212 value = new_db_values.get(name, False)
215 if not self.sp.is_valid_name(value):
216 raise InvalidValueFormat(
217 'Invalid name! Use only numbers and'
221 self.url = '%s/sp/%s' % (self.parent.url, value)
222 self.parent.rename_sp(option.get_value(), value)
223 elif name == 'User Owner':
224 self.sp.owner = value
225 elif name == 'Default NameID':
226 self.sp.default_nameid = value
227 elif name == 'Allowed NameIDs':
228 self.sp.allowed_nameids = value
229 elif name == 'Attribute Mapping':
230 self.sp.attribute_mappings = value
231 elif name == 'Allowed Attributes':
232 self.sp.allowed_attributes = value
233 except InvalidValueFormat, e:
235 message_type = ADMIN_STATUS_WARN
236 return self.root_with_msg(message, message_type)
237 except UnauthorizedUser, e:
239 message_type = ADMIN_STATUS_ERROR
240 return self.root_with_msg(message, message_type)
241 except Exception as e: # pylint: disable=broad-except
242 self._debug("Error: %s" % repr(e))
243 message = "Internal Error"
244 message_type = ADMIN_STATUS_ERROR
245 return self.root_with_msg(message, message_type)
248 self.sp.save_properties()
249 message = "Properties successfully changed"
250 message_type = ADMIN_STATUS_OK
251 except Exception as e: # pylint: disable=broad-except
252 self.error('Failed to save data: %s' % e)
253 message = "Failed to save data!"
254 message_type = ADMIN_STATUS_ERROR
256 self.sp.refresh_config()
258 return self.root_with_msg(message=message,
259 message_type=message_type)
262 self.parent.del_sp(self.sp.name)
263 self.sp.permanently_delete()
264 return self.parent.root()
265 delete.public_function = True
268 class Saml2AdminPage(AdminPage):
269 def __init__(self, site, config):
270 super(Saml2AdminPage, self).__init__(site)
276 self.sp = AdminPage(self._site)
278 def add_sp(self, name, sp):
279 page = SPAdminPage(sp, self._site, self)
280 self.sp.add_subtree(name, page)
281 self.providers.append(sp)
284 def rename_sp(self, oldname, newname):
285 page = getattr(self.sp, oldname)
286 self.sp.del_subtree(oldname)
287 self.sp.add_subtree(newname, page)
289 def del_sp(self, name):
291 page = getattr(self.sp, name)
292 self.providers.remove(page.sp)
293 self.sp.del_subtree(name)
294 except Exception, e: # pylint: disable=broad-except
295 self._debug("Failed to remove provider %s: %s" % (name, str(e)))
299 for p in self.cfg.idp.get_providers():
301 sp = ServiceProvider(self.cfg, p)
303 self.add_sp(sp.name, sp)
304 except Exception, e: # pylint: disable=broad-except
305 self._debug("Failed to find provider %s: %s" % (p, str(e)))
307 def mount(self, page):
308 self.menu = page.menu
309 self.url = '%s/%s' % (page.url, self.name)
311 self.add_subtree('new', NewSPAdminPage(self._site, self))
312 page.add_subtree(self.name, self)
314 def root(self, *args, **kwargs):
315 return self._template('admin/providers/saml2.html',
316 title='SAML2 Administration',
317 providers=self.providers,