projects
/
cascardo
/
ipsilon.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Validate SP names for admin pages and REST
[cascardo/ipsilon.git]
/
ipsilon
/
providers
/
saml2
/
admin.py
diff --git
a/ipsilon/providers/saml2/admin.py
b/ipsilon/providers/saml2/admin.py
index
0ab2a41
..
2503be1
100644
(file)
--- a/
ipsilon/providers/saml2/admin.py
+++ b/
ipsilon/providers/saml2/admin.py
@@
-23,13
+23,9
@@
from ipsilon.admin.common import ADMIN_STATUS_WARN
from ipsilon.providers.saml2.provider import ServiceProvider
from ipsilon.providers.saml2.provider import ServiceProviderCreator
from ipsilon.providers.saml2.provider import InvalidProviderId
from ipsilon.providers.saml2.provider import ServiceProvider
from ipsilon.providers.saml2.provider import ServiceProviderCreator
from ipsilon.providers.saml2.provider import InvalidProviderId
-import re
import requests
import requests
-VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
-
-
class NewSPAdminPage(AdminPage):
def __init__(self, site, parent):
class NewSPAdminPage(AdminPage):
def __init__(self, site, parent):
@@
-68,12
+64,6
@@
class NewSPAdminPage(AdminPage):
cherrypy.request.content_type,))
for key, value in kwargs.iteritems():
if key == 'name':
cherrypy.request.content_type,))
for key, value in kwargs.iteritems():
if key == 'name':
- if re.search(VALID_IN_NAME, value):
- message = "Invalid name!" \
- " Use only numbers and letters"
- message_type = ADMIN_STATUS_ERROR
- return self.form_new(message, message_type)
-
name = value
elif key == 'metatext':
if len(value) > 0:
name = value
elif key == 'metatext':
if len(value) > 0:
@@
-156,7
+146,7
@@
class SPAdminPage(AdminPage):
return False
if self.user.is_admin or self.user.name == self.sp.owner:
return False
if self.user.is_admin or self.user.name == self.sp.owner:
- if
re.search(VALID_IN_NAME,
value):
+ if
not self.sp.is_valid_name(
value):
err = "Invalid name! Use only numbers and letters"
raise InvalidValueFormat(err)
err = "Invalid name! Use only numbers and letters"
raise InvalidValueFormat(err)