Fix E256 with stricter pep8 error checker
[cascardo/ipsilon.git] / ipsilon / providers / saml2 / admin.py
index 1e1ddb7..a9fb9e0 100755 (executable)
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import cherrypy
 from ipsilon.util.page import Page
 from ipsilon.providers.saml2.provider import ServiceProvider
+from ipsilon.providers.saml2.provider import ServiceProviderCreator
+from ipsilon.providers.saml2.provider import InvalidProviderId
+import re
+
+
+VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
+
+
+class NewSPAdminPage(Page):
+
+    def __init__(self, site, parent):
+        super(NewSPAdminPage, self).__init__(site, form=True)
+        self.parent = parent
+        self.title = 'New Service Provider'
+        self.backurl = parent.url
+        self.url = '%s/new' % (parent.url,)
+
+    def form_new(self, message=None, message_type=None):
+        return self._template('admin/providers/saml2_sp_new.html',
+                              title=self.title,
+                              message=message,
+                              message_type=message_type,
+                              name='saml2_sp_new_form',
+                              backurl=self.backurl, action=self.url)
+
+    def GET(self, *args, **kwargs):
+        return self.form_new()
+
+    def POST(self, *args, **kwargs):
+
+        if self.user.is_admin:
+            # TODO: allow authenticated user to create SPs on their own
+            #       set the owner in that case
+            name = None
+            meta = None
+            if 'content-type' not in cherrypy.request.headers:
+                self._debug("Invalid request, missing content-type")
+                message = "Malformed request"
+                message_type = "error"
+                return self.form_new(message, message_type)
+            ctype = cherrypy.request.headers['content-type'].split(';')[0]
+            if ctype != 'multipart/form-data':
+                self._debug("Invalid form type (%s), trying to cope" % (
+                            cherrypy.request.content_type,))
+            for key, value in kwargs.iteritems():
+                if key == 'name':
+                    if re.search(VALID_IN_NAME, value):
+                        message = "Invalid name!" \
+                                  " Use only numbers and letters"
+                        message_type = "error"
+                        return self.form_new(message, message_type)
+
+                    name = value
+                elif key == 'meta':
+                    if hasattr(value, 'content_type'):
+                        meta = value.fullvalue()
+                    else:
+                        self._debug("Invalid format for 'meta'")
+
+            if name and meta:
+                try:
+                    spc = ServiceProviderCreator(self.parent.cfg)
+                    sp = spc.create_from_buffer(name, meta)
+                    sp_page = self.parent.add_sp(name, sp)
+                    message = "SP Successfully added"
+                    message_type = "success"
+                    return sp_page.form_standard(message, message_type)
+                except InvalidProviderId, e:
+                    message = str(e)
+                    message_type = "error"
+                except Exception, e:  # pylint: disable=broad-except
+                    self._debug(repr(e))
+                    message = "Failed to create Service Provider!"
+                    message_type = "error"
+            else:
+                message = "A name and a metadata file must be provided"
+                message_type = "error"
+        else:
+            message = "Unauthorized"
+            message_type = "error"
+
+        return self.form_new(message, message_type)
+
+
+class InvalidValueFormat(Exception):
+    pass
+
+
+class UnauthorizedUser(Exception):
+    pass
+
+
+class SPAdminPage(Page):
+
+    def __init__(self, sp, site, parent):
+        super(SPAdminPage, self).__init__(site, form=True)
+        self.parent = parent
+        self.sp = sp
+        self.title = sp.name
+        self.backurl = parent.url
+        self.url = '%s/sp/%s' % (parent.url, sp.name)
+
+    def form_standard(self, message=None, message_type=None):
+        return self._template('admin/providers/saml2_sp.html',
+                              message=message,
+                              message_type=message_type,
+                              title=self.title,
+                              name='saml2_sp_%s_form' % self.sp.name,
+                              backurl=self.backurl, action=self.url,
+                              data=self.sp)
+
+    def GET(self, *args, **kwargs):
+        return self.form_standard()
+
+    def change_name(self, key, value):
+
+        if value == self.sp.name:
+            return False
+
+        if self.user.is_admin or self.user.name == self.sp.owner:
+            if re.search(VALID_IN_NAME, value):
+                err = "Invalid name! Use only numbers and letters"
+                raise InvalidValueFormat(err)
+
+            self._debug("Replacing %s: %s -> %s" % (key, self.sp.name, value))
+            return {'name': value, 'rename': [self.sp.name, value]}
+        else:
+            raise UnauthorizedUser("Unauthorized to rename Service Provider")
+
+    def change_owner(self, key, value):
+        if value == self.sp.owner:
+            return False
+
+        if self.user.is_admin:
+            self._debug("Replacing %s: %s -> %s" % (key, self.sp.owner, value))
+            return {'owner': value}
+        else:
+            raise UnauthorizedUser("Unauthorized to set owner value")
+
+    def change_default_nameid(self, key, value):
+        if value == self.sp.default_nameid:
+            return False
+
+        if self.user.is_admin:
+            self._debug("Replacing %s: %s -> %s" % (key,
+                                                    self.sp.default_nameid,
+                                                    value))
+            if not self.sp.is_valid_nameid(value):
+                raise InvalidValueFormat('Invalid default nameid value')
+            return {'default_nameid': value}
+        else:
+            raise UnauthorizedUser("Unauthorized to set default nameid value")
+
+    def change_allowed_nameids(self, key, value):
+        v = set([x.strip() for x in value.split(',')])
+        if v == set(self.sp.allowed_nameids):
+            return False
+
+        if self.user.is_admin:
+            self._debug("Replacing %s: %s -> %s" % (key,
+                                                    self.sp.allowed_nameids,
+                                                    list(v)))
+            for x in v:
+                if not self.sp.is_valid_nameid(x):
+                    l = ', '.join(self.sp.valid_nameids())
+                    err = 'Invalid nameid [%s]. Available [%s].' % (x, l)
+                    raise InvalidValueFormat(err)
+            return {'allowed_nameids': list(v)}
+        else:
+            raise UnauthorizedUser("Unauthorized to set alowed nameids values")
+
+    def POST(self, *args, **kwargs):
+
+        message = "Nothing was modified."
+        message_type = "info"
+        results = dict()
+
+        try:
+            for key, value in kwargs.iteritems():
+                if key == 'name':
+                    r = self.change_name(key, value)
+                    if r:
+                        results.update(r)
+                elif key == 'owner':
+                    r = self.change_owner(key, value)
+                    if r:
+                        results.update(r)
+
+                elif key == 'default_nameid':
+                    r = self.change_default_nameid(key, value)
+                    if r:
+                        results.update(r)
+
+                elif key == 'allowed_nameids':
+                    r = self.change_allowed_nameids(key, value)
+                    if r:
+                        results.update(r)
+
+        except InvalidValueFormat, e:
+            message = str(e)
+            message_type = "warning"
+            return self.form_standard(message, message_type)
+        except UnauthorizedUser, e:
+            message = str(e)
+            message_type = "error"
+            return self.form_standard(message, message_type)
+        except Exception, e:  # pylint: disable=broad-except
+            self._debug("Error: %s" % repr(e))
+            message = "Internal Error"
+            message_type = "error"
+            return self.form_standard(message, message_type)
+
+        if len(results) > 0:
+            try:
+                if 'name' in results:
+                    self.sp.name = results['name']
+                if 'owner' in results:
+                    self.sp.owner = results['owner']
+                if 'default_nameid' in results:
+                    self.sp.default_nameid = results['default_nameid']
+                if 'allowed_nameids' in results:
+                    self.sp.allowed_nameids = results['allowed_nameids']
+                self.sp.save_properties()
+                if 'rename' in results:
+                    rename = results['rename']
+                    self.parent.rename_sp(rename[0], rename[1])
+                message = "Properties succssfully changed"
+                message_type = "success"
+            except Exception:  # pylint: disable=broad-except
+                message = "Failed to save data!"
+                message_type = "error"
+
+        return self.form_standard(message, message_type)
+
+    def delete(self):
+        self.parent.del_sp(self.sp.name)
+        self.sp.permanently_delete()
+        return self.parent.root()
+    delete.exposed = True
 
 
 class AdminPage(Page):
@@ -29,6 +269,26 @@ class AdminPage(Page):
         self.providers = []
         self.menu = []
         self.url = None
+        self.sp = Page(self._site)
+
+    def add_sp(self, name, sp):
+        page = SPAdminPage(sp, self._site, self)
+        self.sp.add_subtree(name, page)
+        self.providers.append(sp)
+        return page
+
+    def rename_sp(self, oldname, newname):
+        page = getattr(self.sp, oldname)
+        self.sp.del_subtree(oldname)
+        self.sp.add_subtree(newname, page)
+
+    def del_sp(self, name):
+        try:
+            page = getattr(self.sp, name)
+            self.providers.remove(page.sp)
+            self.sp.del_subtree(name)
+        except Exception, e:  # pylint: disable=broad-except
+            self._debug("Failed to remove provider %s: %s" % (name, str(e)))
 
     def mount(self, page):
         self.menu = page.menu
@@ -36,9 +296,10 @@ class AdminPage(Page):
         for p in self.cfg.idp.get_providers():
             try:
                 sp = ServiceProvider(self.cfg, p)
-                self.providers.append(sp)
+                self.add_sp(sp.name, sp)
             except Exception, e:  # pylint: disable=broad-except
                 self._debug("Failed to find provider %s: %s" % (p, str(e)))
+        self.add_subtree('new', NewSPAdminPage(self._site, self))
         page.add_subtree(self.name, self)
 
     def root(self, *args, **kwargs):