Validate Service Provider names

[cascardo/ipsilon.git] / ipsilon / providers / saml2 / admin.py

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 7db19fc..c6c1a7d 100755 (executable)
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -22,6 +22,10 @@ from ipsilon.util.page import Page
 from ipsilon.providers.saml2.provider import ServiceProvider
 from ipsilon.providers.saml2.provider import ServiceProviderCreator
 from ipsilon.providers.saml2.provider import InvalidProviderId
+import re
+
+
+VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
 
 
 class NewSPAdminPage(Page):
@@ -62,6 +66,12 @@ class NewSPAdminPage(Page):
                             cherrypy.request.content_type,))
             for key, value in kwargs.iteritems():
                 if key == 'name':
+                    if re.search(VALID_IN_NAME, value):
+                        message = "Invalid name!" \
+                                  " Use only numbers and letters"
+                        message_type = "error"
+                        return self.form_new(message, message_type)
+
                     name = value
                 elif key == 'meta':
                     if hasattr(value, 'content_type'):
@@ -103,6 +113,7 @@ class SPAdminPage(Page):
 
     def __init__(self, sp, site, parent):
         super(SPAdminPage, self).__init__(site)
+        self.parent = parent
         self.sp = sp
         self.title = sp.name
         self.backurl = parent.url
@@ -124,15 +135,23 @@ class SPAdminPage(Page):
 
         message = "Nothing was modified."
         message_type = "info"
+        rename = None
         save = False
 
         for key, value in kwargs.iteritems():
             if key == 'name':
                 if value != self.sp.name:
                     if self.user.is_admin or self.user.name == self.sp.owner:
+                        if re.search(VALID_IN_NAME, value):
+                            message = "Invalid name!" \
+                                      " Use only numbers and letters"
+                            message_type = "error"
+                            return self.form_standard(message, message_type)
+
                         self._debug("Replacing %s: %s -> %s" %
                                     (key, self.sp.name, value))
                         self.sp.name = value
+                        rename = [self.sp.name, value]
                         save = True
                     else:
                         message = "Unauthorized to rename object"
@@ -179,6 +198,8 @@ class SPAdminPage(Page):
         if save:
             try:
                 self.sp.save_properties()
+                if rename:
+                    self.parent.rename_sp(rename[0], rename[1])
                 message = "Properties succssfully changed"
                 message_type = "success"
             except Exception:  # pylint: disable=broad-except
@@ -192,6 +213,12 @@ class SPAdminPage(Page):
         if callable(op):
             return op(*args, **kwargs)
 
+    def delete(self):
+        self.parent.del_sp(self.sp.name)
+        self.sp.permanently_delete()
+        return self.parent.root()
+    delete.exposed = True
+
 
 class AdminPage(Page):
     def __init__(self, site, config):
@@ -209,6 +236,19 @@ class AdminPage(Page):
         self.providers.append(sp)
         return page
 
+    def rename_sp(self, oldname, newname):
+        page = getattr(self.sp, oldname)
+        self.sp.del_subtree(oldname)
+        self.sp.add_subtree(newname, page)
+
+    def del_sp(self, name):
+        try:
+            page = getattr(self.sp, name)
+            self.providers.remove(page.sp)
+            self.sp.del_subtree(name)
+        except Exception, e:  # pylint: disable=broad-except
+            self._debug("Failed to remove provider %s: %s" % (name, str(e)))
+
     def mount(self, page):
         self.menu = page.menu
         self.url = '%s/%s' % (page.url, self.name)