Fix E256 with stricter pep8 error checker

[cascardo/ipsilon.git] / ipsilon / providers / saml2 / auth.py

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 7f92d77..036ed5e 100755 (executable)
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from ipsilon.providers.common import ProviderPageBase
+from ipsilon.providers.common import ProviderPageBase, ProviderException
 from ipsilon.providers.saml2.provider import ServiceProvider
 from ipsilon.providers.saml2.provider import InvalidProviderId
 from ipsilon.providers.saml2.provider import NameIdNotAllowed
@@ -27,25 +27,26 @@ import datetime
 import lasso
 
 
-class AuthenticationError(Exception):
+class AuthenticationError(ProviderException):
 
     def __init__(self, message, code):
         super(AuthenticationError, self).__init__(message)
-        self.message = message
         self.code = code
+        self._debug('%s [%s]' % (message, code))
 
-    def __str__(self):
-        return repr(self.message)
 
-
-class InvalidRequest(Exception):
+class InvalidRequest(ProviderException):
 
     def __init__(self, message):
         super(InvalidRequest, self).__init__(message)
-        self.message = message
+        self._debug(message)
+
+
+class UnknownProvider(ProviderException):
 
-    def __str__(self):
-        return repr(self.message)
+    def __init__(self, message):
+        super(UnknownProvider, self).__init__(message)
+        self._debug(message)
 
 
 class AuthenticateRequest(ProviderPageBase):
@@ -65,7 +66,7 @@ class AuthenticateRequest(ProviderPageBase):
 
     def _parse_request(self, message):
 
-        login = lasso.Login(self.cfg.idp)
+        login = self.cfg.idp.get_login_handler()
 
         try:
             login.processAuthnRequestMsg(message)
@@ -87,7 +88,7 @@ class AuthenticateRequest(ProviderPageBase):
 
             msg = 'Invalid SP [%s] (%r [%r])' % (login.remoteProviderId,
                                                  e, message)
-            raise InvalidRequest(msg)
+            raise UnknownProvider(msg)
 
         self._debug('SP %s requested authentication' % login.remoteProviderId)
 
@@ -104,6 +105,9 @@ class AuthenticateRequest(ProviderPageBase):
         except InvalidRequest, e:
             self._debug(str(e))
             raise cherrypy.HTTPError(400, 'Invalid SAML request token')
+        except UnknownProvider, e:
+            self._debug(str(e))
+            raise cherrypy.HTTPError(400, 'Unknown Service Provider')
         except Exception, e:  # pylint: disable=broad-except
             self._debug(str(e))
             raise cherrypy.HTTPError(500)
@@ -170,10 +174,10 @@ class AuthenticateRequest(ProviderPageBase):
 
         nameid = None
         if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
-            ## TODO map to something else ?
+            # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
-            ## TODO map to something else ?
+            # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
             nameid = us.get_data('user', 'krb_principal_name')
@@ -189,7 +193,7 @@ class AuthenticateRequest(ProviderPageBase):
             raise AuthenticationError("Unavailable Name ID type",
                                       lasso.SAML2_STATUS_CODE_AUTHN_FAILED)
 
-        # TODO: add user attributes as policy requires taking from 'usersession'
+        # TODO: add user attributes as policy requires from 'usersession'
 
     def saml2error(self, login, code, message):
         status = lasso.Samlp2Status()