From cc160379676d2cdede9339d169b10976613ebbbf Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 14 Apr 2014 16:27:52 -0400 Subject: [PATCH] Add nameid values validation Signed-off-by: Simo Sorce --- ipsilon/providers/saml2/admin.py | 7 +++++++ ipsilon/providers/saml2/provider.py | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py index 2f346ce..0a5a88d 100755 --- a/ipsilon/providers/saml2/admin.py +++ b/ipsilon/providers/saml2/admin.py @@ -172,6 +172,8 @@ class SPAdminPage(Page): self._debug("Replacing %s: %s -> %s" % (key, self.sp.default_nameid, value)) + if not self.sp.is_valid_nameid(value): + raise InvalidValueFormat('Invalid default nameid value') return {'default_nameid': value} else: raise UnauthorizedUser("Unauthorized to set default nameid value") @@ -185,6 +187,11 @@ class SPAdminPage(Page): self._debug("Replacing %s: %s -> %s" % (key, self.sp.allowed_nameids, list(v))) + for x in v: + if not self.sp.is_valid_nameid(x): + l = ', '.join(self.sp.valid_nameids()) + err = 'Invalid nameid [%s]. Available [%s].' % (x, l) + raise InvalidValueFormat(err) return {'allowed_nameids': list(v)} else: raise UnauthorizedUser("Unauthorized to set alowed nameids values") diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index 7d47363..b6ed4bf 100755 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -144,6 +144,14 @@ class ServiceProvider(object): return username.split('@', 1)[0] return username + def is_valid_nameid(self, value): + if value in SAML2_NAMEID_MAP: + return True + return False + + def valid_nameids(self): + return SAML2_NAMEID_MAP.keys() + class ServiceProviderCreator(object): -- 2.20.1