From e841faf4a5e729aff8831ef72dab41adb51d6cf0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 12 Sep 2014 17:17:59 -0400 Subject: [PATCH] Allow deferred initialization of providers This fixes enabling a provider after the sever is started. Signed-off-by: Simo Sorce Reviewed-by: Patrick Uiterwijk --- ipsilon/providers/common.py | 7 +++++ ipsilon/providers/saml2/admin.py | 10 ++++-- ipsilon/providers/saml2idp.py | 52 +++++++++++++++++++------------- 3 files changed, 45 insertions(+), 24 deletions(-) diff --git a/ipsilon/providers/common.py b/ipsilon/providers/common.py index 865cb77..6bcfef8 100755 --- a/ipsilon/providers/common.py +++ b/ipsilon/providers/common.py @@ -42,6 +42,11 @@ class ProviderBase(PluginObject): self.path = path self.tree = None + def on_enable(self): + # this one does nothing + # derived classes can override with custom behavior + return + def get_tree(self, site): raise NotImplementedError @@ -82,6 +87,8 @@ class ProviderBase(PluginObject): self.set_config_value('enabled', '1') self.save_plugin_config(FACILITY) + + self.on_enable() self._debug('IdP Provider enabled: %s' % self.name) def disable(self, site): diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py index 1c62cac..b8c8223 100755 --- a/ipsilon/providers/saml2/admin.py +++ b/ipsilon/providers/saml2/admin.py @@ -306,16 +306,20 @@ class AdminPage(Page): except Exception, e: # pylint: disable=broad-except self._debug("Failed to remove provider %s: %s" % (name, str(e))) - def mount(self, page): - self.menu = page.menu - self.url = '%s/%s' % (page.url, self.name) + def add_sps(self): if self.cfg.idp: for p in self.cfg.idp.get_providers(): try: sp = ServiceProvider(self.cfg, p) + self.del_sp(sp.name) self.add_sp(sp.name, sp) except Exception, e: # pylint: disable=broad-except self._debug("Failed to find provider %s: %s" % (p, str(e))) + + def mount(self, page): + self.menu = page.menu + self.url = '%s/%s' % (page.url, self.name) + self.add_sps() self.add_subtree('new', NewSPAdminPage(self._site, self)) page.add_subtree(self.name, self) diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index a1247d5..a19899c 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -113,27 +113,6 @@ class SAML2(ProviderPageBase): def __init__(self, *args, **kwargs): super(SAML2, self).__init__(*args, **kwargs) self.metadata = Metadata(*args, **kwargs) - - # Init IDP data - try: - self.cfg.idp = IdentityProvider(self.cfg) - except Exception, e: # pylint: disable=broad-except - self._debug('Failed to init SAML2 provider: %r' % e) - return - - # Import all known applications - data = self.cfg.get_data() - for idval in data: - sp = data[idval] - if 'type' not in sp or sp['type'] != 'SP': - continue - if 'name' not in sp or 'metadata' not in sp: - continue - try: - self.cfg.idp.add_provider(sp) - except Exception, e: # pylint: disable=broad-except - self._debug('Failed to add SP %s: %r' % (sp['name'], e)) - self.SSO = SSO(*args, **kwargs) @@ -233,10 +212,41 @@ Provides SAML 2.0 authentication infrastructure. """ return self.get_config_value('default email domain') def get_tree(self, site): + self.idp = self.init_idp() self.page = SAML2(site, self) self.admin = AdminPage(site, self) return self.page + def init_idp(self): + idp = None + # Init IDP data + try: + idp = IdentityProvider(self) + except Exception, e: # pylint: disable=broad-except + self._debug('Failed to init SAML2 provider: %r' % e) + return None + + # Import all known applications + data = self.get_data() + for idval in data: + sp = data[idval] + if 'type' not in sp or sp['type'] != 'SP': + continue + if 'name' not in sp or 'metadata' not in sp: + continue + try: + idp.add_provider(sp) + except Exception, e: # pylint: disable=broad-except + self._debug('Failed to add SP %s: %r' % (sp['name'], e)) + + return idp + + def on_enable(self): + self.init_idp() + if hasattr(self, 'admin'): + if self.admin: + self.admin.add_sps() + class Installer(object): -- 2.20.1