diff options
| -rwxr-xr-x | ipsilon/providers/saml2/admin.py | 104 | ||||
| -rw-r--r-- | templates/admin/providers/saml2.html | 23 | ||||
| -rw-r--r-- | templates/admin/providers/saml2_sp.html | 61 |
3 files changed, 172 insertions, 16 deletions
diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py index 1e1ddb7..c8d26b8 100755 --- a/ipsilon/providers/saml2/admin.py +++ b/ipsilon/providers/saml2/admin.py @@ -17,10 +17,105 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import cherrypy from ipsilon.util.page import Page from ipsilon.providers.saml2.provider import ServiceProvider +class SPAdminPage(Page): + + def __init__(self, sp, site, parent): + super(SPAdminPage, self).__init__(site) + self.sp = sp + self.title = sp.name + self.backurl = parent.url + self.url = '%s/sp/%s' % (parent.url, sp.name) + + def form_standard(self, message=None, message_type=None): + return self._template('admin/providers/saml2_sp.html', + message=message, + message_type=message_type, + title=self.title, + name='saml2_sp_%s_form' % self.sp.name, + backurl=self.backurl, action=self.url, + data=self.sp) + + def GET(self, *args, **kwargs): + return self.form_standard() + + def POST(self, *args, **kwargs): + + message = "Nothing was modified." + message_type = "info" + save = False + + for key, value in kwargs.iteritems(): + if key == 'name': + if value != self.sp.name: + if self.user.is_admin or self.user.name == self.sp.owner: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.name, value)) + self.sp.name = value + save = True + else: + message = "Unauthorized to rename object" + message_type = "error" + return self.form_standard(message, message_type) + + elif key == 'owner': + if value != self.sp.owner: + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.owner, value)) + self.sp.owner = value + save = True + else: + message = "Unauthorized to set owner value" + message_type = "error" + return self.form_standard(message, message_type) + + elif key == 'default_nameid': + if value != self.sp.default_nameid: + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.default_nameid, value)) + self.sp.default_nameid = value + save = True + else: + message = "Unauthorized to set default nameid value" + message_type = "error" + return self.form_standard(message, message_type) + + elif key == 'allowed_nameids': + v = set([x.strip() for x in value.split(',')]) + if v != set(self.sp.allowed_nameids): + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.allowed_nameids, list(v))) + self.sp.allowed_nameids = list(v) + save = True + else: + message = "Unauthorized to set allowed nameids value" + message_type = "error" + return self.form_standard(message, message_type) + + if save: + try: + self.sp.save_properties() + message = "Properties succssfully changed" + message_type = "success" + except Exception: # pylint: disable=broad-except + message = "Failed to save data!" + message_type = "error" + + return self.form_standard(message, message_type) + + def root(self, *args, **kwargs): + op = getattr(self, cherrypy.request.method, self.GET) + if callable(op): + return op(*args, **kwargs) + + class AdminPage(Page): def __init__(self, site, config): super(AdminPage, self).__init__(site) @@ -29,6 +124,13 @@ class AdminPage(Page): self.providers = [] self.menu = [] self.url = None + self.sp = Page(self._site) + + def add_sp(self, name, sp): + page = SPAdminPage(sp, self._site, self) + self.sp.add_subtree(name, page) + self.providers.append(sp) + return page def mount(self, page): self.menu = page.menu @@ -36,7 +138,7 @@ class AdminPage(Page): for p in self.cfg.idp.get_providers(): try: sp = ServiceProvider(self.cfg, p) - self.providers.append(sp) + self.add_sp(sp.name, sp) except Exception, e: # pylint: disable=broad-except self._debug("Failed to find provider %s: %s" % (p, str(e))) page.add_subtree(self.name, self) diff --git a/templates/admin/providers/saml2.html b/templates/admin/providers/saml2.html index 0d0a05f..5185a6f 100644 --- a/templates/admin/providers/saml2.html +++ b/templates/admin/providers/saml2.html @@ -1,23 +1,16 @@ {% extends "master-admin.html" %} {% block main %} -{% if user.is_admin %} - <h2>Service Providers</h2> +<h2>Service Providers</h2> +<hr/> +{% for p in providers %} <div class="row"> <div class="col-md-3 col-sm-3 col-xs-6"> - <a href="{{ baseurl }}/new">Add New</a> + <a href="{{ baseurl }}/sp/{{ p.name }}">{{ p.name }}</a> </div> - </div> - <hr/> - {% for p in providers %} - <div class="row"> - <div class="col-md-3 col-sm-3 col-xs-6"> - <a href="{{ baseurl }}/{{ p.name }}">{{ p.name }}</a> - </div> - <div class="col-md-3 col-sm-3 col-xs-6"> - {{ p.provider_id }} - </div> + <div class="col-md-3 col-sm-3 col-xs-6"> + {{ p.provider_id }} </div> - {% endfor %} -{% endif %} + </div> +{% endfor %} {% endblock %} diff --git a/templates/admin/providers/saml2_sp.html b/templates/admin/providers/saml2_sp.html new file mode 100644 index 0000000..50d38ed --- /dev/null +++ b/templates/admin/providers/saml2_sp.html @@ -0,0 +1,61 @@ +{% extends "master-admin.html" %} +{% block main %} + <h2>{{ title }}</h2> + {% if message %} + <div class="alert alert-{{message_type}}"> + <p>{{ message }}</p> + </div> + {% endif %} + <div id="options"> + <form role="form" id="{{ name }}" action="{{ action }}" method="post" enctype="application/x-www-form-urlencoded"> + + <div class="form-group"> + <label for="provider_id">Provider ID:</label> + {{ data.provider_id }} + </div> + + <div class="form-group"> + <label for="name">Name:</label> + {% if user.name == data.owner or user.is_admin %} + <input type="text" class="form-control" name="name" value="{{ data.name }}"/> + {% else %} + {{ data.name }} + {% endif %} + </div> + + <div class="form-group"> + <label for="default_nameid">Default NameID:</label> + {% if user.is_admin -%} + <input type="text" class="form-control" name="default_nameid" value=" + {%- endif -%} + {{ data.default_nameid }} + {%- if user.is_admin -%} + "/> + {%- endif %} + </div> + + <div class="form-group"> + <label for="allowed_nameids">Allowed NameIDs:</label> + {% if user.is_admin -%} + <input type="text" class="form-control" name="allowed_nameids" value=" + {%- endif -%} + {{ data.allowed_nameids|join(', ') }} + {%- if user.is_admin -%} + "/> + {%- endif %} + </div> + + {% if user.is_admin %} + <div class="form-group"> + <label for="owner">User Owner:</label> + <input type="text" class="form-control" name="owner" value="{{ data.owner }}"/> + </div> + {% endif %} + + <button id="submit" class="btn btn-primary" name="submit" type="submit" value="Submit"> + Save + </button> + <a href="{{ backurl }}" class="btn btn-default" title="Back">Back</a> + </form> + </div> +{% endblock %} |