summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xipsilon/providers/saml2/admin.py104
-rw-r--r--templates/admin/providers/saml2.html23
-rw-r--r--templates/admin/providers/saml2_sp.html61
3 files changed, 172 insertions, 16 deletions
diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 1e1ddb7..c8d26b8 100755
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -17,10 +17,105 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import cherrypy
from ipsilon.util.page import Page
from ipsilon.providers.saml2.provider import ServiceProvider
+class SPAdminPage(Page):
+
+ def __init__(self, sp, site, parent):
+ super(SPAdminPage, self).__init__(site)
+ self.sp = sp
+ self.title = sp.name
+ self.backurl = parent.url
+ self.url = '%s/sp/%s' % (parent.url, sp.name)
+
+ def form_standard(self, message=None, message_type=None):
+ return self._template('admin/providers/saml2_sp.html',
+ message=message,
+ message_type=message_type,
+ title=self.title,
+ name='saml2_sp_%s_form' % self.sp.name,
+ backurl=self.backurl, action=self.url,
+ data=self.sp)
+
+ def GET(self, *args, **kwargs):
+ return self.form_standard()
+
+ def POST(self, *args, **kwargs):
+
+ message = "Nothing was modified."
+ message_type = "info"
+ save = False
+
+ for key, value in kwargs.iteritems():
+ if key == 'name':
+ if value != self.sp.name:
+ if self.user.is_admin or self.user.name == self.sp.owner:
+ self._debug("Replacing %s: %s -> %s" %
+ (key, self.sp.name, value))
+ self.sp.name = value
+ save = True
+ else:
+ message = "Unauthorized to rename object"
+ message_type = "error"
+ return self.form_standard(message, message_type)
+
+ elif key == 'owner':
+ if value != self.sp.owner:
+ if self.user.is_admin:
+ self._debug("Replacing %s: %s -> %s" %
+ (key, self.sp.owner, value))
+ self.sp.owner = value
+ save = True
+ else:
+ message = "Unauthorized to set owner value"
+ message_type = "error"
+ return self.form_standard(message, message_type)
+
+ elif key == 'default_nameid':
+ if value != self.sp.default_nameid:
+ if self.user.is_admin:
+ self._debug("Replacing %s: %s -> %s" %
+ (key, self.sp.default_nameid, value))
+ self.sp.default_nameid = value
+ save = True
+ else:
+ message = "Unauthorized to set default nameid value"
+ message_type = "error"
+ return self.form_standard(message, message_type)
+
+ elif key == 'allowed_nameids':
+ v = set([x.strip() for x in value.split(',')])
+ if v != set(self.sp.allowed_nameids):
+ if self.user.is_admin:
+ self._debug("Replacing %s: %s -> %s" %
+ (key, self.sp.allowed_nameids, list(v)))
+ self.sp.allowed_nameids = list(v)
+ save = True
+ else:
+ message = "Unauthorized to set allowed nameids value"
+ message_type = "error"
+ return self.form_standard(message, message_type)
+
+ if save:
+ try:
+ self.sp.save_properties()
+ message = "Properties succssfully changed"
+ message_type = "success"
+ except Exception: # pylint: disable=broad-except
+ message = "Failed to save data!"
+ message_type = "error"
+
+ return self.form_standard(message, message_type)
+
+ def root(self, *args, **kwargs):
+ op = getattr(self, cherrypy.request.method, self.GET)
+ if callable(op):
+ return op(*args, **kwargs)
+
+
class AdminPage(Page):
def __init__(self, site, config):
super(AdminPage, self).__init__(site)
@@ -29,6 +124,13 @@ class AdminPage(Page):
self.providers = []
self.menu = []
self.url = None
+ self.sp = Page(self._site)
+
+ def add_sp(self, name, sp):
+ page = SPAdminPage(sp, self._site, self)
+ self.sp.add_subtree(name, page)
+ self.providers.append(sp)
+ return page
def mount(self, page):
self.menu = page.menu
@@ -36,7 +138,7 @@ class AdminPage(Page):
for p in self.cfg.idp.get_providers():
try:
sp = ServiceProvider(self.cfg, p)
- self.providers.append(sp)
+ self.add_sp(sp.name, sp)
except Exception, e: # pylint: disable=broad-except
self._debug("Failed to find provider %s: %s" % (p, str(e)))
page.add_subtree(self.name, self)
diff --git a/templates/admin/providers/saml2.html b/templates/admin/providers/saml2.html
index 0d0a05f..5185a6f 100644
--- a/templates/admin/providers/saml2.html
+++ b/templates/admin/providers/saml2.html
@@ -1,23 +1,16 @@
{% extends "master-admin.html" %}
{% block main %}
-{% if user.is_admin %}
- <h2>Service Providers</h2>
+<h2>Service Providers</h2>
+<hr/>
+{% for p in providers %}
<div class="row">
<div class="col-md-3 col-sm-3 col-xs-6">
- <a href="{{ baseurl }}/new">Add New</a>
+ <a href="{{ baseurl }}/sp/{{ p.name }}">{{ p.name }}</a>
</div>
- </div>
- <hr/>
- {% for p in providers %}
- <div class="row">
- <div class="col-md-3 col-sm-3 col-xs-6">
- <a href="{{ baseurl }}/{{ p.name }}">{{ p.name }}</a>
- </div>
- <div class="col-md-3 col-sm-3 col-xs-6">
- {{ p.provider_id }}
- </div>
+ <div class="col-md-3 col-sm-3 col-xs-6">
+ {{ p.provider_id }}
</div>
- {% endfor %}
-{% endif %}
+ </div>
+{% endfor %}
{% endblock %}
diff --git a/templates/admin/providers/saml2_sp.html b/templates/admin/providers/saml2_sp.html
new file mode 100644
index 0000000..50d38ed
--- /dev/null
+++ b/templates/admin/providers/saml2_sp.html
@@ -0,0 +1,61 @@
+{% extends "master-admin.html" %}
+{% block main %}
+ <h2>{{ title }}</h2>
+ {% if message %}
+ <div class="alert alert-{{message_type}}">
+ <p>{{ message }}</p>
+ </div>
+ {% endif %}
+ <div id="options">
+ <form role="form" id="{{ name }}" action="{{ action }}" method="post" enctype="application/x-www-form-urlencoded">
+
+ <div class="form-group">
+ <label for="provider_id">Provider ID:</label>
+ {{ data.provider_id }}
+ </div>
+
+ <div class="form-group">
+ <label for="name">Name:</label>
+ {% if user.name == data.owner or user.is_admin %}
+ <input type="text" class="form-control" name="name" value="{{ data.name }}"/>
+ {% else %}
+ {{ data.name }}
+ {% endif %}
+ </div>
+
+ <div class="form-group">
+ <label for="default_nameid">Default NameID:</label>
+ {% if user.is_admin -%}
+ <input type="text" class="form-control" name="default_nameid" value="
+ {%- endif -%}
+ {{ data.default_nameid }}
+ {%- if user.is_admin -%}
+ "/>
+ {%- endif %}
+ </div>
+
+ <div class="form-group">
+ <label for="allowed_nameids">Allowed NameIDs:</label>
+ {% if user.is_admin -%}
+ <input type="text" class="form-control" name="allowed_nameids" value="
+ {%- endif -%}
+ {{ data.allowed_nameids|join(', ') }}
+ {%- if user.is_admin -%}
+ "/>
+ {%- endif %}
+ </div>
+
+ {% if user.is_admin %}
+ <div class="form-group">
+ <label for="owner">User Owner:</label>
+ <input type="text" class="form-control" name="owner" value="{{ data.owner }}"/>
+ </div>
+ {% endif %}
+
+ <button id="submit" class="btn btn-primary" name="submit" type="submit" value="Submit">
+ Save
+ </button>
+ <a href="{{ backurl }}" class="btn btn-default" title="Back">Back</a>
+ </form>
+ </div>
+{% endblock %}