From cc160379676d2cdede9339d169b10976613ebbbf Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 14 Apr 2014 16:27:52 -0400
Subject: Add nameid values validation

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 ipsilon/providers/saml2/admin.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ipsilon/providers/saml2/admin.py')

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 2f346ce..0a5a88d 100755
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -172,6 +172,8 @@ class SPAdminPage(Page):
             self._debug("Replacing %s: %s -> %s" % (key,
                                                     self.sp.default_nameid,
                                                     value))
+            if not self.sp.is_valid_nameid(value):
+                raise InvalidValueFormat('Invalid default nameid value')
             return {'default_nameid': value}
         else:
             raise UnauthorizedUser("Unauthorized to set default nameid value")
@@ -185,6 +187,11 @@ class SPAdminPage(Page):
             self._debug("Replacing %s: %s -> %s" % (key,
                                                     self.sp.allowed_nameids,
                                                     list(v)))
+            for x in v:
+                if not self.sp.is_valid_nameid(x):
+                    l = ', '.join(self.sp.valid_nameids())
+                    err = 'Invalid nameid [%s]. Available [%s].' % (x, l)
+                    raise InvalidValueFormat(err)
             return {'allowed_nameids': list(v)}
         else:
             raise UnauthorizedUser("Unauthorized to set alowed nameids values")
-- 
cgit