Validate Service Provider names

We use the name to construct the admin page path, avoid odd characters Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2014-04-11 18:20:32 -0400
committer: Simo Sorce <simo@redhat.com> 2014-04-11 18:24:04 -0400
commit: 9ef9c061c8ea16a61c73e8942aa4f3c3432b4577 (patch)
tree: 815428a7f76073156b7e6dc581edfa5ed58be9d9 /ipsilon/providers/saml2
parent: 2871dc6955ef0653ba6bac61efc5729808cdbbfb (diff)
download: ipsilon-9ef9c061c8ea16a61c73e8942aa4f3c3432b4577.tar.gz
ipsilon-9ef9c061c8ea16a61c73e8942aa4f3c3432b4577.tar.xz
ipsilon-9ef9c061c8ea16a61c73e8942aa4f3c3432b4577.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 8a0a511..c6c1a7d 100755
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -22,6 +22,10 @@ from ipsilon.util.page import Page
 from ipsilon.providers.saml2.provider import ServiceProvider
 from ipsilon.providers.saml2.provider import ServiceProviderCreator
 from ipsilon.providers.saml2.provider import InvalidProviderId
+import re
+
+
+VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
 
 
 class NewSPAdminPage(Page):
@@ -62,6 +66,12 @@ class NewSPAdminPage(Page):
                             cherrypy.request.content_type,))
             for key, value in kwargs.iteritems():
                 if key == 'name':
+                    if re.search(VALID_IN_NAME, value):
+                        message = "Invalid name!" \
+                                  " Use only numbers and letters"
+                        message_type = "error"
+                        return self.form_new(message, message_type)
+
                     name = value
                 elif key == 'meta':
                     if hasattr(value, 'content_type'):
@@ -132,6 +142,12 @@ class SPAdminPage(Page):
             if key == 'name':
                 if value != self.sp.name:
                     if self.user.is_admin or self.user.name == self.sp.owner:
+                        if re.search(VALID_IN_NAME, value):
+                            message = "Invalid name!" \
+                                      " Use only numbers and letters"
+                            message_type = "error"
+                            return self.form_standard(message, message_type)
+
                         self._debug("Replacing %s: %s -> %s" %
                                     (key, self.sp.name, value))
                         self.sp.name = value
author	Simo Sorce <simo@redhat.com>	2014-04-11 18:20:32 -0400
committer	Simo Sorce <simo@redhat.com>	2014-04-11 18:24:04 -0400
commit	9ef9c061c8ea16a61c73e8942aa4f3c3432b4577 (patch)
tree	815428a7f76073156b7e6dc581edfa5ed58be9d9 /ipsilon/providers/saml2
parent	2871dc6955ef0653ba6bac61efc5729808cdbbfb (diff)
download	ipsilon-9ef9c061c8ea16a61c73e8942aa4f3c3432b4577.tar.gz ipsilon-9ef9c061c8ea16a61c73e8942aa4f3c3432b4577.tar.xz ipsilon-9ef9c061c8ea16a61c73e8942aa4f3c3432b4577.zip