diff options
| author | Simo Sorce <simo@redhat.com> | 2014-04-14 16:18:06 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-04-14 16:18:51 -0400 |
| commit | 01bfc020dd2135069c7b8560a94ecf8cd7f72df8 (patch) | |
| tree | 576c6bfa044cfce4017ec5ae649b6563c0405da3 /ipsilon/providers/saml2 | |
| parent | 9ef9c061c8ea16a61c73e8942aa4f3c3432b4577 (diff) | |
| download | ipsilon-01bfc020dd2135069c7b8560a94ecf8cd7f72df8.tar.gz ipsilon-01bfc020dd2135069c7b8560a94ecf8cd7f72df8.tar.xz ipsilon-01bfc020dd2135069c7b8560a94ecf8cd7f72df8.zip | |
Refactor argument validation for SP forms
Use helper functions to make the code more readbale and exceptions to reduce
error hndling duplication.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2')
| -rwxr-xr-x | ipsilon/providers/saml2/admin.py | 166 |
1 files changed, 105 insertions, 61 deletions
diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py index c6c1a7d..2f346ce 100755 --- a/ipsilon/providers/saml2/admin.py +++ b/ipsilon/providers/saml2/admin.py @@ -109,6 +109,14 @@ class NewSPAdminPage(Page): return op(*args, **kwargs) +class InvalidValueFormat(Exception): + pass + + +class UnauthorizedUser(Exception): + pass + + class SPAdminPage(Page): def __init__(self, sp, site, parent): @@ -131,74 +139,110 @@ class SPAdminPage(Page): def GET(self, *args, **kwargs): return self.form_standard() + def change_name(self, key, value): + + if value == self.sp.name: + return False + + if self.user.is_admin or self.user.name == self.sp.owner: + if re.search(VALID_IN_NAME, value): + err = "Invalid name! Use only numbers and letters" + raise InvalidValueFormat(err) + + self._debug("Replacing %s: %s -> %s" % (key, self.sp.name, value)) + return {'name': value, 'rename': [self.sp.name, value]} + else: + raise UnauthorizedUser("Unauthorized to rename Service Provider") + + def change_owner(self, key, value): + if value == self.sp.owner: + return False + + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % (key, self.sp.owner, value)) + return {'owner': value} + else: + raise UnauthorizedUser("Unauthorized to set owner value") + + def change_default_nameid(self, key, value): + if value == self.sp.default_nameid: + return False + + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % (key, + self.sp.default_nameid, + value)) + return {'default_nameid': value} + else: + raise UnauthorizedUser("Unauthorized to set default nameid value") + + def change_allowed_nameids(self, key, value): + v = set([x.strip() for x in value.split(',')]) + if v == set(self.sp.allowed_nameids): + return False + + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % (key, + self.sp.allowed_nameids, + list(v))) + return {'allowed_nameids': list(v)} + else: + raise UnauthorizedUser("Unauthorized to set alowed nameids values") + def POST(self, *args, **kwargs): message = "Nothing was modified." message_type = "info" - rename = None - save = False - - for key, value in kwargs.iteritems(): - if key == 'name': - if value != self.sp.name: - if self.user.is_admin or self.user.name == self.sp.owner: - if re.search(VALID_IN_NAME, value): - message = "Invalid name!" \ - " Use only numbers and letters" - message_type = "error" - return self.form_standard(message, message_type) - - self._debug("Replacing %s: %s -> %s" % - (key, self.sp.name, value)) - self.sp.name = value - rename = [self.sp.name, value] - save = True - else: - message = "Unauthorized to rename object" - message_type = "error" - return self.form_standard(message, message_type) - - elif key == 'owner': - if value != self.sp.owner: - if self.user.is_admin: - self._debug("Replacing %s: %s -> %s" % - (key, self.sp.owner, value)) - self.sp.owner = value - save = True - else: - message = "Unauthorized to set owner value" - message_type = "error" - return self.form_standard(message, message_type) - - elif key == 'default_nameid': - if value != self.sp.default_nameid: - if self.user.is_admin: - self._debug("Replacing %s: %s -> %s" % - (key, self.sp.default_nameid, value)) - self.sp.default_nameid = value - save = True - else: - message = "Unauthorized to set default nameid value" - message_type = "error" - return self.form_standard(message, message_type) - - elif key == 'allowed_nameids': - v = set([x.strip() for x in value.split(',')]) - if v != set(self.sp.allowed_nameids): - if self.user.is_admin: - self._debug("Replacing %s: %s -> %s" % - (key, self.sp.allowed_nameids, list(v))) - self.sp.allowed_nameids = list(v) - save = True - else: - message = "Unauthorized to set allowed nameids value" - message_type = "error" - return self.form_standard(message, message_type) + results = dict() + + try: + for key, value in kwargs.iteritems(): + if key == 'name': + r = self.change_name(key, value) + if r: + results.update(r) + elif key == 'owner': + r = self.change_owner(key, value) + if r: + results.update(r) + + elif key == 'default_nameid': + r = self.change_default_nameid(key, value) + if r: + results.update(r) + + elif key == 'allowed_nameids': + r = self.change_allowed_nameids(key, value) + if r: + results.update(r) + + except InvalidValueFormat, e: + message = str(e) + message_type = "warning" + return self.form_standard(message, message_type) + except UnauthorizedUser, e: + message = str(e) + message_type = "error" + return self.form_standard(message, message_type) + except Exception, e: # pylint: disable=broad-except + self._debug("Error: %s" % repr(e)) + message = "Internal Error" + message_type = "error" + return self.form_standard(message, message_type) - if save: + if len(results) > 0: try: + if 'name' in results: + self.sp.name = results['name'] + if 'owner' in results: + self.sp.owner = results['owner'] + if 'default_nameid' in results: + self.sp.default_nameid = results['default_nameid'] + if 'allowed_nameids' in results: + self.sp.allowed_nameids = results['allowed_nameids'] self.sp.save_properties() - if rename: + if 'rename' in results: + rename = results['rename'] self.parent.rename_sp(rename[0], rename[1]) message = "Properties succssfully changed" message_type = "success" |