From 8ffd2629c6554124e7e3b15dce10275a2efd8261 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Wed, 1 Apr 2015 17:36:22 -0700
Subject: Validate SP names for admin pages and REST

We were previously only validating the SP name in the admin pages
for SP creation and update.  The REST API would allow a SP to be
created with an invalid name, which would break the ability to
manage that SP in the admin pages.

This patch moves the SP name validation logic out of the admin
page code and centralizes it in the provider creation code.  This
ensures that validation will occur regardless of the interface
that is used.  In addition, a helper method is added to allow
the admin page to check if a name is valid during update operations.

https://fedorahosted.org/ipsilon/ticket/102

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
---
 ipsilon/providers/saml2/provider.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'ipsilon/providers/saml2/provider.py')

diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py
index 4439a0d..d1c7b42 100644
--- a/ipsilon/providers/saml2/provider.py
+++ b/ipsilon/providers/saml2/provider.py
@@ -19,6 +19,10 @@ from ipsilon.providers.common import ProviderException
 from ipsilon.tools.saml2metadata import SAML2_NAMEID_MAP
 from ipsilon.util.log import Log
 import lasso
+import re
+
+
+VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
 
 
 class InvalidProviderId(ProviderException):
@@ -136,6 +140,11 @@ class ServiceProvider(Log):
             return username.split('@', 1)[0]
         return username
 
+    def is_valid_name(self, value):
+        if re.search(VALID_IN_NAME, value):
+            return False
+        return True
+
     def is_valid_nameid(self, value):
         if value in SAML2_NAMEID_MAP:
             return True
@@ -153,6 +162,10 @@ class ServiceProviderCreator(object):
     def create_from_buffer(self, name, metabuf):
         '''Test and add data'''
 
+        if re.search(VALID_IN_NAME, name):
+            raise InvalidProviderId("Name must contain only "
+                                    "numbers and letters")
+
         test = lasso.Server()
         test.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, metabuf)
         newsps = test.get_providers()
-- 
cgit