-#!/usr/bin/python
-#
# Copyright (C) 2014 Simo Sorce <simo@redhat.com>
#
# see file 'COPYING' for use and warranty information
from ipsilon.providers.common import ProviderException
from ipsilon.tools.saml2metadata import SAML2_NAMEID_MAP
-import cherrypy
+from ipsilon.util.log import Log
import lasso
+import re
+
+
+VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
class InvalidProviderId(ProviderException):
return repr(self.message)
-class ServiceProvider(object):
+class ServiceProvider(Log):
def __init__(self, config, provider_id):
self.cfg = config
self._debug('Requested NameId [%s]' % (nip.format,))
if nip.format is None:
return SAML2_NAMEID_MAP[self.default_nameid]
- elif nip.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED:
- return SAML2_NAMEID_MAP[self.default_nameid]
else:
allowed = self.allowed_nameids
self._debug('Allowed NameIds %s' % (repr(allowed)))
idval = data.keys()[0]
self.cfg.del_datum(idval)
- def _debug(self, fact):
- if cherrypy.config.get('debug', False):
- cherrypy.log(fact)
-
def normalize_username(self, username):
if 'strip domain' in self._properties:
return username.split('@', 1)[0]
return username
+ def is_valid_name(self, value):
+ if re.search(VALID_IN_NAME, value):
+ return False
+ return True
+
def is_valid_nameid(self, value):
if value in SAML2_NAMEID_MAP:
return True
def create_from_buffer(self, name, metabuf):
'''Test and add data'''
+ if re.search(VALID_IN_NAME, name):
+ raise InvalidProviderId("Name must contain only "
+ "numbers and letters")
+
test = lasso.Server()
test.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, metabuf)
newsps = test.get_providers()
return ServiceProvider(self.cfg, spid)
-class IdentityProvider(object):
+class IdentityProvider(Log):
def __init__(self, config):
self.server = lasso.Server(config.idp_metadata_file,
config.idp_key_file,
def get_providers(self):
return self.server.get_providers()
- def _debug(self, fact):
- if cherrypy.config.get('debug', False):
- cherrypy.log(fact)
+ def get_logout_handler(self, dump=None):
+ if dump:
+ return lasso.Logout.newFromDump(self.server, dump)
+ else:
+ return lasso.Logout(self.server)