def _finish_setup_pipeline(self, identity): """ The setup flow creates the auth provider as well as an identity linked to the active user. """ request = self.request if not request.user.is_authenticated(): return self.error(ERR_NOT_AUTHED) if request.user.id != self.state.uid: return self.error(ERR_UID_MISMATCH) data = self.fetch_state() config = self.provider.build_config(data) try: om = OrganizationMember.objects.get(user=request.user, organization=self.organization) except OrganizationMember.DoesNotExist: return self.error(ERR_UID_MISMATCH) # disable require 2FA for the organization # since only SSO or require 2FA can be enabled self.disable_2fa_required() self.auth_provider = AuthProvider.objects.create( organization=self.organization, provider=self.provider.key, config=config ) handle_attach_identity( self.auth_provider, self.request, self.organization, self.provider, identity, om ) auth.mark_sso_complete(request, self.organization.id) sso_enabled.send_robust( organization=self.organization, user=request.user, provider=self.provider.key, sender=self.__class__, ) AuditLogEntry.objects.create( organization=self.organization, actor=request.user, ip_address=request.META["REMOTE_ADDR"], target_object=self.auth_provider.id, event=AuditLogEntryEvent.SSO_ENABLE, data=self.auth_provider.get_audit_log_data(), ) email_missing_links.delay(self.organization.id, request.user.id, self.provider.key) messages.add_message(self.request, messages.SUCCESS, OK_SETUP_SSO) self.clear_session() next_uri = reverse( "sentry-organization-auth-provider-settings", args=[self.organization.slug] ) return HttpResponseRedirect(next_uri)
def _finish_setup_pipeline(self, identity): """ The setup flow creates the auth provider as well as an identity linked to the active user. """ request = self.request if not request.user.is_authenticated(): return self.error(ERR_NOT_AUTHED) if request.user.id != self.state.uid: return self.error(ERR_UID_MISMATCH) data = self.fetch_state() config = self.provider.build_config(data) try: om = OrganizationMember.objects.get( user=request.user, organization=self.organization, ) except OrganizationMember.DoesNotExist: return self.error(ERR_UID_MISMATCH) self.auth_provider = AuthProvider.objects.create( organization=self.organization, provider=self.provider.key, config=config, ) self._handle_attach_identity(identity, om) auth.mark_sso_complete(request, self.organization.id) AuditLogEntry.objects.create( organization=self.organization, actor=request.user, ip_address=request.META['REMOTE_ADDR'], target_object=self.auth_provider.id, event=AuditLogEntryEvent.SSO_ENABLE, data=self.auth_provider.get_audit_log_data(), ) email_missing_links.delay(self.organization.id, request.user.id, self.provider.key) messages.add_message( self.request, messages.SUCCESS, OK_SETUP_SSO, ) self.clear_session() next_uri = reverse( 'sentry-organization-auth-provider-settings', args=[ self.organization.slug, ] ) return HttpResponseRedirect(next_uri)
def _finish_setup_pipeline(self, identity): """ The setup flow creates the auth provider as well as an identity linked to the active user. """ request = self.request if not request.user.is_authenticated(): return self.error(ERR_NOT_AUTHED) if request.user.id != request.session['auth']['uid']: return self.error(ERR_UID_MISMATCH) state = request.session['auth']['state'] config = self.provider.build_config(state) try: om = OrganizationMember.objects.get( user=request.user, organization=self.organization, ) except OrganizationMember.DoesNotExist: return self.error(ERR_UID_MISMATCH) self.auth_provider = AuthProvider.objects.create( organization=self.organization, provider=self.provider.key, config=config, ) self._handle_attach_identity(identity, om) auth.mark_sso_complete(request, self.organization.id) AuditLogEntry.objects.create( organization=self.organization, actor=request.user, ip_address=request.META['REMOTE_ADDR'], target_object=self.auth_provider.id, event=AuditLogEntryEvent.SSO_ENABLE, data=self.auth_provider.get_audit_log_data(), ) email_missing_links.delay(organization_id=self.organization.id, ) messages.add_message( self.request, messages.SUCCESS, OK_SETUP_SSO, ) self.clear_session() next_uri = reverse('sentry-organization-auth-settings', args=[ self.organization.slug, ]) return HttpResponseRedirect(next_uri)
def test_sso(self): user = User(is_superuser=True) request = self.make_request(user=user) # no ips = any host superuser = Superuser(request, org_id=None) superuser.set_logged_in(request.user) assert superuser.is_active is True superuser = Superuser(request, org_id=1) superuser.set_logged_in(request.user) assert superuser.is_active is False mark_sso_complete(request, 1) superuser = Superuser(request, org_id=1) superuser.set_logged_in(request.user) assert superuser.is_active is True
def test_sso(self): user = User(is_superuser=True) request = self.make_request(user=user) # no ips = any host superuser = Superuser(request, org_id=None) superuser.set_logged_in(request.user) assert superuser.is_active is True superuser = Superuser(request, org_id=1) superuser.set_logged_in(request.user) assert superuser.is_active is False mark_sso_complete(request, 1) superuser = Superuser(request, org_id=1) superuser.set_logged_in(request.user) assert superuser.is_active is True