def handle_basic_auth(self, request):
can_register = features.has('auth:register') or request.session.get(
'can_register')
op = request.POST.get('op')
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if not op and '/register' in request.path_info and can_register:
op = 'register'
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request,
initial={'username': request.session.get('invite_email', '')})
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('invite_email', None)
return self.redirect(auth.get_login_redirect(request))
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user)
if not user.is_active:
return self.redirect(reverse('sentry-reactivate-account'))
return self.redirect(auth.get_login_redirect(request))
request.session.set_test_cookie()
context = {
'op': op or 'login',
'server_hostname': get_server_hostname(),
'login_form': login_form,
'register_form': register_form,
'CAN_REGISTER': can_register,
}
return self.respond('sentry/login.html', context)
def handle_basic_auth(self, request):
can_register = features.has('auth:register') or request.session.get('can_register')
op = request.POST.get('op')
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if not op and '/register' in request.path_info and can_register:
op = 'register'
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(request, initial={
'username': request.session.get('invite_email', '')
})
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('invite_email', None)
return self.redirect(auth.get_login_redirect(request))
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user)
if not user.is_active:
return self.redirect(reverse('sentry-reactivate-account'))
return self.redirect(auth.get_login_redirect(request))
request.session.set_test_cookie()
context = {
'op': op or 'login',
'server_hostname': get_server_hostname(),
'login_form': login_form,
'register_form': register_form,
'CAN_REGISTER': can_register,
}
return self.respond('sentry/login.html', context)
def recover_account(request):
return MailPreview(
html_template="sentry/emails/recover_account.html",
text_template="sentry/emails/recover_account.txt",
context={
"user": request.user,
"url": absolute_uri(
reverse("sentry-account-confirm-email", args=[request.user.id, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"])
),
"domain": get_server_hostname(),
},
).render()
def recover_account(request):
return MailPreview(
html_template='sentry/emails/recover_account.html',
text_template='sentry/emails/recover_account.txt',
context={
'user': request.user,
'url': absolute_uri(reverse(
'sentry-account-confirm-email',
args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX']
)),
'domain': get_server_hostname(),
},
).render(request)
def recover_account(request):
return MailPreview(
html_template='sentry/emails/recover_account.html',
text_template='sentry/emails/recover_account.txt',
context={
'user': request.user,
'url': absolute_uri(reverse(
'sentry-account-confirm-email',
args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX']
)),
'domain': get_server_hostname(),
},
).render()
def handle_basic_auth(self, request):
can_register = features.has("auth:register") or request.session.get("can_register")
op = request.POST.get("op")
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if not op and "/register" in request.path_info and can_register:
op = "register"
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request, initial={"username": request.session.get("invite_email", "")}
)
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user)
# can_register should only allow a single registration
request.session.pop("can_register", None)
request.session.pop("invite_email", None)
return self.redirect(auth.get_login_redirect(request))
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user)
if not user.is_active:
return self.redirect(reverse("sentry-reactivate-account"))
return self.redirect(auth.get_login_redirect(request))
context = {
"op": op or "login",
"server_hostname": get_server_hostname(),
"login_form": login_form,
"register_form": register_form,
"CAN_REGISTER": can_register,
}
return self.respond("sentry/login.html", context)
def recover_account(request):
return MailPreview(
html_template='sentry/emails/recover_account.html',
text_template='sentry/emails/recover_account.txt',
context={
'user': request.user,
'url': absolute_uri(reverse(
'sentry-account-confirm-email',
args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX']
)),
'domain': get_server_hostname(),
'ip_address': request.META['REMOTE_ADDR'],
'datetime': timezone.now(),
},
).render(request)
def prepare_login_context(self, request, *args, **kwargs):
can_register = bool(has_user_registration() or request.session.get("can_register"))
context = {
"serverHostname": get_server_hostname(),
"canRegister": can_register,
"hasNewsletter": newsletter.is_enabled(),
}
if "session_expired" in request.COOKIES:
context["warning"] = WARN_SESSION_EXPIRED
context.update(additional_context.run_callbacks(request))
return context
def prepare_login_context(self, request, *args, **kwargs):
can_register = bool(auth.has_user_registration()
or request.session.get('can_register'))
context = {
'serverHostname': get_server_hostname(),
'canRegister': can_register,
'hasNewsletter': newsletter.is_enabled(),
}
if 'session_expired' in request.COOKIES:
context['warning'] = WARN_SESSION_EXPIRED
context.update(additional_context.run_callbacks(request))
return context
def recover_account(request):
return MailPreview(
html_template="sentry/emails/recover_account.html",
text_template="sentry/emails/recover_account.txt",
context={
"user": request.user,
"url": absolute_uri(
reverse(
"sentry-account-confirm-email",
args=[request.user.id, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"],
)
),
"domain": get_server_hostname(),
"ip_address": request.META["REMOTE_ADDR"],
"datetime": timezone.now(),
},
).render(request)
def send_recover_mail(self):
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
'user': self.user,
'domain': get_server_hostname(),
'url': absolute_uri(reverse(
'sentry-account-recover-confirm',
args=[self.user.id, self.hash]
)),
}
msg = MessageBuilder(
subject='%sPassword Recovery' % (settings.EMAIL_SUBJECT_PREFIX,),
template='sentry/emails/recover_account.txt',
context=context,
)
msg.send_async([self.user.email])
def send_recover_mail(self):
from sentry import options
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
'user': self.user,
'domain': get_server_hostname(),
'url': self.get_absolute_url(),
}
msg = MessageBuilder(
subject='%sPassword Recovery' % (options.get('mail.subject-prefix'),),
template='sentry/emails/recover_account.txt',
html_template='sentry/emails/recover_account.html',
type='user.password_recovery',
context=context,
)
msg.send_async([self.user.email])
def send_recover_mail(self):
from sentry import options
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
'user': self.user,
'domain': get_server_hostname(),
'url': self.get_absolute_url(),
}
msg = MessageBuilder(
subject='%sPassword Recovery' %
(options.get('mail.subject-prefix'), ),
template='sentry/emails/recover_account.txt',
html_template='sentry/emails/recover_account.html',
type='user.password_recovery',
context=context,
)
msg.send_async([self.user.email])
def send_recover_mail(self):
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
'user':
self.user,
'domain':
get_server_hostname(),
'url':
absolute_uri(
reverse('sentry-account-recover-confirm',
args=[self.user.id, self.hash])),
}
msg = MessageBuilder(
subject='%sPassword Recovery' % (settings.EMAIL_SUBJECT_PREFIX, ),
template='sentry/emails/recover_account.txt',
context=context,
)
msg.send_async([self.user.email])
def recover_account(request):
return MailPreview(
html_template='sentry/emails/recover_account.html',
text_template='sentry/emails/recover_account.txt',
context={
'user':
request.user,
'url':
absolute_uri(
reverse(
'sentry-account-confirm-email',
args=[request.user.id,
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'])),
'domain':
get_server_hostname(),
'ip_address':
request.META['REMOTE_ADDR'],
'datetime':
timezone.now(),
},
).render(request)
def send_email(self, request, mode='recover'):
from sentry import options
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
'user': self.user,
'domain': get_server_hostname(),
'url': self.get_absolute_url(mode),
'datetime': timezone.now(),
'ip_address': request.META['REMOTE_ADDR'],
}
template = 'set_password' if mode == 'set_password' else 'recover_account'
msg = MessageBuilder(
subject=u'{}Password Recovery'.format(options.get('mail.subject-prefix')),
template=u'sentry/emails/{name}.txt'.format(name=template),
html_template=u'sentry/emails/{name}.html'.format(name=template),
type='user.password_recovery',
context=context,
)
msg.send_async([self.user.email])
def send_email(self, request, mode="recover"):
from sentry import options
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
"user": self.user,
"domain": get_server_hostname(),
"url": self.get_absolute_url(mode),
"datetime": timezone.now(),
"ip_address": request.META["REMOTE_ADDR"],
}
template = "set_password" if mode == "set_password" else "recover_account"
msg = MessageBuilder(
subject="{}Password Recovery".format(options.get("mail.subject-prefix")),
template="sentry/emails/{name}.txt".format(name=template),
html_template="sentry/emails/{name}.html".format(name=template),
type="user.password_recovery",
context=context,
)
msg.send_async([self.user.email])
def send_email(self, request, mode='recover'):
from sentry import options
from sentry.http import get_server_hostname
from sentry.utils.email import MessageBuilder
context = {
'user': self.user,
'domain': get_server_hostname(),
'url': self.get_absolute_url(mode),
'datetime': timezone.now(),
'ip_address': request.META['REMOTE_ADDR'],
}
template = 'set_password' if mode == 'set_password' else 'recover_account'
msg = MessageBuilder(
subject=u'{}Password Recovery'.format(options.get('mail.subject-prefix')),
template=u'sentry/emails/{name}.txt'.format(name=template),
html_template=u'sentry/emails/{name}.html'.format(name=template),
type='user.password_recovery',
context=context,
)
msg.send_async([self.user.email])
def handle_basic_auth(self, request, organization=None, *args, **kwargs):
can_register = self.can_register(request,
organization=organization,
*args,
**kwargs)
op = request.POST.get('op')
if not op:
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if '/register' in request.path_info and can_register:
op = 'register'
elif request.GET.get('op') == 'sso':
op = 'sso'
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request,
initial={'username': request.session.get('invite_email', '')})
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(
request,
user,
organization_id=organization.id if organization else None,
)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('invite_email', None)
return self.redirect(auth.get_login_redirect(request))
elif request.method == 'POST':
from sentry.app import ratelimiter
from sentry.utils.hashlib import md5_text
login_attempt = op == 'login' and request.POST.get(
'username') and request.POST.get('password')
if login_attempt and ratelimiter.is_limited(
u'auth:login:username:{}'.format(
md5_text(
request.POST['username'].lower()).hexdigest()),
limit=10,
window=60, # 10 per minute should be enough for anyone
):
login_form.errors['__all__'] = [
u'You have made too many login attempts. Please try again later.'
]
metrics.incr('login.attempt',
instance='rate_limited',
skip_internal=True,
sample_rate=1.0)
elif login_form.is_valid():
user = login_form.get_user()
auth.login(
request,
user,
organization_id=organization.id if organization else None,
)
metrics.incr('login.attempt',
instance='success',
skip_internal=True,
sample_rate=1.0)
if not user.is_active:
return self.redirect(reverse('sentry-reactivate-account'))
return self.redirect(auth.get_login_redirect(request))
else:
metrics.incr('login.attempt',
instance='failure',
skip_internal=True,
sample_rate=1.0)
context = {
'op': op or 'login',
'server_hostname': get_server_hostname(),
'login_form': login_form,
'organization': organization,
'register_form': register_form,
'CAN_REGISTER': can_register,
}
context.update(additional_context.run_callbacks(request))
return self.respond_login(request,
context,
organization=organization,
*args,
**kwargs)
def handle_basic_auth(self, request, **kwargs):
can_register = self.can_register(request)
op = request.POST.get("op")
organization = kwargs.pop("organization", None)
if not op:
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if "/register" in request.path_info and can_register:
op = "register"
elif request.GET.get("op") == "sso":
op = "sso"
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request, initial={"username": request.session.get("invite_email", "")}
)
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
user_signup.send_robust(
sender=self, user=user, source="register-form", referrer="in-app"
)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user, organization_id=organization.id if organization else None)
# can_register should only allow a single registration
request.session.pop("can_register", None)
request.session.pop("invite_email", None)
# In single org mode, associate the user to the orgnaization
if settings.SENTRY_SINGLE_ORGANIZATION:
organization = Organization.get_default()
OrganizationMember.objects.create(
organization=organization, role=organization.default_role, user=user
)
# Attempt to directly accept any pending invites
invite_helper = ApiInviteHelper.from_cookie(request=request, instance=self)
if invite_helper and invite_helper.valid_request:
invite_helper.accept_invite()
response = self.redirect_to_org(request)
remove_invite_cookie(request, response)
return response
return self.redirect(auth.get_login_redirect(request))
elif request.method == "POST":
from sentry.app import ratelimiter
from sentry.utils.hashlib import md5_text
login_attempt = (
op == "login" and request.POST.get("username") and request.POST.get("password")
)
if login_attempt and ratelimiter.is_limited(
u"auth:login:username:{}".format(
md5_text(login_form.clean_username(request.POST["username"])).hexdigest()
),
limit=10,
window=60, # 10 per minute should be enough for anyone
):
login_form.errors["__all__"] = [
u"You have made too many login attempts. Please try again later."
]
metrics.incr(
"login.attempt", instance="rate_limited", skip_internal=True, sample_rate=1.0
)
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user, organization_id=organization.id if organization else None)
metrics.incr(
"login.attempt", instance="success", skip_internal=True, sample_rate=1.0
)
if not user.is_active:
return self.redirect(reverse("sentry-reactivate-account"))
return self.redirect(auth.get_login_redirect(request))
else:
metrics.incr(
"login.attempt", instance="failure", skip_internal=True, sample_rate=1.0
)
context = {
"op": op or "login",
"server_hostname": get_server_hostname(),
"login_form": login_form,
"organization": organization,
"register_form": register_form,
"CAN_REGISTER": can_register,
"join_request_link": self.get_join_request_link(organization),
}
context.update(additional_context.run_callbacks(request))
return self.respond_login(request, context, **kwargs)
def handle_basic_auth(self, request):
can_register = auth.has_user_registration() or request.session.get(
'can_register')
op = request.POST.get('op')
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if not op and '/register' in request.path_info and can_register:
op = 'register'
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request,
initial={'username': request.session.get('invite_email', '')})
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('invite_email', None)
return self.redirect(auth.get_login_redirect(request))
elif request.method == 'POST':
from sentry.app import ratelimiter
from sentry.utils.hashlib import md5_text
login_attempt = op == 'login' and request.POST.get(
'username') and request.POST.get('password')
if login_attempt and ratelimiter.is_limited(
u'auth:login:username:{}'.format(
md5_text(
request.POST['username'].lower()).hexdigest()),
limit=10,
window=60, # 10 per minute should be enough for anyone
):
login_form.errors['__all__'] = [
u'You have made too many login attempts. Please try again later.'
]
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user)
if not user.is_active:
return self.redirect(reverse('sentry-reactivate-account'))
return self.redirect(auth.get_login_redirect(request))
context = {
'op': op or 'login',
'server_hostname': get_server_hostname(),
'login_form': login_form,
'register_form': register_form,
'CAN_REGISTER': can_register,
}
return self.respond('sentry/login.html', context)
def handle_basic_auth(self, request):
can_register = features.has('auth:register') or request.session.get('can_register')
op = request.POST.get('op')
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if not op and '/register' in request.path_info and can_register:
op = 'register'
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(request)
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('needs_captcha', None)
return self.redirect(auth.get_login_redirect(request))
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user)
request.session.pop('needs_captcha', None)
if not user.is_active:
return self.redirect(reverse('sentry-reactivate-account'))
return self.redirect(auth.get_login_redirect(request))
elif request.POST and not request.session.get('needs_captcha'):
auth.log_auth_failure(request, request.POST.get('username'))
request.session['needs_captcha'] = 1
login_form = self.get_login_form(request)
login_form.errors.pop('captcha', None)
if can_register:
register_form = self.get_register_form(request)
register_form.errors.pop('captcha', None)
# When the captcha fails, hide any other errors
# to prevent brute force attempts.
if 'captcha' in login_form.errors:
for k in login_form.errors.keys():
if k != 'captcha':
login_form.errors.pop(k)
request.session.set_test_cookie()
context = {
'op': op or 'login',
'server_hostname': get_server_hostname(),
'login_form': login_form,
'register_form': register_form,
'CAN_REGISTER': can_register,
}
return self.respond('sentry/login.html', context)
def __iter__(self):
yield get_server_hostname() or '*'
def handle_basic_auth(self, request, organization=None, *args, **kwargs):
can_register = self.can_register(
request, organization=organization, *args, **kwargs)
op = request.POST.get('op')
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if not op and '/register' in request.path_info and can_register:
op = 'register'
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request, initial={
'username': request.session.get('invite_email', '')}
)
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(
request,
user,
organization_id=organization.id if organization else None,
)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('invite_email', None)
return self.redirect(auth.get_login_redirect(request))
elif request.method == 'POST':
from sentry.app import ratelimiter
from sentry.utils.hashlib import md5_text
login_attempt = op == 'login' and request.POST.get('username'
) and request.POST.get('password')
if login_attempt and ratelimiter.is_limited(
u'auth:login:username:{}'.
format(md5_text(request.POST['username'].lower()).hexdigest()),
limit=10,
window=60, # 10 per minute should be enough for anyone
):
login_form.errors['__all__'] = [
u'You have made too many login attempts. Please try again later.'
]
elif login_form.is_valid():
user = login_form.get_user()
auth.login(
request,
user,
organization_id=organization.id if organization else None,
)
if not user.is_active:
return self.redirect(reverse('sentry-reactivate-account'))
return self.redirect(auth.get_login_redirect(request))
context = {
'op': op or 'login',
'server_hostname': get_server_hostname(),
'login_form': login_form,
'organization': organization,
'register_form': register_form,
'CAN_REGISTER': can_register,
}
return self.respond_login(request, context, organization=organization, *args, **kwargs)
def handle_basic_auth(self, request, **kwargs):
can_register = self.can_register(request)
op = request.POST.get("op")
organization = kwargs.pop("organization", None)
if not op:
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if "/register" in request.path_info and can_register:
op = "register"
elif request.GET.get("op") == "sso":
op = "sso"
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request,
initial={"username": request.session.get("invite_email", "")})
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(
request,
user,
organization_id=organization.id if organization else None)
# can_register should only allow a single registration
request.session.pop("can_register", None)
request.session.pop("invite_email", None)
return self.redirect(auth.get_login_redirect(request))
elif request.method == "POST":
from sentry.app import ratelimiter
from sentry.utils.hashlib import md5_text
login_attempt = (op == "login" and request.POST.get("username")
and request.POST.get("password"))
if login_attempt and ratelimiter.is_limited(
u"auth:login:username:{}".format(
md5_text(
request.POST["username"].lower()).hexdigest()),
limit=10,
window=60, # 10 per minute should be enough for anyone
):
login_form.errors["__all__"] = [
u"You have made too many login attempts. Please try again later."
]
metrics.incr("login.attempt",
instance="rate_limited",
skip_internal=True,
sample_rate=1.0)
elif login_form.is_valid():
user = login_form.get_user()
auth.login(
request,
user,
organization_id=organization.id if organization else None)
metrics.incr("login.attempt",
instance="success",
skip_internal=True,
sample_rate=1.0)
if not user.is_active:
return self.redirect(reverse("sentry-reactivate-account"))
return self.redirect(auth.get_login_redirect(request))
else:
metrics.incr("login.attempt",
instance="failure",
skip_internal=True,
sample_rate=1.0)
context = {
"op": op or "login",
"server_hostname": get_server_hostname(),
"login_form": login_form,
"organization": organization,
"register_form": register_form,
"CAN_REGISTER": can_register,
}
context.update(additional_context.run_callbacks(request))
return self.respond_login(request, context, **kwargs)
