def sso_auth_check(self): if GOOGLE_AUTH in self.auth_type: try: resp = utils.request.get(AUTH_SERVER + '/update/google?user=%s&license=%s' % (self.email, settings.app.license)) if resp.status_code == 200: return True except: logger.exception( 'Google auth check error', 'user', user_id=self.id, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type: try: return sso.auth_onelogin(self.name) except: logger.exception( 'OneLogin auth check error', 'user', user_id=self.id, ) return False return True
def sso_auth_check(self, password): if GOOGLE_AUTH in self.auth_type: try: resp = utils.request.get(AUTH_SERVER + '/update/google?user=%s&license=%s' % ( self.email, settings.app.license)) if resp.status_code == 200: return True except: logger.exception('Google auth check error', 'user', user_id=self.id, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type: try: return sso.auth_onelogin(self.name) except: logger.exception('OneLogin auth check error', 'user', user_id=self.id, ) return False elif RADIUS_AUTH in self.auth_type: try: return sso.verify_radius(self.name, password)[0] except: logger.exception('Radius auth check error', 'user', user_id=self.id, ) return False return True
def sso_auth_check(self, password): if GOOGLE_AUTH in self.auth_type: try: resp = requests.get(AUTH_SERVER + '/update/google?user=%s&license=%s' % ( urllib.quote(self.email), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception('Google auth check error', 'user', user_id=self.id, ) return False elif SLACK_AUTH in self.auth_type: try: resp = requests.get(AUTH_SERVER + '/update/slack?user=%s&team=%s&license=%s' % ( urllib.quote(self.name), urllib.quote(settings.app.sso_match[0]), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception('Slack auth check error', 'user', user_id=self.id, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type: try: return sso.auth_onelogin(self.name) except: logger.exception('OneLogin auth check error', 'user', user_id=self.id, ) return False elif SAML_OKTA_AUTH in self.auth_type: try: return sso.auth_okta(self.name) except: logger.exception('Okta auth check error', 'user', user_id=self.id, ) return False elif RADIUS_AUTH in self.auth_type: try: return sso.verify_radius(self.name, password)[0] except: logger.exception('Radius auth check error', 'user', user_id=self.id, ) return False return True
def sso_auth_check(self): if GOOGLE_AUTH in self.auth_type: try: resp = utils.request.get( AUTH_SERVER + "/update/google?user=%s&license=%s" % (self.email, settings.app.license) ) if resp.status_code == 200: return True except: logger.exception("Google auth check error", "user", user_id=self.id) return False elif SAML_ONELOGIN_AUTH in self.auth_type: try: return sso.auth_onelogin(self.name) except: logger.exception("OneLogin auth check error", "user", user_id=self.id) return False return True
def sso_auth_check(self, password, remote_ip): sso_mode = settings.app.sso or '' auth_server = AUTH_SERVER if settings.app.dedicated: auth_server = settings.app.dedicated if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get(auth_server + '/update/google?user=%s&license=%s' % ( urllib.quote(self.email), settings.app.license, )) if resp.status_code != 200: logger.error( 'Google auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False valid, google_groups = sso.verify_google(self.email) if not valid: logger.error( 'Google auth check failed', 'user', user_id=self.id, user_name=self.name, ) return False if settings.app.sso_google_mode == 'groups': cur_groups = set(self.groups) new_groups = set(google_groups) if cur_groups != new_groups: self.groups = list(new_groups) self.commit('groups') return True except: logger.exception( 'Google auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif AZURE_AUTH in self.auth_type and AZURE_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get( auth_server + ('/update/azure?user=%s&license=%s&' + 'directory_id=%s&app_id=%s&app_secret=%s') % ( urllib.quote(self.name), settings.app.license, urllib.quote(settings.app.sso_azure_directory_id), urllib.quote(settings.app.sso_azure_app_id), urllib.quote(settings.app.sso_azure_app_secret), )) if resp.status_code != 200: logger.error( 'Azure auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False valid, azure_groups = sso.verify_azure(self.name) if not valid: logger.error( 'Azure auth check failed', 'user', user_id=self.id, user_name=self.name, ) return False if settings.app.sso_azure_mode == 'groups': cur_groups = set(self.groups) new_groups = set(azure_groups) if cur_groups != new_groups: self.groups = list(new_groups) self.commit('groups') return True except: logger.exception( 'Azure auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True if not isinstance(settings.app.sso_match, list): raise TypeError('Invalid sso match') try: resp = requests.get( auth_server + '/update/slack?user=%s&team=%s&license=%s' % ( urllib.quote(self.name), urllib.quote(settings.app.sso_match[0]), settings.app.license, )) if resp.status_code != 200: logger.error( 'Slack auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False return True except: logger.exception( 'Slack auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type and \ SAML_ONELOGIN_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_onelogin(self.name) except: logger.exception( 'OneLogin auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif SAML_OKTA_AUTH in self.auth_type and \ SAML_OKTA_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_okta(self.name) except: logger.exception( 'Okta auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode: try: return sso.verify_radius(self.name, password)[0] except: logger.exception( 'Radius auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif PLUGIN_AUTH in self.auth_type: try: return sso.plugin_login_authenticate( user_name=self.name, password=password, remote_ip=remote_ip, )[0] except: logger.exception( 'Plugin auth check error', 'user', user_id=self.id, user_name=self.name, ) return False return True
def sso_auth_check(self, password, remote_ip): sso_mode = settings.app.sso or '' auth_server = AUTH_SERVER if settings.app.dedicated: auth_server = settings.app.dedicated if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get(auth_server + '/update/google?user=%s&license=%s' % ( urllib.quote(self.email), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception( 'Google auth check error', 'user', user_id=self.id, ) return False elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True if not isinstance(settings.app.sso_match, list): raise TypeError('Invalid sso match') try: resp = requests.get( auth_server + '/update/slack?user=%s&team=%s&license=%s' % ( urllib.quote(self.name), urllib.quote(settings.app.sso_match[0]), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception( 'Slack auth check error', 'user', user_id=self.id, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type and \ SAML_ONELOGIN_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_onelogin(self.name) except: logger.exception( 'OneLogin auth check error', 'user', user_id=self.id, ) return False elif SAML_OKTA_AUTH in self.auth_type and \ SAML_OKTA_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_okta(self.name) except: logger.exception( 'Okta auth check error', 'user', user_id=self.id, ) return False elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode: try: return sso.verify_radius(self.name, password)[0] except: logger.exception( 'Radius auth check error', 'user', user_id=self.id, ) return False elif PLUGIN_AUTH in self.auth_type: try: return sso.plugin_login_authenticate( user_name=self.name, password=password, remote_ip=remote_ip, )[0] except: logger.exception( 'Plugin auth check error', 'user', user_id=self.id, ) return False return True
def sso_auth_check(self, password, remote_ip): sso_mode = settings.app.sso or '' if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get(AUTH_SERVER + '/update/google?user=%s&license=%s' % ( urllib.quote(self.email), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception('Google auth check error', 'user', user_id=self.id, ) return False elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True if not isinstance(settings.app.sso_match, list): raise TypeError('Invalid sso match') try: resp = requests.get(AUTH_SERVER + '/update/slack?user=%s&team=%s&license=%s' % ( urllib.quote(self.name), urllib.quote(settings.app.sso_match[0]), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception('Slack auth check error', 'user', user_id=self.id, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type and \ SAML_ONELOGIN_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_onelogin(self.name) except: logger.exception('OneLogin auth check error', 'user', user_id=self.id, ) return False elif SAML_OKTA_AUTH in self.auth_type and \ SAML_OKTA_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_okta(self.name) except: logger.exception('Okta auth check error', 'user', user_id=self.id, ) return False elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode: try: return sso.verify_radius(self.name, password)[0] except: logger.exception('Radius auth check error', 'user', user_id=self.id, ) return False elif PLUGIN_AUTH in self.auth_type: try: return sso.plugin_login_authenticate( user_name=self.name, password=password, remote_ip=remote_ip, )[0] except: logger.exception('Plugin auth check error', 'user', user_id=self.id, ) return False return True
def sso_auth_check(self, password, remote_ip): sso_mode = settings.app.sso or '' auth_server = AUTH_SERVER if settings.app.dedicated: auth_server = settings.app.dedicated if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get(auth_server + '/update/google?user=%s&license=%s' % ( urllib.quote(self.email), settings.app.license, )) if resp.status_code != 200: logger.error('Google auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False valid, google_groups = sso.verify_google(self.email) if not valid: logger.error('Google auth check failed', 'user', user_id=self.id, user_name=self.name, ) return False if settings.app.sso_google_mode == 'groups': cur_groups = set(self.groups) new_groups = set(google_groups) if cur_groups != new_groups: self.groups = list(new_groups) self.commit('groups') return True except: logger.exception('Google auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif AZURE_AUTH in self.auth_type and AZURE_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get(auth_server + ('/update/azure?user=%s&license=%s&' + 'directory_id=%s&app_id=%s&app_secret=%s') % ( urllib.quote(self.name), settings.app.license, urllib.quote(settings.app.sso_azure_directory_id), urllib.quote(settings.app.sso_azure_app_id), urllib.quote(settings.app.sso_azure_app_secret), )) if resp.status_code != 200: logger.error('Azure auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False valid, azure_groups = sso.verify_azure(self.name) if not valid: logger.error('Azure auth check failed', 'user', user_id=self.id, user_name=self.name, ) return False if settings.app.sso_azure_mode == 'groups': cur_groups = set(self.groups) new_groups = set(azure_groups) if cur_groups != new_groups: self.groups = list(new_groups) self.commit('groups') return True except: logger.exception('Azure auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif AUTHZERO_AUTH in self.auth_type and AUTHZERO_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: resp = requests.get(auth_server + ('/update/authzero?user=%s&license=%s&' + 'app_domain=%s&app_id=%s&app_secret=%s') % ( urllib.quote(self.name), settings.app.license, urllib.quote(settings.app.sso_authzero_domain), urllib.quote(settings.app.sso_authzero_app_id), urllib.quote(settings.app.sso_authzero_app_secret), )) if resp.status_code != 200: logger.error('Auth0 auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False valid, authzero_groups = sso.verify_authzero(self.name) if not valid: logger.error('Auth0 auth check failed', 'user', user_id=self.id, user_name=self.name, ) return False if settings.app.sso_authzero_mode == 'groups': cur_groups = set(self.groups) new_groups = set(authzero_groups) if cur_groups != new_groups: self.groups = list(new_groups) self.commit('groups') return True except: logger.exception('Auth0 auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True if not isinstance(settings.app.sso_match, list): raise TypeError('Invalid sso match') try: resp = requests.get(auth_server + '/update/slack?user=%s&team=%s&license=%s' % ( urllib.quote(self.name), urllib.quote(settings.app.sso_match[0]), settings.app.license, )) if resp.status_code != 200: logger.error('Slack auth check request error', 'user', user_id=self.id, user_name=self.name, status_code=resp.status_code, content=resp.content, ) return False return True except: logger.exception('Slack auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type and \ SAML_ONELOGIN_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_onelogin(self.name) except: logger.exception('OneLogin auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif SAML_OKTA_AUTH in self.auth_type and \ SAML_OKTA_AUTH in sso_mode: if settings.user.skip_remote_sso_check: return True try: return sso.auth_okta(self.name) except: logger.exception('Okta auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode: try: return sso.verify_radius(self.name, password)[0] except: logger.exception('Radius auth check error', 'user', user_id=self.id, user_name=self.name, ) return False elif PLUGIN_AUTH in self.auth_type: try: return sso.plugin_login_authenticate( user_name=self.name, password=password, remote_ip=remote_ip, )[1] except: logger.exception('Plugin auth check error', 'user', user_id=self.id, user_name=self.name, ) return False return True
def sso_auth_check(self, password): if GOOGLE_AUTH in self.auth_type: try: resp = utils.request.get(AUTH_SERVER + '/update/google?user=%s&license=%s' % ( urllib.quote(self.email), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception( 'Google auth check error', 'user', user_id=self.id, ) return False elif SLACK_AUTH in self.auth_type: try: resp = utils.request.get( AUTH_SERVER + '/update/slack?user=%s&team=%s&license=%s' % ( urllib.quote(self.name), urllib.quote(settings.app.sso_match[0]), settings.app.license, )) if resp.status_code == 200: return True except: logger.exception( 'Slack auth check error', 'user', user_id=self.id, ) return False elif SAML_ONELOGIN_AUTH in self.auth_type: try: return sso.auth_onelogin(self.name) except: logger.exception( 'OneLogin auth check error', 'user', user_id=self.id, ) return False elif SAML_OKTA_AUTH in self.auth_type: try: return sso.auth_okta(self.name) except: logger.exception( 'Okta auth check error', 'user', user_id=self.id, ) return False elif RADIUS_AUTH in self.auth_type: try: return sso.verify_radius(self.name, password)[0] except: logger.exception( 'Radius auth check error', 'user', user_id=self.id, ) return False return True