def _finish_setup_pipeline(self, identity): """ The setup flow creates the auth provider as well as an identity linked to the active user. """ request = self.request if not request.user.is_authenticated(): return self.error(ERR_NOT_AUTHED) if request.user.id != self.state.uid: return self.error(ERR_UID_MISMATCH) data = self.fetch_state() config = self.provider.build_config(data) try: om = OrganizationMember.objects.get(user=request.user, organization=self.organization) except OrganizationMember.DoesNotExist: return self.error(ERR_UID_MISMATCH) # disable require 2FA for the organization # since only SSO or require 2FA can be enabled self.disable_2fa_required() self.auth_provider = AuthProvider.objects.create( organization=self.organization, provider=self.provider.key, config=config ) handle_attach_identity( self.auth_provider, self.request, self.organization, self.provider, identity, om ) auth.mark_sso_complete(request, self.organization.id) sso_enabled.send_robust( organization=self.organization, user=request.user, provider=self.provider.key, sender=self.__class__, ) AuditLogEntry.objects.create( organization=self.organization, actor=request.user, ip_address=request.META["REMOTE_ADDR"], target_object=self.auth_provider.id, event=AuditLogEntryEvent.SSO_ENABLE, data=self.auth_provider.get_audit_log_data(), ) email_missing_links.delay(self.organization.id, request.user.id, self.provider.key) messages.add_message(self.request, messages.SUCCESS, OK_SETUP_SSO) self.clear_session() next_uri = reverse( "sentry-organization-auth-provider-settings", args=[self.organization.slug] ) return HttpResponseRedirect(next_uri)
def _finish_setup_pipeline(self, identity): """ The setup flow creates the auth provider as well as an identity linked to the active user. """ request = self.request if not request.user.is_authenticated(): return self.error(ERR_NOT_AUTHED) if request.user.id != self.state.uid: return self.error(ERR_UID_MISMATCH) data = self.fetch_state() config = self.provider.build_config(data) try: om = OrganizationMember.objects.get( user=request.user, organization=self.organization, ) except OrganizationMember.DoesNotExist: return self.error(ERR_UID_MISMATCH) # disable require 2FA for the organization # since only SSO or require 2FA can be enabled self.disable_2fa_required() self.auth_provider = AuthProvider.objects.create( organization=self.organization, provider=self.provider.key, config=config, ) handle_attach_identity( self.auth_provider, self.request, self.organization, self.provider, identity, om, ) auth.mark_sso_complete(request, self.organization.id) sso_enabled.send_robust( organization=self.organization, user=request.user, provider=self.provider.key, sender=self.__class__) AuditLogEntry.objects.create( organization=self.organization, actor=request.user, ip_address=request.META['REMOTE_ADDR'], target_object=self.auth_provider.id, event=AuditLogEntryEvent.SSO_ENABLE, data=self.auth_provider.get_audit_log_data(), ) email_missing_links.delay(self.organization.id, request.user.id, self.provider.key) messages.add_message( self.request, messages.SUCCESS, OK_SETUP_SSO, ) self.clear_session() next_uri = reverse( 'sentry-organization-auth-provider-settings', args=[ self.organization.slug, ] ) return HttpResponseRedirect(next_uri)