def needs_sso(self, request, organization):
# XXX(dcramer): this is very similar to the server-rendered views
# logic for checking valid SSO
if not request.access.requires_sso:
return False
if not auth.has_completed_sso(request, organization.id):
return True
if not request.access.sso_is_valid:
return True
return False
def needs_sso(self, request, organization):
# XXX(dcramer): this is very similar to the server-rendered views
# logic for checking valid SSO
if not request.access.requires_sso:
return False
if not auth.has_completed_sso(request, organization.id):
return True
if not request.access.sso_is_valid:
return True
return False
def is_privileged_request(self):
allowed_ips = self.allowed_ips
# if we've bound superuser to an organization they must
# have completed SSO to gain status
if self.org_id and not has_completed_sso(self.request, self.org_id):
return False
# if there's no IPs configured, we allow assume its the same as *
if not allowed_ips:
return True
ip = ipaddress.ip_address(
six.text_type(self.request.META['REMOTE_ADDR']))
if not any(ip in addr for addr in allowed_ips):
return False
return True
def needs_sso(self, request, organization):
if not organization:
return False
# XXX(dcramer): this branch should really never hit
if not request.user.is_authenticated():
return False
if not self.valid_sso_required:
return False
if not request.access.requires_sso:
return False
if not auth.has_completed_sso(request, organization.id):
return True
if not request.access.sso_is_valid:
return True
return False
def is_privileged_request(self):
"""
Returns ``(bool is_privileged, str reason)``
"""
allowed_ips = self.allowed_ips
# if we've bound superuser to an organization they must
# have completed SSO to gain status
if self.org_id and not has_completed_sso(self.request, self.org_id):
return False, "incomplete-sso"
# if there's no IPs configured, we allow assume its the same as *
if not allowed_ips:
return True, None
ip = ipaddress.ip_address(str(self.request.META["REMOTE_ADDR"]))
if not any(ip in addr for addr in allowed_ips):
return False, "invalid-ip"
return True, None
def is_privileged_request(self):
"""
Returns ``(bool is_privileged, str reason)``
"""
allowed_ips = self.allowed_ips
# if we've bound superuser to an organization they must
# have completed SSO to gain status
if self.org_id and not has_completed_sso(self.request, self.org_id):
return False, 'incomplete-sso'
# if there's no IPs configured, we allow assume its the same as *
if not allowed_ips:
return True, None
ip = ipaddress.ip_address(six.text_type(self.request.META['REMOTE_ADDR']))
if not any(ip in addr for addr in allowed_ips):
return False, 'invalid-ip'
return True, None
def is_privileged_request(self):
"""
Returns ``(bool is_privileged, str reason)``
"""
from sentry.utils.auth import has_completed_sso # Django 1.9 setup issue
allowed_ips = self.allowed_ips
# if we've bound superuser to an organization they must
# have completed SSO to gain status
if self.org_id and not has_completed_sso(self.request, self.org_id):
return False, 'incomplete-sso'
# if there's no IPs configured, we allow assume its the same as *
if not allowed_ips:
return True, None
ip = ipaddress.ip_address(
six.text_type(self.request.META['REMOTE_ADDR']))
if not any(ip in addr for addr in allowed_ips):
return False, 'invalid-ip'
return True, None