Example #1
0
 def needs_sso(self, request, organization):
     # XXX(dcramer): this is very similar to the server-rendered views
     # logic for checking valid SSO
     if not request.access.requires_sso:
         return False
     if not auth.has_completed_sso(request, organization.id):
         return True
     if not request.access.sso_is_valid:
         return True
     return False
Example #2
0
 def needs_sso(self, request, organization):
     # XXX(dcramer): this is very similar to the server-rendered views
     # logic for checking valid SSO
     if not request.access.requires_sso:
         return False
     if not auth.has_completed_sso(request, organization.id):
         return True
     if not request.access.sso_is_valid:
         return True
     return False
Example #3
0
 def is_privileged_request(self):
     allowed_ips = self.allowed_ips
     # if we've bound superuser to an organization they must
     # have completed SSO to gain status
     if self.org_id and not has_completed_sso(self.request, self.org_id):
         return False
     # if there's no IPs configured, we allow assume its the same as *
     if not allowed_ips:
         return True
     ip = ipaddress.ip_address(
         six.text_type(self.request.META['REMOTE_ADDR']))
     if not any(ip in addr for addr in allowed_ips):
         return False
     return True
Example #4
0
 def needs_sso(self, request, organization):
     if not organization:
         return False
     # XXX(dcramer): this branch should really never hit
     if not request.user.is_authenticated():
         return False
     if not self.valid_sso_required:
         return False
     if not request.access.requires_sso:
         return False
     if not auth.has_completed_sso(request, organization.id):
         return True
     if not request.access.sso_is_valid:
         return True
     return False
 def is_privileged_request(self):
     """
     Returns ``(bool is_privileged, str reason)``
     """
     allowed_ips = self.allowed_ips
     # if we've bound superuser to an organization they must
     # have completed SSO to gain status
     if self.org_id and not has_completed_sso(self.request, self.org_id):
         return False, "incomplete-sso"
     # if there's no IPs configured, we allow assume its the same as *
     if not allowed_ips:
         return True, None
     ip = ipaddress.ip_address(str(self.request.META["REMOTE_ADDR"]))
     if not any(ip in addr for addr in allowed_ips):
         return False, "invalid-ip"
     return True, None
Example #6
0
 def is_privileged_request(self):
     """
     Returns ``(bool is_privileged, str reason)``
     """
     allowed_ips = self.allowed_ips
     # if we've bound superuser to an organization they must
     # have completed SSO to gain status
     if self.org_id and not has_completed_sso(self.request, self.org_id):
         return False, 'incomplete-sso'
     # if there's no IPs configured, we allow assume its the same as *
     if not allowed_ips:
         return True, None
     ip = ipaddress.ip_address(six.text_type(self.request.META['REMOTE_ADDR']))
     if not any(ip in addr for addr in allowed_ips):
         return False, 'invalid-ip'
     return True, None
Example #7
0
 def is_privileged_request(self):
     """
     Returns ``(bool is_privileged, str reason)``
     """
     from sentry.utils.auth import has_completed_sso  # Django 1.9 setup issue
     allowed_ips = self.allowed_ips
     # if we've bound superuser to an organization they must
     # have completed SSO to gain status
     if self.org_id and not has_completed_sso(self.request, self.org_id):
         return False, 'incomplete-sso'
     # if there's no IPs configured, we allow assume its the same as *
     if not allowed_ips:
         return True, None
     ip = ipaddress.ip_address(
         six.text_type(self.request.META['REMOTE_ADDR']))
     if not any(ip in addr for addr in allowed_ips):
         return False, 'invalid-ip'
     return True, None