def wrapped(func):
warnings.warn(
'%s.%s is used deprecated @has_access' % (func.__module__, func.__name__),
DeprecationWarning)
@wraps(func)
def _wrapped(request, *args, **kwargs):
# All requests require authentication
if not request.user.is_authenticated():
request.session['_next'] = request.get_full_path()
if request.is_ajax():
return HttpResponse(status=401)
return HttpResponseRedirect(get_login_url())
has_org = 'organization_slug' in kwargs
has_team = 'team_slug' in kwargs
has_project = 'project_id' in kwargs
organization_slug = kwargs.pop('organization_slug', None)
team_slug = kwargs.pop('team_slug', None)
project_id = kwargs.pop('project_id', None)
assert not has_team or has_org, \
'Must pass organization_slug with team_slug'
if organization_slug:
if not request.user.is_superuser:
if has_team or has_project:
org_access = None
else:
org_access = access
org_list = Organization.objects.get_for_user(
user=request.user,
access=org_access,
)
for o in org_list:
if o.slug == organization_slug:
organization = o
break
else:
logging.debug('User %s is not listed in organization with slug %s', request.user.id, organization_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
try:
organization = Organization.objects.get_from_cache(
slug=organization_slug,
)
except Organization.DoesNotExist:
logging.debug('Organization with slug %s does not exist', organization_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
organization = None
if team_slug:
if not request.user.is_superuser:
team_list = Team.objects.get_for_user(
user=request.user,
access=access,
organization=organization,
)
for t in team_list:
if t.slug == team_slug:
team = t
break
else:
logging.debug('User %s is not listed in team with slug %s', request.user.id, team_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
try:
team = Team.objects.get_from_cache(
slug=team_slug,
organization=organization,
)
except Team.DoesNotExist:
logging.debug('Team with slug %s does not exist', team_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
team = None
if project_id:
# Support project id's
if project_id.isdigit():
lookup_kwargs = {'id': int(project_id)}
elif organization:
lookup_kwargs = {'slug': project_id, 'organization': organization}
else:
return HttpResponseRedirect(reverse('sentry'))
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
if project_id.isdigit():
# It could be a numerical slug
try:
project = Project.objects.get_from_cache(slug=project_id)
except Project.DoesNotExist:
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
if not request.user.is_superuser and not project.has_access(request.user, access=access):
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
project = None
if has_project:
kwargs['project'] = project
if has_team:
kwargs['team'] = team
if has_org:
kwargs['organization'] = organization
return func(request, *args, **kwargs)
if access == MEMBER_OWNER:
_wrapped = login_required(sudo_required(_wrapped))
return _wrapped
def wrapped(func):
@wraps(func)
def _wrapped(request, *args, **kwargs):
# All requests require authentication
if not request.user.is_authenticated():
request.session['_next'] = request.get_full_path()
return HttpResponseRedirect(get_login_url())
has_team = 'team_slug' in kwargs
has_project = 'project_id' in kwargs
team_slug = kwargs.pop('team_slug', None)
project_id = kwargs.pop('project_id', None)
# Pull in team if it's part of the URL arguments
if team_slug:
if request.user.is_superuser:
try:
team = Team.objects.get_from_cache(slug=team_slug)
except Team.DoesNotExist:
return HttpResponseRedirect(reverse('sentry'))
else:
team_list = Team.objects.get_for_user(request.user, access)
try:
team = team_list[team_slug]
except KeyError:
return HttpResponseRedirect(reverse('sentry'))
else:
team = None
if project_id:
# Support project id's
if request.user.is_superuser:
if project_id.isdigit():
lookup_kwargs = {'id': int(project_id)}
elif team:
lookup_kwargs = {'slug': project_id, 'team': team}
else:
return HttpResponseRedirect(reverse('sentry'))
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
if project_id.isdigit():
# It could be a numerical slug
try:
project = Project.objects.get_from_cache(slug=project_id)
except Project.DoesNotExist:
return HttpResponseRedirect(reverse('sentry'))
else:
return HttpResponseRedirect(reverse('sentry'))
else:
project_list = Project.objects.get_for_user(request.user, access, team=team)
if project_id.isdigit():
key = 'id'
value = int(project_id)
elif team:
key = 'slug'
value = project_id
else:
return HttpResponseRedirect(reverse('sentry'))
for p in project_list:
if getattr(p, key) == value:
project = p
break
else:
return HttpResponseRedirect(reverse('sentry'))
else:
project = None
if has_project:
# ensure we're accessing this url correctly
if project and team:
if project.team_id != team.id:
return HttpResponseRedirect(reverse('sentry'))
project._team_cache = team
kwargs['project'] = project
if has_team:
kwargs['team'] = team
return func(request, *args, **kwargs)
if access is MEMBER_OWNER:
_wrapped = login_required(sudo_required(_wrapped))
return _wrapped
def wrapped(func):
warnings.warn(
'%s.%s is used deprecated @has_access' %
(func.__module__, func.__name__), DeprecationWarning)
@wraps(func)
def _wrapped(request, *args, **kwargs):
# All requests require authentication
if not request.user.is_authenticated():
request.session['_next'] = request.get_full_path()
if request.is_ajax():
return HttpResponse(status=401)
if 'organization_slug' in kwargs:
redirect_uri = reverse('sentry-auth-organization',
args=[kwargs['organization_slug']])
else:
redirect_uri = get_login_url()
return HttpResponseRedirect(redirect_uri)
has_org = 'organization_slug' in kwargs
has_team = 'team_slug' in kwargs
has_project = 'project_id' in kwargs
organization_slug = kwargs.pop('organization_slug', None)
team_slug = kwargs.pop('team_slug', None)
project_id = kwargs.pop('project_id', None)
assert not has_team or has_org, \
'Must pass organization_slug with team_slug'
if organization_slug:
if not request.user.is_superuser:
if has_team or has_project:
org_access = None
else:
org_access = access
org_list = Organization.objects.get_for_user(
user=request.user,
access=org_access,
)
for o in org_list:
if o.slug == organization_slug:
organization = o
break
else:
logging.debug(
'User %s is not listed in organization with slug %s',
request.user.id, organization_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
try:
organization = Organization.objects.get_from_cache(
slug=organization_slug, )
except Organization.DoesNotExist:
logging.debug(
'Organization with slug %s does not exist',
organization_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
organization = None
if team_slug:
if not request.user.is_superuser:
team_list = Team.objects.get_for_user(
user=request.user,
access=access,
organization=organization,
)
for t in team_list:
if t.slug == team_slug:
team = t
break
else:
logging.debug(
'User %s is not listed in team with slug %s',
request.user.id, team_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
try:
team = Team.objects.get_from_cache(
slug=team_slug,
organization=organization,
)
except Team.DoesNotExist:
logging.debug('Team with slug %s does not exist',
team_slug)
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
team = None
if project_id:
# Support project id's
if project_id.isdigit():
lookup_kwargs = {'id': int(project_id)}
elif organization:
lookup_kwargs = {
'slug': project_id,
'organization': organization
}
else:
return HttpResponseRedirect(reverse('sentry'))
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
if project_id.isdigit():
# It could be a numerical slug
try:
project = Project.objects.get_from_cache(
slug=project_id)
except Project.DoesNotExist:
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
if not request.user.is_superuser and not project.has_access(
request.user, access=access):
if request.is_ajax():
return HttpResponse(status=400)
return HttpResponseRedirect(reverse('sentry'))
else:
project = None
if has_project:
kwargs['project'] = project
if has_team:
kwargs['team'] = team
if has_org:
kwargs['organization'] = organization
return func(request, *args, **kwargs)
if access == MEMBER_OWNER:
_wrapped = login_required(sudo_required(_wrapped))
return _wrapped
qrcode_url = "user-twofactor-qrcode"
def done(self, *args, **kwargs):
out = super(TwoFactorSetupView, self).done(*args, **kwargs)
messages.success(self.request, _("Two factor authentication has been enabled on your account."))
return out
def get(self, request, *args, **kwargs):
"""A special GET request won't reset the wizard"""
if "qr" in request.GET:
return self.render(self.get_form())
else:
return super(TwoFactorSetupView, self).get(request, *args, **kwargs)
def get_context_data(self, **kwargs):
context = super(TwoFactorSetupView, self).get_context_data(**kwargs)
if self.steps.current == 'generator':
context["secret"] = self.request.session[self.session_key_name]
context["qr"] = int(self.request.GET.get("qr", "1"))
return context
backup_view = sudo_required(core.BackupTokensView.as_view(template_name="account/twofactor-backup.html", redirect_url="user-twofactor-backup"))
disable_view = sudo_required(profile.DisableView.as_view(template_name="account/twofactor-disable.html", redirect_url="user-security"))
login = anonymous_required(LoginView.as_view())
setup_view = sudo_required(TwoFactorSetupView.as_view())
qrcode_view = sudo_required(core.QRGeneratorView.as_view())
twofactor_view = profile.ProfileView.as_view(template_name="account/security.html")
def as_view(cls, **initkwargs):
view = super(SudoMixin, cls).as_view(**initkwargs)
return sudo_required(view)
)
success_url = "user-twofactor-backup"
qrcode_url = "user-twofactor-qrcode"
def done(self, *args, **kwargs):
out = super(TwoFactorSetupView, self).done(*args, **kwargs)
messages.success(self.request, _("Two factor authentication has been enabled on your account."))
return out
def get_context_data(self, **kwargs):
context = super(TwoFactorSetupView, self).get_context_data(**kwargs)
if self.steps.current == 'generator':
context["secret"] = self.request.session[self.session_key_name]
return context
def post(self, *args, **kwargs):
try:
return super(TwoFactorSetupView, self).post(*args, **kwargs)
except ValidationError:
raise SuspiciousOperation("ManagementForm data is missing or has been tampered.")
backup_view = sudo_required(core.BackupTokensView.as_view(template_name="account/twofactor-backup.html", success_url="user-twofactor-backup"))
disable_view = sudo_required(profile.DisableView.as_view(template_name="account/twofactor-disable.html", success_url="user-security"))
login = anonymous_required(LoginView.as_view())
setup_view = sudo_required(TwoFactorSetupView.as_view())
qrcode_view = sudo_required(core.QRGeneratorView.as_view())
twofactor_view = profile.ProfileView.as_view(template_name="account/security.html")
