def wrapped(func): warnings.warn( '%s.%s is used deprecated @has_access' % (func.__module__, func.__name__), DeprecationWarning) @wraps(func) def _wrapped(request, *args, **kwargs): # All requests require authentication if not request.user.is_authenticated(): request.session['_next'] = request.get_full_path() if request.is_ajax(): return HttpResponse(status=401) return HttpResponseRedirect(get_login_url()) has_org = 'organization_slug' in kwargs has_team = 'team_slug' in kwargs has_project = 'project_id' in kwargs organization_slug = kwargs.pop('organization_slug', None) team_slug = kwargs.pop('team_slug', None) project_id = kwargs.pop('project_id', None) assert not has_team or has_org, \ 'Must pass organization_slug with team_slug' if organization_slug: if not request.user.is_superuser: if has_team or has_project: org_access = None else: org_access = access org_list = Organization.objects.get_for_user( user=request.user, access=org_access, ) for o in org_list: if o.slug == organization_slug: organization = o break else: logging.debug('User %s is not listed in organization with slug %s', request.user.id, organization_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: try: organization = Organization.objects.get_from_cache( slug=organization_slug, ) except Organization.DoesNotExist: logging.debug('Organization with slug %s does not exist', organization_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: organization = None if team_slug: if not request.user.is_superuser: team_list = Team.objects.get_for_user( user=request.user, access=access, organization=organization, ) for t in team_list: if t.slug == team_slug: team = t break else: logging.debug('User %s is not listed in team with slug %s', request.user.id, team_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: try: team = Team.objects.get_from_cache( slug=team_slug, organization=organization, ) except Team.DoesNotExist: logging.debug('Team with slug %s does not exist', team_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: team = None if project_id: # Support project id's if project_id.isdigit(): lookup_kwargs = {'id': int(project_id)} elif organization: lookup_kwargs = {'slug': project_id, 'organization': organization} else: return HttpResponseRedirect(reverse('sentry')) try: project = Project.objects.get_from_cache(**lookup_kwargs) except Project.DoesNotExist: if project_id.isdigit(): # It could be a numerical slug try: project = Project.objects.get_from_cache(slug=project_id) except Project.DoesNotExist: if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) if not request.user.is_superuser and not project.has_access(request.user, access=access): if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: project = None if has_project: kwargs['project'] = project if has_team: kwargs['team'] = team if has_org: kwargs['organization'] = organization return func(request, *args, **kwargs) if access == MEMBER_OWNER: _wrapped = login_required(sudo_required(_wrapped)) return _wrapped
def wrapped(func): @wraps(func) def _wrapped(request, *args, **kwargs): # All requests require authentication if not request.user.is_authenticated(): request.session['_next'] = request.get_full_path() return HttpResponseRedirect(get_login_url()) has_team = 'team_slug' in kwargs has_project = 'project_id' in kwargs team_slug = kwargs.pop('team_slug', None) project_id = kwargs.pop('project_id', None) # Pull in team if it's part of the URL arguments if team_slug: if request.user.is_superuser: try: team = Team.objects.get_from_cache(slug=team_slug) except Team.DoesNotExist: return HttpResponseRedirect(reverse('sentry')) else: team_list = Team.objects.get_for_user(request.user, access) try: team = team_list[team_slug] except KeyError: return HttpResponseRedirect(reverse('sentry')) else: team = None if project_id: # Support project id's if request.user.is_superuser: if project_id.isdigit(): lookup_kwargs = {'id': int(project_id)} elif team: lookup_kwargs = {'slug': project_id, 'team': team} else: return HttpResponseRedirect(reverse('sentry')) try: project = Project.objects.get_from_cache(**lookup_kwargs) except Project.DoesNotExist: if project_id.isdigit(): # It could be a numerical slug try: project = Project.objects.get_from_cache(slug=project_id) except Project.DoesNotExist: return HttpResponseRedirect(reverse('sentry')) else: return HttpResponseRedirect(reverse('sentry')) else: project_list = Project.objects.get_for_user(request.user, access, team=team) if project_id.isdigit(): key = 'id' value = int(project_id) elif team: key = 'slug' value = project_id else: return HttpResponseRedirect(reverse('sentry')) for p in project_list: if getattr(p, key) == value: project = p break else: return HttpResponseRedirect(reverse('sentry')) else: project = None if has_project: # ensure we're accessing this url correctly if project and team: if project.team_id != team.id: return HttpResponseRedirect(reverse('sentry')) project._team_cache = team kwargs['project'] = project if has_team: kwargs['team'] = team return func(request, *args, **kwargs) if access is MEMBER_OWNER: _wrapped = login_required(sudo_required(_wrapped)) return _wrapped
def wrapped(func): warnings.warn( '%s.%s is used deprecated @has_access' % (func.__module__, func.__name__), DeprecationWarning) @wraps(func) def _wrapped(request, *args, **kwargs): # All requests require authentication if not request.user.is_authenticated(): request.session['_next'] = request.get_full_path() if request.is_ajax(): return HttpResponse(status=401) if 'organization_slug' in kwargs: redirect_uri = reverse('sentry-auth-organization', args=[kwargs['organization_slug']]) else: redirect_uri = get_login_url() return HttpResponseRedirect(redirect_uri) has_org = 'organization_slug' in kwargs has_team = 'team_slug' in kwargs has_project = 'project_id' in kwargs organization_slug = kwargs.pop('organization_slug', None) team_slug = kwargs.pop('team_slug', None) project_id = kwargs.pop('project_id', None) assert not has_team or has_org, \ 'Must pass organization_slug with team_slug' if organization_slug: if not request.user.is_superuser: if has_team or has_project: org_access = None else: org_access = access org_list = Organization.objects.get_for_user( user=request.user, access=org_access, ) for o in org_list: if o.slug == organization_slug: organization = o break else: logging.debug( 'User %s is not listed in organization with slug %s', request.user.id, organization_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: try: organization = Organization.objects.get_from_cache( slug=organization_slug, ) except Organization.DoesNotExist: logging.debug( 'Organization with slug %s does not exist', organization_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: organization = None if team_slug: if not request.user.is_superuser: team_list = Team.objects.get_for_user( user=request.user, access=access, organization=organization, ) for t in team_list: if t.slug == team_slug: team = t break else: logging.debug( 'User %s is not listed in team with slug %s', request.user.id, team_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: try: team = Team.objects.get_from_cache( slug=team_slug, organization=organization, ) except Team.DoesNotExist: logging.debug('Team with slug %s does not exist', team_slug) if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: team = None if project_id: # Support project id's if project_id.isdigit(): lookup_kwargs = {'id': int(project_id)} elif organization: lookup_kwargs = { 'slug': project_id, 'organization': organization } else: return HttpResponseRedirect(reverse('sentry')) try: project = Project.objects.get_from_cache(**lookup_kwargs) except Project.DoesNotExist: if project_id.isdigit(): # It could be a numerical slug try: project = Project.objects.get_from_cache( slug=project_id) except Project.DoesNotExist: if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) if not request.user.is_superuser and not project.has_access( request.user, access=access): if request.is_ajax(): return HttpResponse(status=400) return HttpResponseRedirect(reverse('sentry')) else: project = None if has_project: kwargs['project'] = project if has_team: kwargs['team'] = team if has_org: kwargs['organization'] = organization return func(request, *args, **kwargs) if access == MEMBER_OWNER: _wrapped = login_required(sudo_required(_wrapped)) return _wrapped
qrcode_url = "user-twofactor-qrcode" def done(self, *args, **kwargs): out = super(TwoFactorSetupView, self).done(*args, **kwargs) messages.success(self.request, _("Two factor authentication has been enabled on your account.")) return out def get(self, request, *args, **kwargs): """A special GET request won't reset the wizard""" if "qr" in request.GET: return self.render(self.get_form()) else: return super(TwoFactorSetupView, self).get(request, *args, **kwargs) def get_context_data(self, **kwargs): context = super(TwoFactorSetupView, self).get_context_data(**kwargs) if self.steps.current == 'generator': context["secret"] = self.request.session[self.session_key_name] context["qr"] = int(self.request.GET.get("qr", "1")) return context backup_view = sudo_required(core.BackupTokensView.as_view(template_name="account/twofactor-backup.html", redirect_url="user-twofactor-backup")) disable_view = sudo_required(profile.DisableView.as_view(template_name="account/twofactor-disable.html", redirect_url="user-security")) login = anonymous_required(LoginView.as_view()) setup_view = sudo_required(TwoFactorSetupView.as_view()) qrcode_view = sudo_required(core.QRGeneratorView.as_view()) twofactor_view = profile.ProfileView.as_view(template_name="account/security.html")
def as_view(cls, **initkwargs): view = super(SudoMixin, cls).as_view(**initkwargs) return sudo_required(view)
) success_url = "user-twofactor-backup" qrcode_url = "user-twofactor-qrcode" def done(self, *args, **kwargs): out = super(TwoFactorSetupView, self).done(*args, **kwargs) messages.success(self.request, _("Two factor authentication has been enabled on your account.")) return out def get_context_data(self, **kwargs): context = super(TwoFactorSetupView, self).get_context_data(**kwargs) if self.steps.current == 'generator': context["secret"] = self.request.session[self.session_key_name] return context def post(self, *args, **kwargs): try: return super(TwoFactorSetupView, self).post(*args, **kwargs) except ValidationError: raise SuspiciousOperation("ManagementForm data is missing or has been tampered.") backup_view = sudo_required(core.BackupTokensView.as_view(template_name="account/twofactor-backup.html", success_url="user-twofactor-backup")) disable_view = sudo_required(profile.DisableView.as_view(template_name="account/twofactor-disable.html", success_url="user-security")) login = anonymous_required(LoginView.as_view()) setup_view = sudo_required(TwoFactorSetupView.as_view()) qrcode_view = sudo_required(core.QRGeneratorView.as_view()) twofactor_view = profile.ProfileView.as_view(template_name="account/security.html")