def openid_login_callback(request):
#构造需要检查签名的内容
OPENID_RESPONSE = dict(request.GET)
SIGNED_CONTENT = []
#import json
#print json.dumps(OPENID_RESPONSE, indent=4)
for k in OPENID_RESPONSE['openid.signed'][0].split(","):
response_data = OPENID_RESPONSE["openid.%s" % k]
SIGNED_CONTENT.append("%s:%s\n" % (k, response_data[0]))
SIGNED_CONTENT = "".join(SIGNED_CONTENT).encode("UTF-8")
# 使用associate请求获得的mac_key与SIGNED_CONTENT进行assoc_type hash,
# 检查是否与OpenID Server返回的一致
SIGNED_CONTENT_SIG = base64.b64encode(
hmac.new(base64.b64decode(request.session.get('mac_key', '')),
SIGNED_CONTENT, hashlib.sha256).digest())
if SIGNED_CONTENT_SIG != OPENID_RESPONSE['openid.sig'][0]:
return '认证失败,请重新登录验证'
request.session.pop('mac_key', None)
email = request.GET.get('openid.sreg.email', '')
fullname = request.GET.get('openid.sreg.fullname', '')
next_url = request.GET.get('next', '/')
login_user = User.objects.filter(username__iexact=email)
if login_user.exists():
login_user = login_user[0]
login_user.set_password("sentry_netease_openid_pwd")
login_user.name = fullname # update by hzwangzhiwei @20160329
login_user.save()
else:
#不存在数据,则增加数据数用户表
login_user = User(username=email, name=fullname, email=email)
login_user.set_password("sentry_netease_openid_pwd")
login_user.save() #save to db
# 如果不存在将这个人加入到组织member表中
if not OrganizationMember.objects.filter(
user=login_user, organization=Organization.get_default()).exists():
# 同时给他们默认的trace收集
# 将用户到组织中
orgMember = OrganizationMember(user=login_user,
organization=Organization.get_default())
orgMember.save()
orgMember = OrganizationMember.objects.get(
user=login_user, organization=Organization.get_default())
# 保存组织者到第一个小组
orgMemTeam = OrganizationMemberTeam(organizationmember=orgMember,
team=Team.objects.get(id=1))
orgMemTeam.save()
# HACK: grab whatever the first backend is and assume it works
login_user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, login_user)
# can_register should only allow a single registration
request.session.pop('can_register', None)
request.session.pop('needs_captcha', None)
return HttpResponseRedirect(next_url)
def handle(self, request):
if request.user.is_authenticated():
return self.redirect_to_org(request)
# Single org mode -- send them to the org-specific handler
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse('sentry-auth-organization',
args=[org.slug])
return HttpResponseRedirect(next_uri)
op = request.POST.get('op')
if op == 'sso' and request.POST.get('organization'):
auth_provider = self.get_auth_provider(request.POST['organization'])
if auth_provider:
next_uri = reverse('sentry-auth-organization',
args=[request.POST['organization']])
else:
next_uri = request.path
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(next_uri)
session_expired = 'session_expired' in request.COOKIES
if session_expired:
messages.add_message(request, messages.WARNING, WARN_SESSION_EXPIRED)
response = self.handle_basic_auth(request)
if session_expired:
response.delete_cookie('session_expired')
return response
def createuser(email, password, superuser, no_password, no_input):
"Create a new user."
if not no_input:
if not email:
email = _get_email()
if not (password or no_password):
password = _get_password()
if superuser is None:
superuser = _get_superuser()
if superuser is None:
superuser = False
if not email:
raise click.ClickException("Invalid or missing email address.")
# TODO(mattrobenolt): Accept password over stdin?
if not no_password and not password:
raise click.ClickException(
"No password set and --no-password not passed.")
from sentry import roles
from sentry.models import User
from django.conf import settings
user = User(email=email,
username=email,
is_superuser=superuser,
is_staff=superuser,
is_active=True)
if password:
user.set_password(password)
user.save()
click.echo("User created: %s" % (email, ))
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
from sentry.models import Organization, OrganizationMember, OrganizationMemberTeam, Team
org = Organization.get_default()
if superuser:
role = roles.get_top_dog().id
else:
role = org.default_role
member = OrganizationMember.objects.create(organization=org,
user=user,
role=role)
# if we've only got a single team let's go ahead and give
# access to that team as its likely the desired outcome
teams = list(Team.objects.filter(organization=org)[0:2])
if len(teams) == 1:
OrganizationMemberTeam.objects.create(team=teams[0],
organizationmember=member)
click.echo("Added to organization: %s" % (org.slug, ))
def get(self, request, *args, **kwargs):
"""
Get context required to show a login page. Registration is handled elsewhere.
"""
if request.user.is_authenticated:
# if the user is a superuser, but not 'superuser authenticated' we
# allow them to re-authenticate to gain superuser status
if not request.user.is_superuser or is_active_superuser(request):
return self.respond_authenticated(request)
next_uri = self.get_next_uri(request)
# we always reset the state on GET so you don't end up at an odd location
auth.initiate_login(request, next_uri)
# Auth login verifies the test cookie is set
request.session.set_test_cookie()
# Single org mode -- send them to the org-specific handler
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
return Response({
"nextUri":
reverse("sentry-auth-organization", args=[org.slug])
})
session_expired = "session_expired" in request.COOKIES
payload = self.prepare_login_context(request, *args, **kwargs)
response = Response(payload)
if session_expired:
response.delete_cookie("session_expired")
return response
def get(self, request, *args, **kwargs):
next_uri = self.get_next_uri(request, *args, **kwargs)
if request.user.is_authenticated():
# if the user is a superuser, but not 'superuser authenticated'
# we allow them to re-authenticate to gain superuser status
if not request.user.is_superuser or is_active_superuser(request):
return self.handle_authenticated(request, *args, **kwargs)
request.session.set_test_cookie()
# we always reset the state on GET so you dont end up at an odd location
auth.initiate_login(request, next_uri)
# Single org mode -- send them to the org-specific handler
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse('sentry-auth-organization', args=[org.slug])
return HttpResponseRedirect(next_uri)
session_expired = 'session_expired' in request.COOKIES
if session_expired:
messages.add_message(request, messages.WARNING,
WARN_SESSION_EXPIRED)
response = self.handle_basic_auth(request, *args, **kwargs)
if session_expired:
response.delete_cookie('session_expired')
return response
def get(self, request, **kwargs):
next_uri = self.get_next_uri(request)
if request.user.is_authenticated():
# if the user is a superuser, but not 'superuser authenticated'
# we allow them to re-authenticate to gain superuser status
if not request.user.is_superuser or is_active_superuser(request):
return self.handle_authenticated(request)
request.session.set_test_cookie()
# we always reset the state on GET so you dont end up at an odd location
auth.initiate_login(request, next_uri)
# Single org mode -- send them to the org-specific handler
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse("sentry-auth-organization", args=[org.slug])
return HttpResponseRedirect(next_uri)
session_expired = "session_expired" in request.COOKIES
if session_expired:
messages.add_message(request, messages.WARNING, WARN_SESSION_EXPIRED)
response = self.handle_basic_auth(request, **kwargs)
if session_expired:
response.delete_cookie("session_expired")
return response
def org_delete_confirm(request):
from sentry.models import AuditLogEntry
org = Organization.get_default()
entry = AuditLogEntry(
organization=org,
actor=request.user,
ip_address=request.META['REMOTE_ADDR'],
)
return MailPreview(
html_template='sentry/emails/org_delete_confirm.html',
text_template='sentry/emails/org_delete_confirm.txt',
context={
'organization':
org,
'audit_log_entry':
entry,
'eta':
timezone.now() + timedelta(days=1),
'url':
absolute_uri(
reverse(
'sentry-restore-organization',
args=[org.slug],
)),
},
).render(request)
def register(request):
from django.conf import settings
if not (features.has('auth:register') or request.session.get('can_register')):
return HttpResponseRedirect(reverse('sentry'))
form = RegistrationForm(request.POST or None,
captcha=bool(request.session.get('needs_captcha')))
if form.is_valid():
user = form.save()
# TODO(dcramer): ideally this would be handled by a special view
# specifically for organization registration
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
defaults = {
'has_global_access': True,
'type': OrganizationMemberType.MEMBER,
}
try:
auth_provider = AuthProvider.objects.get(
organization=org.id,
)
except AuthProvider.DoesNotExist:
pass
else:
defaults.update({
'has_global_access': auth_provider.default_global_access,
'type': auth_provider.default_role,
})
org.member_set.create(
user=user,
**defaults
)
# can_register should only allow a single registration
request.session.pop('can_register', None)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
login_user(request, user)
request.session.pop('needs_captcha', None)
return login_redirect(request)
elif request.POST and not request.session.get('needs_captcha'):
request.session['needs_captcha'] = 1
form = RegistrationForm(request.POST or None, captcha=True)
form.errors.pop('captcha', None)
return render_to_response('sentry/register.html', {
'form': form,
}, request)
def createuser(email, password, superuser, no_password, no_input):
"Create a new user."
if not no_input:
if not email:
email = _get_email()
if not (password or no_password):
password = _get_password()
if superuser is None:
superuser = _get_superuser()
if superuser is None:
superuser = False
if not email:
raise click.ClickException('Invalid or missing email address.')
# TODO(mattrobenolt): Accept password over stdin?
if not no_password and not password:
raise click.ClickException(
'No password set and --no-password not passed.')
from sentry import roles
from sentry.models import User
from django.conf import settings
user = User(
email=email,
username=email,
is_superuser=superuser,
is_staff=superuser,
is_active=True,
)
if password:
user.set_password(password)
user.save()
click.echo('User created: %s' % (email, ))
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
from sentry.models import Organization, OrganizationMember
org = Organization.get_default()
if superuser:
role = roles.get_top_dog().id
else:
role = org.default_role
OrganizationMember.objects.create(
organization=org,
user=user,
role=role,
)
click.echo('Added to organization: %s' % (org.slug, ))
def createuser(email, password, superuser, no_password, no_input):
"Create a new user."
if not no_input:
if not email:
email = _get_email()
if not (password or no_password):
password = _get_password()
if superuser is None:
superuser = _get_superuser()
if superuser is None:
superuser = False
if not email:
raise click.ClickException('Invalid or missing email address.')
# TODO(mattrobenolt): Accept password over stdin?
if not no_password and not password:
raise click.ClickException('No password set and --no-password not passed.')
from sentry import roles
from sentry.models import User
from django.conf import settings
user = User(
email=email,
username=email,
is_superuser=superuser,
is_staff=superuser,
is_active=True,
)
if password:
user.set_password(password)
user.save()
click.echo('User created: %s' % (email,))
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
from sentry.models import Organization, OrganizationMember
org = Organization.get_default()
if superuser:
role = roles.get_top_dog().id
else:
role = org.default_role
OrganizationMember.objects.create(
organization=org,
user=user,
role=role,
)
click.echo('Added to organization: %s' % (org.slug,))
def register(request):
from django.conf import settings
if not (features.has('auth:register')
or request.session.get('can_register')):
return HttpResponseRedirect(reverse('sentry'))
form = RegistrationForm(request.POST or None,
captcha=bool(request.session.get('needs_captcha')))
if form.is_valid():
user = form.save()
# TODO(dcramer): ideally this would be handled by a special view
# specifically for organization registration
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
defaults = {
'has_global_access': True,
'type': OrganizationMemberType.MEMBER,
}
try:
auth_provider = AuthProvider.objects.get(organization=org.id, )
except AuthProvider.DoesNotExist:
pass
else:
defaults.update({
'has_global_access': auth_provider.default_global_access,
'type': auth_provider.default_role,
})
org.member_set.create(user=user, **defaults)
# can_register should only allow a single registration
request.session.pop('can_register', None)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
login_user(request, user)
request.session.pop('needs_captcha', None)
return login_redirect(request)
elif request.POST and not request.session.get('needs_captcha'):
request.session['needs_captcha'] = 1
form = RegistrationForm(request.POST or None, captcha=True)
form.errors.pop('captcha', None)
return render_to_response('sentry/register.html', {
'form': form,
}, request)
def handle(self, **options):
email = options['email']
is_superuser = options['is_superuser']
password = options['password']
if not options['noinput']:
try:
if not email:
email = self.get_email()
if not (password or options['nopassword']):
password = self.get_password()
if is_superuser is None:
is_superuser = self.get_superuser()
except KeyboardInterrupt:
self.stderr.write("\nOperation cancelled.")
sys.exit(1)
if not email:
raise CommandError('Invalid or missing email address')
if not options['nopassword'] and not password:
raise CommandError('No password set and --no-password not passed')
user = User(
email=email,
username=email,
is_superuser=is_superuser,
is_staff=is_superuser,
is_active=True,
)
if password:
user.set_password(password)
user.save()
self.stdout.write('User created: %s' % (email,))
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
OrganizationMember.objects.create(
organization=org,
user=user,
type=OrganizationMemberType.OWNER,
has_global_access=user.is_superuser,
)
self.stdout.write('Added to organization: %s' % (org.slug,))
def handle(self, **options):
email = options['email']
is_superuser = options['is_superuser']
password = options['password']
if not options['noinput']:
try:
if not email:
email = self.get_email()
if not (password or options['nopassword']):
password = self.get_password()
if is_superuser is None:
is_superuser = self.get_superuser()
except KeyboardInterrupt:
self.stderr.write("\nOperation cancelled.")
sys.exit(1)
if not email:
raise CommandError('Invalid or missing email address')
if not options['nopassword'] and not password:
raise CommandError('No password set and --no-password not passed')
user = User(
email=email,
username=email,
is_superuser=is_superuser,
is_staff=is_superuser,
is_active=True,
)
if password:
user.set_password(password)
user.save()
self.stdout.write('User created: %s' % (email, ))
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
OrganizationMember.objects.create(
organization=org,
user=user,
type=OrganizationMemberType.OWNER,
has_global_access=user.is_superuser,
)
self.stdout.write('Added to organization: %s' % (org.slug, ))
def org_delete_confirm(request):
from sentry.models import AuditLogEntry
org = Organization.get_default()
entry = AuditLogEntry(
organization=org, actor=request.user, ip_address=request.META["REMOTE_ADDR"]
)
return MailPreview(
html_template="sentry/emails/org_delete_confirm.html",
text_template="sentry/emails/org_delete_confirm.txt",
context={
"organization": org,
"audit_log_entry": entry,
"eta": timezone.now() + timedelta(days=1),
"url": absolute_uri(reverse("sentry-restore-organization", args=[org.slug])),
},
).render(request)
def handle(self, request):
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse('sentry-auth-organization',
args=[org.slug])
return HttpResponseRedirect(next_uri)
if request.POST.get('op') == 'sso' and request.POST.get('organization'):
auth_provider = self.get_auth_provider(request.POST['organization'])
if auth_provider:
next_uri = reverse('sentry-auth-organization',
args=[request.POST['organization']])
else:
next_uri = request.path
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(next_uri)
return self.handle_basic_auth(request)
def handle(self, request):
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse('sentry-auth-organization', args=[org.slug])
return HttpResponseRedirect(next_uri)
if request.POST.get('op') == 'sso' and request.POST.get(
'organization'):
auth_provider = self.get_auth_provider(
request.POST['organization'])
if auth_provider:
next_uri = reverse('sentry-auth-organization',
args=[request.POST['organization']])
else:
next_uri = request.path
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(next_uri)
return self.handle_basic_auth(request)
def handle(self, request):
next_uri = request.GET.get(REDIRECT_FIELD_NAME, None)
if request.user.is_authenticated():
if auth.is_valid_redirect(next_uri):
return self.redirect(next_uri)
return self.redirect_to_org(request)
request.session.set_test_cookie()
if next_uri:
auth.initiate_login(request, next_uri)
# Single org mode -- send them to the org-specific handler
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse("sentry-auth-organization", args=[org.slug])
return HttpResponseRedirect(next_uri)
op = request.POST.get("op")
if op == "sso" and request.POST.get("organization"):
auth_provider = self.get_auth_provider(request.POST["organization"])
if auth_provider:
next_uri = reverse("sentry-auth-organization", args=[request.POST["organization"]])
else:
next_uri = request.path
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(next_uri)
session_expired = "session_expired" in request.COOKIES
if session_expired:
messages.add_message(request, messages.WARNING, WARN_SESSION_EXPIRED)
response = self.handle_basic_auth(request)
if session_expired:
response.delete_cookie("session_expired")
return response
def org_delete_confirm(request):
from sentry.models import AuditLogEntry
org = Organization.get_default()
entry = AuditLogEntry(
organization=org,
actor=request.user,
ip_address=request.META['REMOTE_ADDR'],
)
return MailPreview(
html_template='sentry/emails/org_delete_confirm.html',
text_template='sentry/emails/org_delete_confirm.txt',
context={
'organization': org,
'audit_log_entry': entry,
'eta': timezone.now() + timedelta(days=1),
'url': absolute_uri(reverse(
'sentry-restore-organization',
args=[org.slug],
)),
},
).render(request)
def handle_basic_auth(self, request, **kwargs):
can_register = self.can_register(request)
op = request.POST.get("op")
organization = kwargs.pop("organization", None)
if not op:
# Detect that we are on the register page by url /register/ and
# then activate the register tab by default.
if "/register" in request.path_info and can_register:
op = "register"
elif request.GET.get("op") == "sso":
op = "sso"
login_form = self.get_login_form(request)
if can_register:
register_form = self.get_register_form(
request, initial={"username": request.session.get("invite_email", "")}
)
else:
register_form = None
if can_register and register_form.is_valid():
user = register_form.save()
user.send_confirm_emails(is_new_user=True)
user_signup.send_robust(
sender=self, user=user, source="register-form", referrer="in-app"
)
# HACK: grab whatever the first backend is and assume it works
user.backend = settings.AUTHENTICATION_BACKENDS[0]
auth.login(request, user, organization_id=organization.id if organization else None)
# can_register should only allow a single registration
request.session.pop("can_register", None)
request.session.pop("invite_email", None)
# In single org mode, associate the user to the orgnaization
if settings.SENTRY_SINGLE_ORGANIZATION:
organization = Organization.get_default()
OrganizationMember.objects.create(
organization=organization, role=organization.default_role, user=user
)
# Attempt to directly accept any pending invites
invite_helper = ApiInviteHelper.from_cookie(request=request, instance=self)
if invite_helper and invite_helper.valid_request:
invite_helper.accept_invite()
response = self.redirect_to_org(request)
remove_invite_cookie(request, response)
return response
return self.redirect(auth.get_login_redirect(request))
elif request.method == "POST":
from sentry.app import ratelimiter
from sentry.utils.hashlib import md5_text
login_attempt = (
op == "login" and request.POST.get("username") and request.POST.get("password")
)
if login_attempt and ratelimiter.is_limited(
u"auth:login:username:{}".format(
md5_text(login_form.clean_username(request.POST["username"])).hexdigest()
),
limit=10,
window=60, # 10 per minute should be enough for anyone
):
login_form.errors["__all__"] = [
u"You have made too many login attempts. Please try again later."
]
metrics.incr(
"login.attempt", instance="rate_limited", skip_internal=True, sample_rate=1.0
)
elif login_form.is_valid():
user = login_form.get_user()
auth.login(request, user, organization_id=organization.id if organization else None)
metrics.incr(
"login.attempt", instance="success", skip_internal=True, sample_rate=1.0
)
if not user.is_active:
return self.redirect(reverse("sentry-reactivate-account"))
return self.redirect(auth.get_login_redirect(request))
else:
metrics.incr(
"login.attempt", instance="failure", skip_internal=True, sample_rate=1.0
)
context = {
"op": op or "login",
"server_hostname": get_server_hostname(),
"login_form": login_form,
"organization": organization,
"register_form": register_form,
"CAN_REGISTER": can_register,
"join_request_link": self.get_join_request_link(organization),
}
context.update(additional_context.run_callbacks(request))
return self.respond_login(request, context, **kwargs)
def createuser(email, password, superuser, no_password, no_input, force_update):
"Create a new user."
if not no_input:
if not email:
email = _get_email()
if not (password or no_password):
password = _get_password()
if superuser is None:
superuser = _get_superuser()
if superuser is None:
superuser = False
if not email:
raise click.ClickException("Invalid or missing email address.")
# TODO(mattrobenolt): Accept password over stdin?
if not no_password and not password:
raise click.ClickException("No password set and --no-password not passed.")
from django.conf import settings
from sentry import roles
from sentry.models import User
fields = dict(
email=email, username=email, is_superuser=superuser, is_staff=superuser, is_active=True
)
verb = None
try:
user = User.objects.get(username=email)
except User.DoesNotExist:
user = None
if user is not None:
if force_update:
user.update(**fields)
verb = "updated"
else:
click.echo(f"User: {email} exists, use --force-update to force")
sys.exit(3)
else:
user = User.objects.create(**fields)
verb = "created"
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
from sentry.models import Organization, OrganizationMember, OrganizationMemberTeam, Team
org = Organization.get_default()
if superuser:
role = roles.get_top_dog().id
else:
role = org.default_role
member = OrganizationMember.objects.create(organization=org, user=user, role=role)
# if we've only got a single team let's go ahead and give
# access to that team as its likely the desired outcome
teams = list(Team.objects.filter(organization=org)[0:2])
if len(teams) == 1:
OrganizationMemberTeam.objects.create(team=teams[0], organizationmember=member)
click.echo(f"Added to organization: {org.slug}")
if password:
user.set_password(password)
user.save()
click.echo(f"User {verb}: {email}")
def createuser(email, password, superuser, no_password, no_input):
"Create a new user."
if not no_input:
if not email:
email = _get_email()
if not (password or no_password):
password = _get_password()
if superuser is None:
superuser = _get_superuser()
if superuser is None:
superuser = False
if not email:
raise click.ClickException('Invalid or missing email address.')
# TODO(mattrobenolt): Accept password over stdin?
if not no_password and not password:
raise click.ClickException('No password set and --no-password not passed.')
from sentry import roles
from sentry.models import User
from django.conf import settings
user = User(
email=email,
username=email,
is_superuser=superuser,
is_staff=superuser,
is_active=True,
)
if password:
user.set_password(password)
user.save()
click.echo('User created: %s' % (email, ))
# TODO(dcramer): kill this when we improve flows
if settings.SENTRY_SINGLE_ORGANIZATION:
from sentry.models import (Organization, OrganizationMember, OrganizationMemberTeam, Team)
org = Organization.get_default()
if superuser:
role = roles.get_top_dog().id
else:
role = org.default_role
member = OrganizationMember.objects.create(
organization=org,
user=user,
role=role,
)
# if we've only got a single team let's go ahead and give
# access to that team as its likely the desired outcome
teams = list(Team.objects.filter(organization=org)[0:2])
if len(teams) == 1:
OrganizationMemberTeam.objects.create(
team=teams[0],
organizationmember=member,
)
click.echo('Added to organization: %s' % (org.slug, ))
