def handle_authed(self, request, organization, auth_provider):
try:
om = OrganizationMember.objects.get(
organization=organization,
user=request.user,
)
except OrganizationMember.DoesNotExist:
auth_logger.debug('User does is not a member of organization: %s',
organization.slug)
messages.add_message(
request, messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry'))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LINK_IDENTITY,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/auth-link-identity.html', context)
def handle_sso(self, request, organization, auth_provider):
# if they're authenticated we want them to go through the standard
# link flow
if request.user.is_authenticated():
return self.redirect(reverse('sentry-auth-link-identity',
args=[organization.slug]))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'CAN_REGISTER': False,
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def handle_sso(self, request, organization, auth_provider):
# if they're authenticated we want them to go through the standard
# link flow
if request.user.is_authenticated():
return self.redirect(
reverse('sentry-auth-link-identity', args=[organization.slug]))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'CAN_REGISTER': False,
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def handle(self, request, organization_slug):
try:
organization = Organization.objects.get(slug=organization_slug)
except Organization.DoesNotExist:
return self.redirect(reverse('sentry-login'))
try:
auth_provider = AuthProvider.objects.get(organization=organization)
except AuthProvider.DoesNotExist:
return self.redirect(reverse('sentry-login'))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def handle_sso(self, request, organization, auth_provider):
if request.method == "POST":
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
if request.POST.get("init"):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error(
"Something unexpected happened during authentication.")
return helper.current_step()
provider = auth_provider.get_provider()
context = {
"CAN_REGISTER": False,
"organization": organization,
"provider_key": provider.key,
"provider_name": provider.name,
"authenticated": request.user.is_authenticated(),
}
return self.respond("sentry/organization-login.html", context)
def handle(self, request, organization_slug):
try:
organization = Organization.objects.get(
slug=organization_slug
)
except Organization.DoesNotExist:
return self.redirect(reverse('sentry-login'))
try:
auth_provider = AuthProvider.objects.get(
organization=organization
)
except AuthProvider.DoesNotExist:
return self.redirect(reverse('sentry-login'))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def handle_authed(self, request, organization, auth_provider):
om = OrganizationMember.objects.filter(
organization=organization,
user=request.user,
)
if not om.exists():
auth_logger.debug('User does is not a member of organization: %s',
organization.slug)
messages.add_message(
request,
messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry'))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LINK_IDENTITY,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/auth-link-identity.html', context)
def handle(self, request, organization):
if not features.has('organizations:sso', organization, actor=request.user):
messages.add_message(
request,
messages.ERROR,
ERR_NO_SSO,
)
return HttpResponseRedirect(
reverse('sentry-organization-home', args=[organization.slug])
)
try:
auth_provider = AuthProvider.objects.get(
organization=organization,
)
except AuthProvider.DoesNotExist:
pass
else:
return self.handle_existing_provider(
request=request,
organization=organization,
auth_provider=auth_provider,
)
if request.method == 'POST':
provider_key = request.POST.get('provider')
if not manager.exists(provider_key):
raise ValueError('Provider not found: {}'.format(provider_key))
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
# render first time setup view
return helper.current_step()
provider_list = []
for k, v in manager:
if issubclass(v, SAML2Provider):
if not HAS_SAML2:
continue
if not features.has('organizations:saml2', organization, actor=request.user):
continue
provider_list.append((k, v.name))
context = {
'provider_list': provider_list,
}
return self.respond('sentry/organization-auth-settings.html', context)
def handle_sso(self, request, organization, auth_provider):
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
return helper.current_step()
provider = auth_provider.get_provider()
context = {
'CAN_REGISTER': False,
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
'authenticated': request.user.is_authenticated(),
}
return self.respond('sentry/organization-login.html', context)
def handle_sso(self, request, organization, auth_provider):
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
return helper.current_step()
provider = auth_provider.get_provider()
context = {
'CAN_REGISTER': False,
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def dispatch(self, request, organization_slug):
from sentry.auth.helper import AuthHelper
helper = AuthHelper.get_for_request(request)
# SP initiated authentication, request helper is provided
if helper:
from sentry.web.frontend.auth_provider_login import AuthProviderLoginView
sso_login = AuthProviderLoginView()
return sso_login.handle(request)
# IdP initiated authentication. The organizatio_slug must be valid and
# an auth provider must exist for this organization to proceed with
# IdP initiated SAML auth.
try:
organization = Organization.objects.get(slug=organization_slug)
except Organization.DoesNotExist:
messages.add_message(request, messages.ERROR, ERR_NO_SAML_SSO)
return self.redirect(reverse('sentry-login'))
try:
auth_provider = AuthProvider.objects.get(organization=organization)
except AuthProvider.DoesNotExist:
messages.add_message(request, messages.ERROR, ERR_NO_SAML_SSO)
return self.redirect(reverse('sentry-login'))
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.current_step()
def handle(self, request, organization):
try:
auth_provider = AuthProvider.objects.get(
organization=organization,
)
except AuthProvider.DoesNotExist:
pass
else:
provider = auth_provider.get_provider()
requires_feature = provider.required_feature
# Provider is not enabled
# Allow superusers to edit and disable SSO for orgs that
# downgrade plans and can no longer access the feature
if requires_feature and not features.has(
requires_feature,
organization,
actor=request.user
) and not is_active_superuser(request):
home_url = reverse('sentry-organization-home', args=[organization.slug])
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(home_url)
return self.handle_existing_provider(
request=request,
organization=organization,
auth_provider=auth_provider,
)
if request.method == 'POST':
provider_key = request.POST.get('provider')
if not manager.exists(provider_key):
raise ValueError(u'Provider not found: {}'.format(provider_key))
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
feature = helper.provider.required_feature
if feature and not features.has(feature, organization, actor=request.user):
return HttpResponse('Provider is not enabled', status=401)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
# render first time setup view
return helper.current_step()
# Otherwise user is in bad state since frontend/react should handle this case
return HttpResponseRedirect(
reverse('sentry-organization-home', args=[organization.slug])
)
def handle(self, request, organization):
try:
auth_provider = AuthProvider.objects.get(
organization=organization,
)
except AuthProvider.DoesNotExist:
pass
else:
provider = auth_provider.get_provider()
requires_feature = provider.required_feature
# Provider is not enabled
# Allow superusers to edit and disable SSO for orgs that
# downgrade plans and can no longer access the feature
if requires_feature and not features.has(
requires_feature,
organization,
actor=request.user
) and not is_active_superuser(request):
home_url = organization.get_url()
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(home_url)
return self.handle_existing_provider(
request=request,
organization=organization,
auth_provider=auth_provider,
)
if request.method == 'POST':
provider_key = request.POST.get('provider')
if not manager.exists(provider_key):
raise ValueError(u'Provider not found: {}'.format(provider_key))
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
feature = helper.provider.required_feature
if feature and not features.has(feature, organization, actor=request.user):
return HttpResponse('Provider is not enabled', status=401)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
# render first time setup view
return helper.current_step()
# Otherwise user is in bad state since frontend/react should handle this case
return HttpResponseRedirect(
organization.get_url()
)
def handle_provider_setup(self, request, organization, provider_key):
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
helper.init_pipeline()
return helper.next_step()
def handle_provider_setup(self, request, organization, provider_key):
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
helper.init_pipeline()
return helper.next_step()
def handle(self, request, organization_slug):
try:
organization = Organization.objects.get(
slug=organization_slug
)
except Organization.DoesNotExist:
messages.add_message(
request, messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry'))
try:
om = OrganizationMember.objects.get(
organization=organization,
user=request.user,
)
except OrganizationMember.DoesNotExist():
messages.add_message(
request, messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry'))
try:
auth_provider = AuthProvider.objects.get(
organization=organization
)
except AuthProvider.DoesNotExist:
messages.add_message(
request, messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry-organization-home',
args=[organization.slug]))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LINK_IDENTITY,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/auth-link-identity.html', context)
def handle(self, request, organization_slug):
try:
organization = Organization.objects.get(slug=organization_slug)
except Organization.DoesNotExist:
messages.add_message(
request,
messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry'))
try:
om = OrganizationMember.objects.get(
organization=organization,
user=request.user,
)
except OrganizationMember.DoesNotExist:
messages.add_message(
request,
messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(reverse('sentry'))
try:
auth_provider = AuthProvider.objects.get(organization=organization)
except AuthProvider.DoesNotExist:
messages.add_message(
request,
messages.ERROR,
ERR_LINK_INVALID,
)
return self.redirect(
reverse('sentry-organization-home', args=[organization.slug]))
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LINK_IDENTITY,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/auth-link-identity.html', context)
def handle(self, request, organization):
if not features.has('organizations:sso-basic', organization, actor=request.user):
messages.add_message(
request,
messages.ERROR,
ERR_NO_SSO,
)
return HttpResponseRedirect(
reverse('sentry-organization-home', args=[organization.slug])
)
try:
auth_provider = AuthProvider.objects.get(
organization=organization,
)
except AuthProvider.DoesNotExist:
pass
else:
return self.handle_existing_provider(
request=request,
organization=organization,
auth_provider=auth_provider,
)
if request.method == 'POST':
provider_key = request.POST.get('provider')
if not manager.exists(provider_key):
raise ValueError(u'Provider not found: {}'.format(provider_key))
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
feature = helper.provider.required_feature
if feature and not features.has(feature, organization, actor=request.user):
return HttpResponse('Provider is not enabled', status=401)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
# render first time setup view
return helper.current_step()
# Otherwise user is in bad state since frontend/react should handle this case
return HttpResponseRedirect(
reverse('sentry-organization-home', args=[organization.slug])
)
def handle_sso(self, request, organization, auth_provider):
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'CAN_REGISTER': False,
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def handle_sso(self, request, organization, auth_provider):
if request.method == 'POST':
helper = AuthHelper(
request=request,
organization=organization,
auth_provider=auth_provider,
flow=AuthHelper.FLOW_LOGIN,
)
helper.init_pipeline()
return helper.next_step()
provider = auth_provider.get_provider()
context = {
'CAN_REGISTER': False,
'organization': organization,
'provider_key': provider.key,
'provider_name': provider.name,
}
return self.respond('sentry/organization-login.html', context)
def handle(self, request, organization):
if not features.has('organizations:sso', organization, actor=request.user):
messages.add_message(
request,
messages.ERROR,
ERR_NO_SSO,
)
return HttpResponseRedirect(
reverse('sentry-organization-home', args=[organization.slug])
)
try:
auth_provider = AuthProvider.objects.get(
organization=organization,
)
except AuthProvider.DoesNotExist:
pass
else:
return self.handle_existing_provider(
request=request,
organization=organization,
auth_provider=auth_provider,
)
if request.method == 'POST':
provider_key = request.POST.get('provider')
if not manager.exists(provider_key):
raise ValueError('Provider not found: {}'.format(provider_key))
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
feature = helper.provider.required_feature
if feature and not features.has(feature, organization, actor=request.user):
return HttpResponse('Provider is not enabled', status=401)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
# render first time setup view
return helper.current_step()
provider_list = []
for k, v in manager:
if issubclass(v, SAML2Provider) and not HAS_SAML2:
continue
feature = v.required_feature
if feature and not features.has(feature, organization, actor=request.user):
continue
provider_list.append((k, v.name))
context = {
'provider_list': provider_list,
}
return self.respond('sentry/organization-auth-settings.html', context)
