Exemplo n.º 1
0
    def wrapped(func):
        warnings.warn(
            '%s.%s is used deprecated @has_access' % (func.__module__, func.__name__),
            DeprecationWarning)

        @wraps(func)
        def _wrapped(request, *args, **kwargs):
            # All requests require authentication
            if not request.user.is_authenticated():
                request.session['_next'] = request.get_full_path()
                if request.is_ajax():
                    return HttpResponse(status=401)
                return HttpResponseRedirect(get_login_url())

            has_org = 'organization_slug' in kwargs
            has_team = 'team_slug' in kwargs
            has_project = 'project_id' in kwargs

            organization_slug = kwargs.pop('organization_slug', None)
            team_slug = kwargs.pop('team_slug', None)
            project_id = kwargs.pop('project_id', None)

            assert not has_team or has_org, \
                'Must pass organization_slug with team_slug'

            if organization_slug:
                if not request.user.is_superuser:
                    if has_team or has_project:
                        org_access = None
                    else:
                        org_access = access
                    org_list = Organization.objects.get_for_user(
                        user=request.user,
                        access=org_access,
                    )

                    for o in org_list:
                        if o.slug == organization_slug:
                            organization = o
                            break
                    else:
                        logging.debug('User %s is not listed in organization with slug %s', request.user.id, organization_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

                else:
                    try:
                        organization = Organization.objects.get_from_cache(
                            slug=organization_slug,
                        )
                    except Organization.DoesNotExist:
                        logging.debug('Organization with slug %s does not exist', organization_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

            else:
                organization = None

            if team_slug:
                if not request.user.is_superuser:
                    team_list = Team.objects.get_for_user(
                        user=request.user,
                        access=access,
                        organization=organization,
                    )

                    for t in team_list:
                        if t.slug == team_slug:
                            team = t
                            break
                    else:
                        logging.debug('User %s is not listed in team with slug %s', request.user.id, team_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

                else:
                    try:
                        team = Team.objects.get_from_cache(
                            slug=team_slug,
                            organization=organization,
                        )
                    except Team.DoesNotExist:
                        logging.debug('Team with slug %s does not exist', team_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

            else:
                team = None

            if project_id:
                # Support project id's
                if project_id.isdigit():
                    lookup_kwargs = {'id': int(project_id)}
                elif organization:
                    lookup_kwargs = {'slug': project_id, 'organization': organization}
                else:
                    return HttpResponseRedirect(reverse('sentry'))

                try:
                    project = Project.objects.get_from_cache(**lookup_kwargs)
                except Project.DoesNotExist:
                    if project_id.isdigit():
                        # It could be a numerical slug
                        try:
                            project = Project.objects.get_from_cache(slug=project_id)
                        except Project.DoesNotExist:
                            if request.is_ajax():
                                return HttpResponse(status=400)
                            return HttpResponseRedirect(reverse('sentry'))
                    else:
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

                if not request.user.is_superuser and not project.has_access(request.user, access=access):
                    if request.is_ajax():
                        return HttpResponse(status=400)
                    return HttpResponseRedirect(reverse('sentry'))
            else:
                project = None

            if has_project:
                kwargs['project'] = project

            if has_team:
                kwargs['team'] = team

            if has_org:
                kwargs['organization'] = organization

            return func(request, *args, **kwargs)

        if access == MEMBER_OWNER:
            _wrapped = login_required(sudo_required(_wrapped))
        return _wrapped
Exemplo n.º 2
0
    def wrapped(func):
        @wraps(func)
        def _wrapped(request, *args, **kwargs):
            # All requests require authentication
            if not request.user.is_authenticated():
                request.session['_next'] = request.get_full_path()
                return HttpResponseRedirect(get_login_url())

            has_team = 'team_slug' in kwargs
            has_project = 'project_id' in kwargs

            team_slug = kwargs.pop('team_slug', None)
            project_id = kwargs.pop('project_id', None)

            # Pull in team if it's part of the URL arguments
            if team_slug:
                if request.user.is_superuser:
                    try:
                        team = Team.objects.get_from_cache(slug=team_slug)
                    except Team.DoesNotExist:
                        return HttpResponseRedirect(reverse('sentry'))
                else:
                    team_list = Team.objects.get_for_user(request.user, access)

                    try:
                        team = team_list[team_slug]
                    except KeyError:
                        return HttpResponseRedirect(reverse('sentry'))
            else:
                team = None

            if project_id:
                # Support project id's
                if request.user.is_superuser:
                    if project_id.isdigit():
                        lookup_kwargs = {'id': int(project_id)}
                    elif team:
                        lookup_kwargs = {'slug': project_id, 'team': team}
                    else:
                        return HttpResponseRedirect(reverse('sentry'))

                    try:
                        project = Project.objects.get_from_cache(**lookup_kwargs)
                    except Project.DoesNotExist:
                        if project_id.isdigit():
                            # It could be a numerical slug
                            try:
                                project = Project.objects.get_from_cache(slug=project_id)
                            except Project.DoesNotExist:
                                return HttpResponseRedirect(reverse('sentry'))
                        else:
                            return HttpResponseRedirect(reverse('sentry'))
                else:
                    project_list = Project.objects.get_for_user(request.user, access, team=team)

                    if project_id.isdigit():
                        key = 'id'
                        value = int(project_id)
                    elif team:
                        key = 'slug'
                        value = project_id
                    else:
                        return HttpResponseRedirect(reverse('sentry'))

                    for p in project_list:
                        if getattr(p, key) == value:
                            project = p
                            break
                    else:
                        return HttpResponseRedirect(reverse('sentry'))
            else:
                project = None

            if has_project:
                # ensure we're accessing this url correctly
                if project and team:
                    if project.team_id != team.id:
                        return HttpResponseRedirect(reverse('sentry'))
                    project._team_cache = team

                kwargs['project'] = project

            if has_team:
                kwargs['team'] = team

            return func(request, *args, **kwargs)

        if access is MEMBER_OWNER:
            _wrapped = login_required(sudo_required(_wrapped))
        return _wrapped
    def wrapped(func):
        warnings.warn(
            '%s.%s is used deprecated @has_access' %
            (func.__module__, func.__name__), DeprecationWarning)

        @wraps(func)
        def _wrapped(request, *args, **kwargs):
            # All requests require authentication
            if not request.user.is_authenticated():
                request.session['_next'] = request.get_full_path()
                if request.is_ajax():
                    return HttpResponse(status=401)

                if 'organization_slug' in kwargs:
                    redirect_uri = reverse('sentry-auth-organization',
                                           args=[kwargs['organization_slug']])
                else:
                    redirect_uri = get_login_url()
                return HttpResponseRedirect(redirect_uri)

            has_org = 'organization_slug' in kwargs
            has_team = 'team_slug' in kwargs
            has_project = 'project_id' in kwargs

            organization_slug = kwargs.pop('organization_slug', None)
            team_slug = kwargs.pop('team_slug', None)
            project_id = kwargs.pop('project_id', None)

            assert not has_team or has_org, \
                'Must pass organization_slug with team_slug'

            if organization_slug:
                if not request.user.is_superuser:
                    if has_team or has_project:
                        org_access = None
                    else:
                        org_access = access
                    org_list = Organization.objects.get_for_user(
                        user=request.user,
                        access=org_access,
                    )

                    for o in org_list:
                        if o.slug == organization_slug:
                            organization = o
                            break
                    else:
                        logging.debug(
                            'User %s is not listed in organization with slug %s',
                            request.user.id, organization_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

                else:
                    try:
                        organization = Organization.objects.get_from_cache(
                            slug=organization_slug, )
                    except Organization.DoesNotExist:
                        logging.debug(
                            'Organization with slug %s does not exist',
                            organization_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

            else:
                organization = None

            if team_slug:
                if not request.user.is_superuser:
                    team_list = Team.objects.get_for_user(
                        user=request.user,
                        access=access,
                        organization=organization,
                    )

                    for t in team_list:
                        if t.slug == team_slug:
                            team = t
                            break
                    else:
                        logging.debug(
                            'User %s is not listed in team with slug %s',
                            request.user.id, team_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

                else:
                    try:
                        team = Team.objects.get_from_cache(
                            slug=team_slug,
                            organization=organization,
                        )
                    except Team.DoesNotExist:
                        logging.debug('Team with slug %s does not exist',
                                      team_slug)
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

            else:
                team = None

            if project_id:
                # Support project id's
                if project_id.isdigit():
                    lookup_kwargs = {'id': int(project_id)}
                elif organization:
                    lookup_kwargs = {
                        'slug': project_id,
                        'organization': organization
                    }
                else:
                    return HttpResponseRedirect(reverse('sentry'))

                try:
                    project = Project.objects.get_from_cache(**lookup_kwargs)
                except Project.DoesNotExist:
                    if project_id.isdigit():
                        # It could be a numerical slug
                        try:
                            project = Project.objects.get_from_cache(
                                slug=project_id)
                        except Project.DoesNotExist:
                            if request.is_ajax():
                                return HttpResponse(status=400)
                            return HttpResponseRedirect(reverse('sentry'))
                    else:
                        if request.is_ajax():
                            return HttpResponse(status=400)
                        return HttpResponseRedirect(reverse('sentry'))

                if not request.user.is_superuser and not project.has_access(
                        request.user, access=access):
                    if request.is_ajax():
                        return HttpResponse(status=400)
                    return HttpResponseRedirect(reverse('sentry'))
            else:
                project = None

            if has_project:
                kwargs['project'] = project

            if has_team:
                kwargs['team'] = team

            if has_org:
                kwargs['organization'] = organization

            return func(request, *args, **kwargs)

        if access == MEMBER_OWNER:
            _wrapped = login_required(sudo_required(_wrapped))
        return _wrapped
Exemplo n.º 4
0
    qrcode_url = "user-twofactor-qrcode"

    def done(self, *args, **kwargs):
        out = super(TwoFactorSetupView, self).done(*args, **kwargs)
        messages.success(self.request, _("Two factor authentication has been enabled on your account."))

        return out

    def get(self, request, *args, **kwargs):
        """A special GET request won't reset the wizard"""
        if "qr" in request.GET:
            return self.render(self.get_form())
        else:
            return super(TwoFactorSetupView, self).get(request, *args, **kwargs)

    def get_context_data(self, **kwargs):
        context = super(TwoFactorSetupView, self).get_context_data(**kwargs)
        if self.steps.current == 'generator':
            context["secret"] = self.request.session[self.session_key_name]
            context["qr"] = int(self.request.GET.get("qr", "1"))

        return context


backup_view = sudo_required(core.BackupTokensView.as_view(template_name="account/twofactor-backup.html", redirect_url="user-twofactor-backup"))
disable_view = sudo_required(profile.DisableView.as_view(template_name="account/twofactor-disable.html", redirect_url="user-security"))
login = anonymous_required(LoginView.as_view())
setup_view = sudo_required(TwoFactorSetupView.as_view())
qrcode_view = sudo_required(core.QRGeneratorView.as_view())
twofactor_view = profile.ProfileView.as_view(template_name="account/security.html")
Exemplo n.º 5
0
 def as_view(cls, **initkwargs):
     view = super(SudoMixin, cls).as_view(**initkwargs)
     return sudo_required(view)
Exemplo n.º 6
0
    )
    success_url = "user-twofactor-backup"
    qrcode_url = "user-twofactor-qrcode"

    def done(self, *args, **kwargs):
        out = super(TwoFactorSetupView, self).done(*args, **kwargs)
        messages.success(self.request, _("Two factor authentication has been enabled on your account."))

        return out

    def get_context_data(self, **kwargs):
        context = super(TwoFactorSetupView, self).get_context_data(**kwargs)
        if self.steps.current == 'generator':
            context["secret"] = self.request.session[self.session_key_name]

        return context

    def post(self, *args, **kwargs):
        try:
            return super(TwoFactorSetupView, self).post(*args, **kwargs)
        except ValidationError:
            raise SuspiciousOperation("ManagementForm data is missing or has been tampered.")


backup_view = sudo_required(core.BackupTokensView.as_view(template_name="account/twofactor-backup.html", success_url="user-twofactor-backup"))
disable_view = sudo_required(profile.DisableView.as_view(template_name="account/twofactor-disable.html", success_url="user-security"))
login = anonymous_required(LoginView.as_view())
setup_view = sudo_required(TwoFactorSetupView.as_view())
qrcode_view = sudo_required(core.QRGeneratorView.as_view())
twofactor_view = profile.ProfileView.as_view(template_name="account/security.html")