def sso_auth_check(self):
if GOOGLE_AUTH in self.auth_type:
try:
resp = utils.request.get(AUTH_SERVER +
'/update/google?user=%s&license=%s' %
(self.email, settings.app.license))
if resp.status_code == 200:
return True
except:
logger.exception(
'Google auth check error',
'user',
user_id=self.id,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type:
try:
return sso.auth_onelogin(self.name)
except:
logger.exception(
'OneLogin auth check error',
'user',
user_id=self.id,
)
return False
return True
def sso_auth_check(self, password):
if GOOGLE_AUTH in self.auth_type:
try:
resp = utils.request.get(AUTH_SERVER +
'/update/google?user=%s&license=%s' % (
self.email, settings.app.license))
if resp.status_code == 200:
return True
except:
logger.exception('Google auth check error', 'user',
user_id=self.id,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type:
try:
return sso.auth_onelogin(self.name)
except:
logger.exception('OneLogin auth check error', 'user',
user_id=self.id,
)
return False
elif RADIUS_AUTH in self.auth_type:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception('Radius auth check error', 'user',
user_id=self.id,
)
return False
return True
def sso_auth_check(self, password):
if GOOGLE_AUTH in self.auth_type:
try:
resp = requests.get(AUTH_SERVER +
'/update/google?user=%s&license=%s' % (
urllib.quote(self.email),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception('Google auth check error', 'user',
user_id=self.id,
)
return False
elif SLACK_AUTH in self.auth_type:
try:
resp = requests.get(AUTH_SERVER +
'/update/slack?user=%s&team=%s&license=%s' % (
urllib.quote(self.name),
urllib.quote(settings.app.sso_match[0]),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception('Slack auth check error', 'user',
user_id=self.id,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type:
try:
return sso.auth_onelogin(self.name)
except:
logger.exception('OneLogin auth check error', 'user',
user_id=self.id,
)
return False
elif SAML_OKTA_AUTH in self.auth_type:
try:
return sso.auth_okta(self.name)
except:
logger.exception('Okta auth check error', 'user',
user_id=self.id,
)
return False
elif RADIUS_AUTH in self.auth_type:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception('Radius auth check error', 'user',
user_id=self.id,
)
return False
return True
def sso_auth_check(self):
if GOOGLE_AUTH in self.auth_type:
try:
resp = utils.request.get(
AUTH_SERVER + "/update/google?user=%s&license=%s" % (self.email, settings.app.license)
)
if resp.status_code == 200:
return True
except:
logger.exception("Google auth check error", "user", user_id=self.id)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type:
try:
return sso.auth_onelogin(self.name)
except:
logger.exception("OneLogin auth check error", "user", user_id=self.id)
return False
return True
def sso_auth_check(self, password, remote_ip):
sso_mode = settings.app.sso or ''
auth_server = AUTH_SERVER
if settings.app.dedicated:
auth_server = settings.app.dedicated
if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(auth_server +
'/update/google?user=%s&license=%s' % (
urllib.quote(self.email),
settings.app.license,
))
if resp.status_code != 200:
logger.error(
'Google auth check request error',
'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
valid, google_groups = sso.verify_google(self.email)
if not valid:
logger.error(
'Google auth check failed',
'user',
user_id=self.id,
user_name=self.name,
)
return False
if settings.app.sso_google_mode == 'groups':
cur_groups = set(self.groups)
new_groups = set(google_groups)
if cur_groups != new_groups:
self.groups = list(new_groups)
self.commit('groups')
return True
except:
logger.exception(
'Google auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
elif AZURE_AUTH in self.auth_type and AZURE_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(
auth_server + ('/update/azure?user=%s&license=%s&' +
'directory_id=%s&app_id=%s&app_secret=%s') %
(
urllib.quote(self.name),
settings.app.license,
urllib.quote(settings.app.sso_azure_directory_id),
urllib.quote(settings.app.sso_azure_app_id),
urllib.quote(settings.app.sso_azure_app_secret),
))
if resp.status_code != 200:
logger.error(
'Azure auth check request error',
'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
valid, azure_groups = sso.verify_azure(self.name)
if not valid:
logger.error(
'Azure auth check failed',
'user',
user_id=self.id,
user_name=self.name,
)
return False
if settings.app.sso_azure_mode == 'groups':
cur_groups = set(self.groups)
new_groups = set(azure_groups)
if cur_groups != new_groups:
self.groups = list(new_groups)
self.commit('groups')
return True
except:
logger.exception(
'Azure auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
if not isinstance(settings.app.sso_match, list):
raise TypeError('Invalid sso match')
try:
resp = requests.get(
auth_server + '/update/slack?user=%s&team=%s&license=%s' %
(
urllib.quote(self.name),
urllib.quote(settings.app.sso_match[0]),
settings.app.license,
))
if resp.status_code != 200:
logger.error(
'Slack auth check request error',
'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
return True
except:
logger.exception(
'Slack auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type and \
SAML_ONELOGIN_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_onelogin(self.name)
except:
logger.exception(
'OneLogin auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
elif SAML_OKTA_AUTH in self.auth_type and \
SAML_OKTA_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_okta(self.name)
except:
logger.exception(
'Okta auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception(
'Radius auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
elif PLUGIN_AUTH in self.auth_type:
try:
return sso.plugin_login_authenticate(
user_name=self.name,
password=password,
remote_ip=remote_ip,
)[0]
except:
logger.exception(
'Plugin auth check error',
'user',
user_id=self.id,
user_name=self.name,
)
return False
return True
def sso_auth_check(self, password, remote_ip):
sso_mode = settings.app.sso or ''
auth_server = AUTH_SERVER
if settings.app.dedicated:
auth_server = settings.app.dedicated
if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(auth_server +
'/update/google?user=%s&license=%s' % (
urllib.quote(self.email),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception(
'Google auth check error',
'user',
user_id=self.id,
)
return False
elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
if not isinstance(settings.app.sso_match, list):
raise TypeError('Invalid sso match')
try:
resp = requests.get(
auth_server + '/update/slack?user=%s&team=%s&license=%s' %
(
urllib.quote(self.name),
urllib.quote(settings.app.sso_match[0]),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception(
'Slack auth check error',
'user',
user_id=self.id,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type and \
SAML_ONELOGIN_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_onelogin(self.name)
except:
logger.exception(
'OneLogin auth check error',
'user',
user_id=self.id,
)
return False
elif SAML_OKTA_AUTH in self.auth_type and \
SAML_OKTA_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_okta(self.name)
except:
logger.exception(
'Okta auth check error',
'user',
user_id=self.id,
)
return False
elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception(
'Radius auth check error',
'user',
user_id=self.id,
)
return False
elif PLUGIN_AUTH in self.auth_type:
try:
return sso.plugin_login_authenticate(
user_name=self.name,
password=password,
remote_ip=remote_ip,
)[0]
except:
logger.exception(
'Plugin auth check error',
'user',
user_id=self.id,
)
return False
return True
def sso_auth_check(self, password, remote_ip):
sso_mode = settings.app.sso or ''
if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(AUTH_SERVER +
'/update/google?user=%s&license=%s' % (
urllib.quote(self.email),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception('Google auth check error', 'user',
user_id=self.id,
)
return False
elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
if not isinstance(settings.app.sso_match, list):
raise TypeError('Invalid sso match')
try:
resp = requests.get(AUTH_SERVER +
'/update/slack?user=%s&team=%s&license=%s' % (
urllib.quote(self.name),
urllib.quote(settings.app.sso_match[0]),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception('Slack auth check error', 'user',
user_id=self.id,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type and \
SAML_ONELOGIN_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_onelogin(self.name)
except:
logger.exception('OneLogin auth check error', 'user',
user_id=self.id,
)
return False
elif SAML_OKTA_AUTH in self.auth_type and \
SAML_OKTA_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_okta(self.name)
except:
logger.exception('Okta auth check error', 'user',
user_id=self.id,
)
return False
elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception('Radius auth check error', 'user',
user_id=self.id,
)
return False
elif PLUGIN_AUTH in self.auth_type:
try:
return sso.plugin_login_authenticate(
user_name=self.name,
password=password,
remote_ip=remote_ip,
)[0]
except:
logger.exception('Plugin auth check error', 'user',
user_id=self.id,
)
return False
return True
def sso_auth_check(self, password, remote_ip):
sso_mode = settings.app.sso or ''
auth_server = AUTH_SERVER
if settings.app.dedicated:
auth_server = settings.app.dedicated
if GOOGLE_AUTH in self.auth_type and GOOGLE_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(auth_server +
'/update/google?user=%s&license=%s' % (
urllib.quote(self.email),
settings.app.license,
))
if resp.status_code != 200:
logger.error('Google auth check request error', 'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
valid, google_groups = sso.verify_google(self.email)
if not valid:
logger.error('Google auth check failed', 'user',
user_id=self.id,
user_name=self.name,
)
return False
if settings.app.sso_google_mode == 'groups':
cur_groups = set(self.groups)
new_groups = set(google_groups)
if cur_groups != new_groups:
self.groups = list(new_groups)
self.commit('groups')
return True
except:
logger.exception('Google auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif AZURE_AUTH in self.auth_type and AZURE_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(auth_server +
('/update/azure?user=%s&license=%s&' +
'directory_id=%s&app_id=%s&app_secret=%s') % (
urllib.quote(self.name),
settings.app.license,
urllib.quote(settings.app.sso_azure_directory_id),
urllib.quote(settings.app.sso_azure_app_id),
urllib.quote(settings.app.sso_azure_app_secret),
))
if resp.status_code != 200:
logger.error('Azure auth check request error', 'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
valid, azure_groups = sso.verify_azure(self.name)
if not valid:
logger.error('Azure auth check failed', 'user',
user_id=self.id,
user_name=self.name,
)
return False
if settings.app.sso_azure_mode == 'groups':
cur_groups = set(self.groups)
new_groups = set(azure_groups)
if cur_groups != new_groups:
self.groups = list(new_groups)
self.commit('groups')
return True
except:
logger.exception('Azure auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif AUTHZERO_AUTH in self.auth_type and AUTHZERO_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
resp = requests.get(auth_server +
('/update/authzero?user=%s&license=%s&' +
'app_domain=%s&app_id=%s&app_secret=%s') % (
urllib.quote(self.name),
settings.app.license,
urllib.quote(settings.app.sso_authzero_domain),
urllib.quote(settings.app.sso_authzero_app_id),
urllib.quote(settings.app.sso_authzero_app_secret),
))
if resp.status_code != 200:
logger.error('Auth0 auth check request error', 'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
valid, authzero_groups = sso.verify_authzero(self.name)
if not valid:
logger.error('Auth0 auth check failed', 'user',
user_id=self.id,
user_name=self.name,
)
return False
if settings.app.sso_authzero_mode == 'groups':
cur_groups = set(self.groups)
new_groups = set(authzero_groups)
if cur_groups != new_groups:
self.groups = list(new_groups)
self.commit('groups')
return True
except:
logger.exception('Auth0 auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif SLACK_AUTH in self.auth_type and SLACK_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
if not isinstance(settings.app.sso_match, list):
raise TypeError('Invalid sso match')
try:
resp = requests.get(auth_server +
'/update/slack?user=%s&team=%s&license=%s' % (
urllib.quote(self.name),
urllib.quote(settings.app.sso_match[0]),
settings.app.license,
))
if resp.status_code != 200:
logger.error('Slack auth check request error', 'user',
user_id=self.id,
user_name=self.name,
status_code=resp.status_code,
content=resp.content,
)
return False
return True
except:
logger.exception('Slack auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type and \
SAML_ONELOGIN_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_onelogin(self.name)
except:
logger.exception('OneLogin auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif SAML_OKTA_AUTH in self.auth_type and \
SAML_OKTA_AUTH in sso_mode:
if settings.user.skip_remote_sso_check:
return True
try:
return sso.auth_okta(self.name)
except:
logger.exception('Okta auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif RADIUS_AUTH in self.auth_type and RADIUS_AUTH in sso_mode:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception('Radius auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
elif PLUGIN_AUTH in self.auth_type:
try:
return sso.plugin_login_authenticate(
user_name=self.name,
password=password,
remote_ip=remote_ip,
)[1]
except:
logger.exception('Plugin auth check error', 'user',
user_id=self.id,
user_name=self.name,
)
return False
return True
def sso_auth_check(self, password):
if GOOGLE_AUTH in self.auth_type:
try:
resp = utils.request.get(AUTH_SERVER +
'/update/google?user=%s&license=%s' %
(
urllib.quote(self.email),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception(
'Google auth check error',
'user',
user_id=self.id,
)
return False
elif SLACK_AUTH in self.auth_type:
try:
resp = utils.request.get(
AUTH_SERVER + '/update/slack?user=%s&team=%s&license=%s' %
(
urllib.quote(self.name),
urllib.quote(settings.app.sso_match[0]),
settings.app.license,
))
if resp.status_code == 200:
return True
except:
logger.exception(
'Slack auth check error',
'user',
user_id=self.id,
)
return False
elif SAML_ONELOGIN_AUTH in self.auth_type:
try:
return sso.auth_onelogin(self.name)
except:
logger.exception(
'OneLogin auth check error',
'user',
user_id=self.id,
)
return False
elif SAML_OKTA_AUTH in self.auth_type:
try:
return sso.auth_okta(self.name)
except:
logger.exception(
'Okta auth check error',
'user',
user_id=self.id,
)
return False
elif RADIUS_AUTH in self.auth_type:
try:
return sso.verify_radius(self.name, password)[0]
except:
logger.exception(
'Radius auth check error',
'user',
user_id=self.id,
)
return False
return True
