def handle_sso(self, request, organization, auth_provider):
        if request.method == "POST":
            helper = AuthHelper(
                request=request,
                organization=organization,
                auth_provider=auth_provider,
                flow=AuthHelper.FLOW_LOGIN,
            )

            if request.POST.get("init"):
                helper.initialize()

            if not helper.is_valid():
                return helper.error(
                    "Something unexpected happened during authentication.")

            return helper.current_step()

        provider = auth_provider.get_provider()

        context = {
            "CAN_REGISTER": False,
            "organization": organization,
            "provider_key": provider.key,
            "provider_name": provider.name,
            "authenticated": request.user.is_authenticated,
        }

        return self.respond("sentry/organization-login.html", context)
    def handle(self, request, organization):
        try:
            auth_provider = AuthProvider.objects.get(organization=organization)
        except AuthProvider.DoesNotExist:
            pass
        else:
            provider = auth_provider.get_provider()
            requires_feature = provider.required_feature

            # Provider is not enabled
            # Allow superusers to edit and disable SSO for orgs that
            # downgrade plans and can no longer access the feature
            if (requires_feature and not features.has(
                    requires_feature, organization, actor=request.user)
                    and not is_active_superuser(request)):
                home_url = organization.get_url()
                messages.add_message(request, messages.ERROR, ERR_NO_SSO)

                return HttpResponseRedirect(home_url)

            return self.handle_existing_provider(request=request,
                                                 organization=organization,
                                                 auth_provider=auth_provider)

        if request.method == "POST":
            provider_key = request.POST.get("provider")
            if not manager.exists(provider_key):
                raise ValueError(f"Provider not found: {provider_key}")

            helper = AuthHelper(
                request=request,
                organization=organization,
                provider_key=provider_key,
                flow=AuthHelper.FLOW_SETUP_PROVIDER,
            )

            feature = helper.provider.required_feature
            if feature and not features.has(
                    feature, organization, actor=request.user):
                return HttpResponse("Provider is not enabled", status=401)

            if request.POST.get("init"):
                helper.initialize()

            if not helper.is_valid():
                return helper.error(
                    "Something unexpected happened during authentication.")

            # render first time setup view
            return helper.current_step()

        # Otherwise user is in bad state since frontend/react should handle this case
        return HttpResponseRedirect(organization.get_url())
示例#3
0
    def handle(self, request: Request, organization) -> Response:
        try:
            auth_provider = AuthProvider.objects.get(organization=organization)
        except AuthProvider.DoesNotExist:
            pass
        else:
            # if the org has SSO set up already, allow them to modify the existing provider
            # regardless if the feature flag is set up. This allows orgs who might no longer
            # have the SSO feature to be able to turn it off
            return self.handle_existing_provider(request=request,
                                                 organization=organization,
                                                 auth_provider=auth_provider)

        if request.method == "POST":
            provider_key = request.POST.get("provider")
            if not manager.exists(provider_key):
                raise ValueError(f"Provider not found: {provider_key}")

            helper = AuthHelper(
                request=request,
                organization=organization,
                provider_key=provider_key,
                flow=AuthHelper.FLOW_SETUP_PROVIDER,
            )

            feature = helper.provider.required_feature
            if feature and not features.has(
                    feature, organization, actor=request.user):
                return HttpResponse("Provider is not enabled", status=401)

            if request.POST.get("init"):
                helper.initialize()

            if not helper.is_valid():
                return helper.error(
                    "Something unexpected happened during authentication.")

            # render first time setup view
            return helper.current_step()

        # Otherwise user is in bad state since frontend/react should handle this case
        return HttpResponseRedirect(organization.get_url())
示例#4
0
    def dispatch(self, request: Request, organization_slug):
        from sentry.auth.helper import AuthHelper

        helper = AuthHelper.get_for_request(request)

        # SP initiated authentication, request helper is provided
        if helper:
            from sentry.web.frontend.auth_provider_login import AuthProviderLoginView

            sso_login = AuthProviderLoginView()
            return sso_login.handle(request)

        # IdP initiated authentication. The organization_slug must be valid and
        # an auth provider must exist for this organization to proceed with
        # IdP initiated SAML auth.
        try:
            organization = Organization.objects.get(slug=organization_slug)
        except Organization.DoesNotExist:
            messages.add_message(request, messages.ERROR, ERR_NO_SAML_SSO)
            return self.redirect(reverse("sentry-login"))

        try:
            auth_provider = AuthProvider.objects.get(organization=organization)
        except AuthProvider.DoesNotExist:
            messages.add_message(request, messages.ERROR, ERR_NO_SAML_SSO)
            return self.redirect(reverse("sentry-login"))

        helper = AuthHelper(
            request=request,
            organization=organization,
            auth_provider=auth_provider,
            flow=AuthHelper.FLOW_LOGIN,
        )

        helper.initialize()
        return helper.current_step()