def handle_basic_auth(self, request): can_register = features.has('auth:register') or request.session.get( 'can_register') op = request.POST.get('op') # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if not op and '/register' in request.path_info and can_register: op = 'register' login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={'username': request.session.get('invite_email', '')}) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login(request, user) # can_register should only allow a single registration request.session.pop('can_register', None) request.session.pop('invite_email', None) return self.redirect(auth.get_login_redirect(request)) elif login_form.is_valid(): user = login_form.get_user() auth.login(request, user) if not user.is_active: return self.redirect(reverse('sentry-reactivate-account')) return self.redirect(auth.get_login_redirect(request)) request.session.set_test_cookie() context = { 'op': op or 'login', 'server_hostname': get_server_hostname(), 'login_form': login_form, 'register_form': register_form, 'CAN_REGISTER': can_register, } return self.respond('sentry/login.html', context)
def handle_basic_auth(self, request): can_register = features.has('auth:register') or request.session.get('can_register') op = request.POST.get('op') # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if not op and '/register' in request.path_info and can_register: op = 'register' login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form(request, initial={ 'username': request.session.get('invite_email', '') }) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login(request, user) # can_register should only allow a single registration request.session.pop('can_register', None) request.session.pop('invite_email', None) return self.redirect(auth.get_login_redirect(request)) elif login_form.is_valid(): user = login_form.get_user() auth.login(request, user) if not user.is_active: return self.redirect(reverse('sentry-reactivate-account')) return self.redirect(auth.get_login_redirect(request)) request.session.set_test_cookie() context = { 'op': op or 'login', 'server_hostname': get_server_hostname(), 'login_form': login_form, 'register_form': register_form, 'CAN_REGISTER': can_register, } return self.respond('sentry/login.html', context)
def recover_account(request): return MailPreview( html_template="sentry/emails/recover_account.html", text_template="sentry/emails/recover_account.txt", context={ "user": request.user, "url": absolute_uri( reverse("sentry-account-confirm-email", args=[request.user.id, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"]) ), "domain": get_server_hostname(), }, ).render()
def recover_account(request): return MailPreview( html_template='sentry/emails/recover_account.html', text_template='sentry/emails/recover_account.txt', context={ 'user': request.user, 'url': absolute_uri(reverse( 'sentry-account-confirm-email', args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'] )), 'domain': get_server_hostname(), }, ).render(request)
def recover_account(request): return MailPreview( html_template='sentry/emails/recover_account.html', text_template='sentry/emails/recover_account.txt', context={ 'user': request.user, 'url': absolute_uri(reverse( 'sentry-account-confirm-email', args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'] )), 'domain': get_server_hostname(), }, ).render()
def handle_basic_auth(self, request): can_register = features.has("auth:register") or request.session.get("can_register") op = request.POST.get("op") # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if not op and "/register" in request.path_info and can_register: op = "register" login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={"username": request.session.get("invite_email", "")} ) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login(request, user) # can_register should only allow a single registration request.session.pop("can_register", None) request.session.pop("invite_email", None) return self.redirect(auth.get_login_redirect(request)) elif login_form.is_valid(): user = login_form.get_user() auth.login(request, user) if not user.is_active: return self.redirect(reverse("sentry-reactivate-account")) return self.redirect(auth.get_login_redirect(request)) context = { "op": op or "login", "server_hostname": get_server_hostname(), "login_form": login_form, "register_form": register_form, "CAN_REGISTER": can_register, } return self.respond("sentry/login.html", context)
def recover_account(request): return MailPreview( html_template='sentry/emails/recover_account.html', text_template='sentry/emails/recover_account.txt', context={ 'user': request.user, 'url': absolute_uri(reverse( 'sentry-account-confirm-email', args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'] )), 'domain': get_server_hostname(), 'ip_address': request.META['REMOTE_ADDR'], 'datetime': timezone.now(), }, ).render(request)
def prepare_login_context(self, request, *args, **kwargs): can_register = bool(has_user_registration() or request.session.get("can_register")) context = { "serverHostname": get_server_hostname(), "canRegister": can_register, "hasNewsletter": newsletter.is_enabled(), } if "session_expired" in request.COOKIES: context["warning"] = WARN_SESSION_EXPIRED context.update(additional_context.run_callbacks(request)) return context
def prepare_login_context(self, request, *args, **kwargs): can_register = bool(auth.has_user_registration() or request.session.get('can_register')) context = { 'serverHostname': get_server_hostname(), 'canRegister': can_register, 'hasNewsletter': newsletter.is_enabled(), } if 'session_expired' in request.COOKIES: context['warning'] = WARN_SESSION_EXPIRED context.update(additional_context.run_callbacks(request)) return context
def recover_account(request): return MailPreview( html_template="sentry/emails/recover_account.html", text_template="sentry/emails/recover_account.txt", context={ "user": request.user, "url": absolute_uri( reverse( "sentry-account-confirm-email", args=[request.user.id, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"], ) ), "domain": get_server_hostname(), "ip_address": request.META["REMOTE_ADDR"], "datetime": timezone.now(), }, ).render(request)
def send_recover_mail(self): from sentry.http import get_server_hostname from sentry.utils.email import MessageBuilder context = { 'user': self.user, 'domain': get_server_hostname(), 'url': absolute_uri(reverse( 'sentry-account-recover-confirm', args=[self.user.id, self.hash] )), } msg = MessageBuilder( subject='%sPassword Recovery' % (settings.EMAIL_SUBJECT_PREFIX,), template='sentry/emails/recover_account.txt', context=context, ) msg.send_async([self.user.email])
def send_recover_mail(self): from sentry import options from sentry.http import get_server_hostname from sentry.utils.email import MessageBuilder context = { 'user': self.user, 'domain': get_server_hostname(), 'url': self.get_absolute_url(), } msg = MessageBuilder( subject='%sPassword Recovery' % (options.get('mail.subject-prefix'),), template='sentry/emails/recover_account.txt', html_template='sentry/emails/recover_account.html', type='user.password_recovery', context=context, ) msg.send_async([self.user.email])
def send_recover_mail(self): from sentry import options from sentry.http import get_server_hostname from sentry.utils.email import MessageBuilder context = { 'user': self.user, 'domain': get_server_hostname(), 'url': self.get_absolute_url(), } msg = MessageBuilder( subject='%sPassword Recovery' % (options.get('mail.subject-prefix'), ), template='sentry/emails/recover_account.txt', html_template='sentry/emails/recover_account.html', type='user.password_recovery', context=context, ) msg.send_async([self.user.email])
def send_recover_mail(self): from sentry.http import get_server_hostname from sentry.utils.email import MessageBuilder context = { 'user': self.user, 'domain': get_server_hostname(), 'url': absolute_uri( reverse('sentry-account-recover-confirm', args=[self.user.id, self.hash])), } msg = MessageBuilder( subject='%sPassword Recovery' % (settings.EMAIL_SUBJECT_PREFIX, ), template='sentry/emails/recover_account.txt', context=context, ) msg.send_async([self.user.email])
def recover_account(request): return MailPreview( html_template='sentry/emails/recover_account.html', text_template='sentry/emails/recover_account.txt', context={ 'user': request.user, 'url': absolute_uri( reverse( 'sentry-account-confirm-email', args=[request.user.id, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'])), 'domain': get_server_hostname(), 'ip_address': request.META['REMOTE_ADDR'], 'datetime': timezone.now(), }, ).render(request)
def send_email(self, request, mode='recover'): from sentry import options from sentry.http import get_server_hostname from sentry.utils.email import MessageBuilder context = { 'user': self.user, 'domain': get_server_hostname(), 'url': self.get_absolute_url(mode), 'datetime': timezone.now(), 'ip_address': request.META['REMOTE_ADDR'], } template = 'set_password' if mode == 'set_password' else 'recover_account' msg = MessageBuilder( subject=u'{}Password Recovery'.format(options.get('mail.subject-prefix')), template=u'sentry/emails/{name}.txt'.format(name=template), html_template=u'sentry/emails/{name}.html'.format(name=template), type='user.password_recovery', context=context, ) msg.send_async([self.user.email])
def send_email(self, request, mode="recover"): from sentry import options from sentry.http import get_server_hostname from sentry.utils.email import MessageBuilder context = { "user": self.user, "domain": get_server_hostname(), "url": self.get_absolute_url(mode), "datetime": timezone.now(), "ip_address": request.META["REMOTE_ADDR"], } template = "set_password" if mode == "set_password" else "recover_account" msg = MessageBuilder( subject="{}Password Recovery".format(options.get("mail.subject-prefix")), template="sentry/emails/{name}.txt".format(name=template), html_template="sentry/emails/{name}.html".format(name=template), type="user.password_recovery", context=context, ) msg.send_async([self.user.email])
def handle_basic_auth(self, request, organization=None, *args, **kwargs): can_register = self.can_register(request, organization=organization, *args, **kwargs) op = request.POST.get('op') if not op: # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if '/register' in request.path_info and can_register: op = 'register' elif request.GET.get('op') == 'sso': op = 'sso' login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={'username': request.session.get('invite_email', '')}) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login( request, user, organization_id=organization.id if organization else None, ) # can_register should only allow a single registration request.session.pop('can_register', None) request.session.pop('invite_email', None) return self.redirect(auth.get_login_redirect(request)) elif request.method == 'POST': from sentry.app import ratelimiter from sentry.utils.hashlib import md5_text login_attempt = op == 'login' and request.POST.get( 'username') and request.POST.get('password') if login_attempt and ratelimiter.is_limited( u'auth:login:username:{}'.format( md5_text( request.POST['username'].lower()).hexdigest()), limit=10, window=60, # 10 per minute should be enough for anyone ): login_form.errors['__all__'] = [ u'You have made too many login attempts. Please try again later.' ] metrics.incr('login.attempt', instance='rate_limited', skip_internal=True, sample_rate=1.0) elif login_form.is_valid(): user = login_form.get_user() auth.login( request, user, organization_id=organization.id if organization else None, ) metrics.incr('login.attempt', instance='success', skip_internal=True, sample_rate=1.0) if not user.is_active: return self.redirect(reverse('sentry-reactivate-account')) return self.redirect(auth.get_login_redirect(request)) else: metrics.incr('login.attempt', instance='failure', skip_internal=True, sample_rate=1.0) context = { 'op': op or 'login', 'server_hostname': get_server_hostname(), 'login_form': login_form, 'organization': organization, 'register_form': register_form, 'CAN_REGISTER': can_register, } context.update(additional_context.run_callbacks(request)) return self.respond_login(request, context, organization=organization, *args, **kwargs)
def handle_basic_auth(self, request, **kwargs): can_register = self.can_register(request) op = request.POST.get("op") organization = kwargs.pop("organization", None) if not op: # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if "/register" in request.path_info and can_register: op = "register" elif request.GET.get("op") == "sso": op = "sso" login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={"username": request.session.get("invite_email", "")} ) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) user_signup.send_robust( sender=self, user=user, source="register-form", referrer="in-app" ) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login(request, user, organization_id=organization.id if organization else None) # can_register should only allow a single registration request.session.pop("can_register", None) request.session.pop("invite_email", None) # In single org mode, associate the user to the orgnaization if settings.SENTRY_SINGLE_ORGANIZATION: organization = Organization.get_default() OrganizationMember.objects.create( organization=organization, role=organization.default_role, user=user ) # Attempt to directly accept any pending invites invite_helper = ApiInviteHelper.from_cookie(request=request, instance=self) if invite_helper and invite_helper.valid_request: invite_helper.accept_invite() response = self.redirect_to_org(request) remove_invite_cookie(request, response) return response return self.redirect(auth.get_login_redirect(request)) elif request.method == "POST": from sentry.app import ratelimiter from sentry.utils.hashlib import md5_text login_attempt = ( op == "login" and request.POST.get("username") and request.POST.get("password") ) if login_attempt and ratelimiter.is_limited( u"auth:login:username:{}".format( md5_text(login_form.clean_username(request.POST["username"])).hexdigest() ), limit=10, window=60, # 10 per minute should be enough for anyone ): login_form.errors["__all__"] = [ u"You have made too many login attempts. Please try again later." ] metrics.incr( "login.attempt", instance="rate_limited", skip_internal=True, sample_rate=1.0 ) elif login_form.is_valid(): user = login_form.get_user() auth.login(request, user, organization_id=organization.id if organization else None) metrics.incr( "login.attempt", instance="success", skip_internal=True, sample_rate=1.0 ) if not user.is_active: return self.redirect(reverse("sentry-reactivate-account")) return self.redirect(auth.get_login_redirect(request)) else: metrics.incr( "login.attempt", instance="failure", skip_internal=True, sample_rate=1.0 ) context = { "op": op or "login", "server_hostname": get_server_hostname(), "login_form": login_form, "organization": organization, "register_form": register_form, "CAN_REGISTER": can_register, "join_request_link": self.get_join_request_link(organization), } context.update(additional_context.run_callbacks(request)) return self.respond_login(request, context, **kwargs)
def handle_basic_auth(self, request): can_register = auth.has_user_registration() or request.session.get( 'can_register') op = request.POST.get('op') # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if not op and '/register' in request.path_info and can_register: op = 'register' login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={'username': request.session.get('invite_email', '')}) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login(request, user) # can_register should only allow a single registration request.session.pop('can_register', None) request.session.pop('invite_email', None) return self.redirect(auth.get_login_redirect(request)) elif request.method == 'POST': from sentry.app import ratelimiter from sentry.utils.hashlib import md5_text login_attempt = op == 'login' and request.POST.get( 'username') and request.POST.get('password') if login_attempt and ratelimiter.is_limited( u'auth:login:username:{}'.format( md5_text( request.POST['username'].lower()).hexdigest()), limit=10, window=60, # 10 per minute should be enough for anyone ): login_form.errors['__all__'] = [ u'You have made too many login attempts. Please try again later.' ] elif login_form.is_valid(): user = login_form.get_user() auth.login(request, user) if not user.is_active: return self.redirect(reverse('sentry-reactivate-account')) return self.redirect(auth.get_login_redirect(request)) context = { 'op': op or 'login', 'server_hostname': get_server_hostname(), 'login_form': login_form, 'register_form': register_form, 'CAN_REGISTER': can_register, } return self.respond('sentry/login.html', context)
def handle_basic_auth(self, request): can_register = features.has('auth:register') or request.session.get('can_register') op = request.POST.get('op') # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if not op and '/register' in request.path_info and can_register: op = 'register' login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form(request) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login(request, user) # can_register should only allow a single registration request.session.pop('can_register', None) request.session.pop('needs_captcha', None) return self.redirect(auth.get_login_redirect(request)) elif login_form.is_valid(): user = login_form.get_user() auth.login(request, user) request.session.pop('needs_captcha', None) if not user.is_active: return self.redirect(reverse('sentry-reactivate-account')) return self.redirect(auth.get_login_redirect(request)) elif request.POST and not request.session.get('needs_captcha'): auth.log_auth_failure(request, request.POST.get('username')) request.session['needs_captcha'] = 1 login_form = self.get_login_form(request) login_form.errors.pop('captcha', None) if can_register: register_form = self.get_register_form(request) register_form.errors.pop('captcha', None) # When the captcha fails, hide any other errors # to prevent brute force attempts. if 'captcha' in login_form.errors: for k in login_form.errors.keys(): if k != 'captcha': login_form.errors.pop(k) request.session.set_test_cookie() context = { 'op': op or 'login', 'server_hostname': get_server_hostname(), 'login_form': login_form, 'register_form': register_form, 'CAN_REGISTER': can_register, } return self.respond('sentry/login.html', context)
def __iter__(self): yield get_server_hostname() or '*'
def handle_basic_auth(self, request, organization=None, *args, **kwargs): can_register = self.can_register( request, organization=organization, *args, **kwargs) op = request.POST.get('op') # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if not op and '/register' in request.path_info and can_register: op = 'register' login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={ 'username': request.session.get('invite_email', '')} ) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login( request, user, organization_id=organization.id if organization else None, ) # can_register should only allow a single registration request.session.pop('can_register', None) request.session.pop('invite_email', None) return self.redirect(auth.get_login_redirect(request)) elif request.method == 'POST': from sentry.app import ratelimiter from sentry.utils.hashlib import md5_text login_attempt = op == 'login' and request.POST.get('username' ) and request.POST.get('password') if login_attempt and ratelimiter.is_limited( u'auth:login:username:{}'. format(md5_text(request.POST['username'].lower()).hexdigest()), limit=10, window=60, # 10 per minute should be enough for anyone ): login_form.errors['__all__'] = [ u'You have made too many login attempts. Please try again later.' ] elif login_form.is_valid(): user = login_form.get_user() auth.login( request, user, organization_id=organization.id if organization else None, ) if not user.is_active: return self.redirect(reverse('sentry-reactivate-account')) return self.redirect(auth.get_login_redirect(request)) context = { 'op': op or 'login', 'server_hostname': get_server_hostname(), 'login_form': login_form, 'organization': organization, 'register_form': register_form, 'CAN_REGISTER': can_register, } return self.respond_login(request, context, organization=organization, *args, **kwargs)
def handle_basic_auth(self, request, **kwargs): can_register = self.can_register(request) op = request.POST.get("op") organization = kwargs.pop("organization", None) if not op: # Detect that we are on the register page by url /register/ and # then activate the register tab by default. if "/register" in request.path_info and can_register: op = "register" elif request.GET.get("op") == "sso": op = "sso" login_form = self.get_login_form(request) if can_register: register_form = self.get_register_form( request, initial={"username": request.session.get("invite_email", "")}) else: register_form = None if can_register and register_form.is_valid(): user = register_form.save() user.send_confirm_emails(is_new_user=True) # HACK: grab whatever the first backend is and assume it works user.backend = settings.AUTHENTICATION_BACKENDS[0] auth.login( request, user, organization_id=organization.id if organization else None) # can_register should only allow a single registration request.session.pop("can_register", None) request.session.pop("invite_email", None) return self.redirect(auth.get_login_redirect(request)) elif request.method == "POST": from sentry.app import ratelimiter from sentry.utils.hashlib import md5_text login_attempt = (op == "login" and request.POST.get("username") and request.POST.get("password")) if login_attempt and ratelimiter.is_limited( u"auth:login:username:{}".format( md5_text( request.POST["username"].lower()).hexdigest()), limit=10, window=60, # 10 per minute should be enough for anyone ): login_form.errors["__all__"] = [ u"You have made too many login attempts. Please try again later." ] metrics.incr("login.attempt", instance="rate_limited", skip_internal=True, sample_rate=1.0) elif login_form.is_valid(): user = login_form.get_user() auth.login( request, user, organization_id=organization.id if organization else None) metrics.incr("login.attempt", instance="success", skip_internal=True, sample_rate=1.0) if not user.is_active: return self.redirect(reverse("sentry-reactivate-account")) return self.redirect(auth.get_login_redirect(request)) else: metrics.incr("login.attempt", instance="failure", skip_internal=True, sample_rate=1.0) context = { "op": op or "login", "server_hostname": get_server_hostname(), "login_form": login_form, "organization": organization, "register_form": register_form, "CAN_REGISTER": can_register, } context.update(additional_context.run_callbacks(request)) return self.respond_login(request, context, **kwargs)