def _finish_setup_pipeline(self, identity):
"""
The setup flow creates the auth provider as well as an identity linked
to the active user.
"""
request = self.request
if not request.user.is_authenticated():
return self.error(ERR_NOT_AUTHED)
if request.user.id != self.state.uid:
return self.error(ERR_UID_MISMATCH)
data = self.fetch_state()
config = self.provider.build_config(data)
try:
om = OrganizationMember.objects.get(user=request.user, organization=self.organization)
except OrganizationMember.DoesNotExist:
return self.error(ERR_UID_MISMATCH)
# disable require 2FA for the organization
# since only SSO or require 2FA can be enabled
self.disable_2fa_required()
self.auth_provider = AuthProvider.objects.create(
organization=self.organization, provider=self.provider.key, config=config
)
handle_attach_identity(
self.auth_provider, self.request, self.organization, self.provider, identity, om
)
auth.mark_sso_complete(request, self.organization.id)
sso_enabled.send_robust(
organization=self.organization,
user=request.user,
provider=self.provider.key,
sender=self.__class__,
)
AuditLogEntry.objects.create(
organization=self.organization,
actor=request.user,
ip_address=request.META["REMOTE_ADDR"],
target_object=self.auth_provider.id,
event=AuditLogEntryEvent.SSO_ENABLE,
data=self.auth_provider.get_audit_log_data(),
)
email_missing_links.delay(self.organization.id, request.user.id, self.provider.key)
messages.add_message(self.request, messages.SUCCESS, OK_SETUP_SSO)
self.clear_session()
next_uri = reverse(
"sentry-organization-auth-provider-settings", args=[self.organization.slug]
)
return HttpResponseRedirect(next_uri)
def _finish_setup_pipeline(self, identity):
"""
The setup flow creates the auth provider as well as an identity linked
to the active user.
"""
request = self.request
if not request.user.is_authenticated():
return self.error(ERR_NOT_AUTHED)
if request.user.id != self.state.uid:
return self.error(ERR_UID_MISMATCH)
data = self.fetch_state()
config = self.provider.build_config(data)
try:
om = OrganizationMember.objects.get(
user=request.user,
organization=self.organization,
)
except OrganizationMember.DoesNotExist:
return self.error(ERR_UID_MISMATCH)
self.auth_provider = AuthProvider.objects.create(
organization=self.organization,
provider=self.provider.key,
config=config,
)
self._handle_attach_identity(identity, om)
auth.mark_sso_complete(request, self.organization.id)
AuditLogEntry.objects.create(
organization=self.organization,
actor=request.user,
ip_address=request.META['REMOTE_ADDR'],
target_object=self.auth_provider.id,
event=AuditLogEntryEvent.SSO_ENABLE,
data=self.auth_provider.get_audit_log_data(),
)
email_missing_links.delay(self.organization.id, request.user.id, self.provider.key)
messages.add_message(
self.request,
messages.SUCCESS,
OK_SETUP_SSO,
)
self.clear_session()
next_uri = reverse(
'sentry-organization-auth-provider-settings', args=[
self.organization.slug,
]
)
return HttpResponseRedirect(next_uri)
def _finish_setup_pipeline(self, identity):
"""
The setup flow creates the auth provider as well as an identity linked
to the active user.
"""
request = self.request
if not request.user.is_authenticated():
return self.error(ERR_NOT_AUTHED)
if request.user.id != request.session['auth']['uid']:
return self.error(ERR_UID_MISMATCH)
state = request.session['auth']['state']
config = self.provider.build_config(state)
try:
om = OrganizationMember.objects.get(
user=request.user,
organization=self.organization,
)
except OrganizationMember.DoesNotExist:
return self.error(ERR_UID_MISMATCH)
self.auth_provider = AuthProvider.objects.create(
organization=self.organization,
provider=self.provider.key,
config=config,
)
self._handle_attach_identity(identity, om)
auth.mark_sso_complete(request, self.organization.id)
AuditLogEntry.objects.create(
organization=self.organization,
actor=request.user,
ip_address=request.META['REMOTE_ADDR'],
target_object=self.auth_provider.id,
event=AuditLogEntryEvent.SSO_ENABLE,
data=self.auth_provider.get_audit_log_data(),
)
email_missing_links.delay(organization_id=self.organization.id, )
messages.add_message(
self.request,
messages.SUCCESS,
OK_SETUP_SSO,
)
self.clear_session()
next_uri = reverse('sentry-organization-auth-settings',
args=[
self.organization.slug,
])
return HttpResponseRedirect(next_uri)
def test_sso(self):
user = User(is_superuser=True)
request = self.make_request(user=user)
# no ips = any host
superuser = Superuser(request, org_id=None)
superuser.set_logged_in(request.user)
assert superuser.is_active is True
superuser = Superuser(request, org_id=1)
superuser.set_logged_in(request.user)
assert superuser.is_active is False
mark_sso_complete(request, 1)
superuser = Superuser(request, org_id=1)
superuser.set_logged_in(request.user)
assert superuser.is_active is True
def test_sso(self):
user = User(is_superuser=True)
request = self.make_request(user=user)
# no ips = any host
superuser = Superuser(request, org_id=None)
superuser.set_logged_in(request.user)
assert superuser.is_active is True
superuser = Superuser(request, org_id=1)
superuser.set_logged_in(request.user)
assert superuser.is_active is False
mark_sso_complete(request, 1)
superuser = Superuser(request, org_id=1)
superuser.set_logged_in(request.user)
assert superuser.is_active is True
