test_sso.py 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041
  1. from sentry.models import AuthIdentity, AuthProvider
  2. from sentry.testutils import AuthProviderTestCase
  3. from sentry.utils.auth import SSO_SESSION_KEY
  4. class OrganizationAuthLoginTest(AuthProviderTestCase):
  5. def test_sso_auth_required(self):
  6. user = self.create_user("foo@example.com", is_superuser=False)
  7. organization = self.create_organization(name="foo")
  8. member = self.create_member(user=user, organization=organization)
  9. setattr(member.flags, "sso:linked", True)
  10. member.save()
  11. auth_provider = AuthProvider.objects.create(
  12. organization=organization, provider="dummy", flags=0
  13. )
  14. AuthIdentity.objects.create(auth_provider=auth_provider, user=user)
  15. self.login_as(user)
  16. path = f"/{organization.slug}/"
  17. redirect_uri = f"/auth/login/{organization.slug}/"
  18. # we should be redirecting the user to the authentication form as they
  19. # haven't verified this specific organization
  20. resp = self.client.get(path)
  21. self.assertRedirects(resp, redirect_uri)
  22. # superuser should still require SSO as they're a member of the org
  23. user.update(is_superuser=True)
  24. resp = self.client.get(path)
  25. self.assertRedirects(resp, redirect_uri)
  26. # XXX(dcramer): using internal API as exposing a request object is hard
  27. self.session[SSO_SESSION_KEY] = str(organization.id)
  28. self.save_session()
  29. # now that SSO is marked as complete, we should be able to access dash
  30. resp = self.client.get(path)
  31. assert resp.status_code == 200