test_sso.py 1.9 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. from sentry.models.authidentity import AuthIdentity
  2. from sentry.models.authprovider import AuthProvider
  3. from sentry.models.organizationmember import OrganizationMember
  4. from sentry.testutils.cases import AuthProviderTestCase
  5. from sentry.testutils.silo import assume_test_silo_mode_of, control_silo_test
  6. from sentry.utils.auth import SsoSession
  7. @control_silo_test
  8. class OrganizationAuthLoginTest(AuthProviderTestCase):
  9. def test_sso_auth_required(self):
  10. user = self.create_user("foo@example.com", is_superuser=False)
  11. organization = self.create_organization(name="foo")
  12. member = self.create_member(user=user, organization=organization)
  13. setattr(member.flags, "sso:linked", True)
  14. with assume_test_silo_mode_of(OrganizationMember):
  15. member.save()
  16. auth_provider = AuthProvider.objects.create(
  17. organization_id=organization.id, provider="dummy", flags=0
  18. )
  19. AuthIdentity.objects.create(auth_provider=auth_provider, user=user)
  20. self.login_as(user)
  21. path = f"/{organization.slug}/"
  22. redirect_uri = f"/auth/login/{organization.slug}/?next=%2Ffoo%2F"
  23. # we should be redirecting the user to the authentication form as they
  24. # haven't verified this specific organization
  25. resp = self.client.get(path)
  26. self.assertRedirects(resp, redirect_uri)
  27. # superuser should still require SSO as they're a member of the org
  28. user.update(is_superuser=True)
  29. resp = self.client.get(path)
  30. self.assertRedirects(resp, redirect_uri)
  31. # XXX(dcramer): using internal API as exposing a request object is hard
  32. sso_session = SsoSession.create(organization.id)
  33. self.session[sso_session.session_key] = sso_session.to_dict()
  34. self.save_session()
  35. # now that SSO is marked as complete, we should be able to access dash
  36. resp = self.client.get(path)
  37. assert resp.status_code == 200