test_sso.py 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. from sentry.models import AuthIdentity, AuthProvider
  2. from sentry.testutils import AuthProviderTestCase
  3. from sentry.testutils.silo import exempt_from_silo_limits
  4. from sentry.utils.auth import SsoSession
  5. # @control_silo_test(stable=True)
  6. class OrganizationAuthLoginTest(AuthProviderTestCase):
  7. def test_sso_auth_required(self):
  8. with exempt_from_silo_limits():
  9. user = self.create_user("foo@example.com", is_superuser=False)
  10. organization = self.create_organization(name="foo")
  11. member = self.create_member(user=user, organization=organization)
  12. setattr(member.flags, "sso:linked", True)
  13. member.save()
  14. auth_provider = AuthProvider.objects.create(
  15. organization_id=organization.id, provider="dummy", flags=0
  16. )
  17. AuthIdentity.objects.create(auth_provider=auth_provider, user=user)
  18. self.login_as(user)
  19. path = f"/{organization.slug}/"
  20. redirect_uri = f"/auth/login/{organization.slug}/?next=%2Ffoo%2F"
  21. # we should be redirecting the user to the authentication form as they
  22. # haven't verified this specific organization
  23. resp = self.client.get(path)
  24. self.assertRedirects(resp, redirect_uri)
  25. # superuser should still require SSO as they're a member of the org
  26. user.update(is_superuser=True)
  27. resp = self.client.get(path)
  28. self.assertRedirects(resp, redirect_uri)
  29. # XXX(dcramer): using internal API as exposing a request object is hard
  30. sso_session = SsoSession.create(organization.id)
  31. self.session[sso_session.session_key] = sso_session.to_dict()
  32. self.save_session()
  33. # now that SSO is marked as complete, we should be able to access dash
  34. resp = self.client.get(path)
  35. assert resp.status_code == 200