From 1c9a28d0d8dfbf1f0d9afa633ba7dcc4a375aec8 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Tue, 21 Nov 2017 12:57:23 -0800
Subject: [PATCH] ldap: Use simpler ordering for handling successful auth.

common_get_active_user returns None if it finds any problems.
---
 zproject/backends.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/zproject/backends.py b/zproject/backends.py
index 67a4fd4389..eefdc34e61 100644
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -471,6 +471,10 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
 
         return_data = {}  # type: Dict[str, Any]
         user_profile = common_get_active_user(username, self._realm, return_data)
+        if user_profile is not None:
+            # An existing user, successfully authed; return it.
+            return user_profile, False
+
         if return_data.get("inactive_realm"):
             # This happens if there is a user account in a deactivated realm
             raise ZulipLDAPException("Realm has been deactivated")
@@ -482,8 +486,6 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
             # situation (right now it just acts like any other auth
             # failure).
             raise ZulipLDAPException("Wrong subdomain")
-        if user_profile is not None:
-            return user_profile, False
         if self._realm.deactivated:
             # This happens if no account exists, but the realm is
             # deactivated, so we shouldn't create a new user account