auth: Add new route to get server settings.

Specifically, this makes easily available to the desktop and mobile
apps data on the server's configuration, including important details
like the realm icon, name, and description.

It deprecates /api/v1/get_auth_backends.

zerver/tests/test_auth_backends.py

@@ -23,7 +23,8 @@ from zerver.lib.actions import (
     do_set_realm_authentication_methods,
 )
 from zerver.lib.mobile_auth_otp import otp_decrypt_api_key
-from zerver.lib.validator import validate_login_email
+from zerver.lib.validator import validate_login_email, \
+    check_bool, check_dict_only, check_string
 from zerver.lib.request import JsonableError
 from zerver.lib.initial_password import initial_password
 from zerver.lib.sessions import get_session_dict_user
@@ -1226,6 +1227,53 @@ class DevGetEmailsTest(ZulipTestCase):
             self.assert_json_error_contains(result, "Dev environment not enabled.", 400)
 
 class FetchAuthBackends(ZulipTestCase):
+    def assert_on_error(self, error):
+        # type: (Optional[str]) -> None
+        if error:
+            raise AssertionError(error)
+
+    def test_get_server_settings(self):
+        # type: () -> None
+        result = self.client_get("/api/v1/server_settings")
+        self.assert_json_success(result)
+        data = ujson.loads(result.content)
+        schema_checker = check_dict_only([
+            ('authentication_methods', check_dict_only([
+                ('google', check_bool),
+                ('github', check_bool),
+                ('dev', check_bool),
+                ('password', check_bool),
+            ])),
+            ('realm_uri', check_string),
+            ('zulip_version', check_string),
+            ('msg', check_string),
+            ('result', check_string),
+        ])
+        self.assert_on_error(schema_checker("data", data))
+
+        with self.settings(REALMS_HAVE_SUBDOMAINS=True,
+                           SUBDOMAINS_HOMEPAGE=False):
+            result = self.client_get("/api/v1/server_settings",
+                                     HTTP_HOST="zulip.testserver")
+        self.assert_json_success(result)
+        data = ujson.loads(result.content)
+        with_realm_schema_checker = check_dict_only([
+            ('zulip_version', check_string),
+            ('realm_uri', check_string),
+            ('realm_name', check_string),
+            ('realm_description', check_string),
+            ('realm_icon', check_string),
+            ('authentication_methods', check_dict_only([
+                ('google', check_bool),
+                ('github', check_bool),
+                ('dev', check_bool),
+                ('password', check_bool),
+            ])),
+            ('msg', check_string),
+            ('result', check_string),
+        ])
+        self.assert_on_error(with_realm_schema_checker("data", data))
+
     def test_fetch_auth_backend_format(self):
         # type: () -> None
         result = self.client_get("/api/v1/get_auth_backends")

zerver/views/auth.py

@@ -20,6 +20,7 @@ from six.moves import urllib
 from typing import Any, Dict, List, Optional, Tuple, Text
 
 from confirmation.models import Confirmation
+from zerver.context_processors import zulip_default_context
 from zerver.forms import HomepageForm, OurAuthenticationForm, \
     WRONG_SUBDOMAIN_ERROR
 from zerver.lib.mobile_auth_otp import is_valid_otp, otp_encrypt_api_key
@@ -550,10 +551,30 @@ def get_auth_backends_data(request):
 @csrf_exempt
 def api_get_auth_backends(request):
     # type: (HttpRequest) -> HttpResponse
+    """Deprecated route; this is to be replaced by api_get_server_settings"""
     auth_backends = get_auth_backends_data(request)
     auth_backends['zulip_version'] = ZULIP_VERSION
     return json_success(auth_backends)
 
+@require_GET
+@csrf_exempt
+def api_get_server_settings(request):
+    # type: (HttpRequest) -> HttpResponse
+    result = dict(
+        authentication_methods=get_auth_backends_data(request),
+        zulip_version=ZULIP_VERSION,
+    )
+    context = zulip_default_context(request)
+    # IMPORTANT NOTE:
+    # realm_name, realm_icon, etc. are not guaranteed to appear in the response.
+    # * If they do, that means the server URL has only one realm on it
+    # * If they don't, the server has multiple realms, and it's not clear which is
+    #   the requested realm, so we can't send back these data.
+    for settings_item in ["realm_uri", "realm_name", "realm_icon", "realm_description"]:
+        if context[settings_item] is not None:
+            result[settings_item] = context[settings_item]
+    return json_success(result)
+
 @authenticated_json_post_view
 @has_request_variables
 def json_fetch_api_key(request, user_profile, password=REQ(default='')):

zproject/urls.py

@@ -403,8 +403,11 @@ urls.append(url(r'^api/v1/external/github', github_dispatcher.api_github_webhook
 
 # Mobile-specific authentication URLs
 urls += [
-    # This json format view used by the mobile apps lists which authentication
-    # backends the server allows, to display the proper UI and check for server existence
+    # This json format view used by the mobile apps lists which
+    # authentication backends the server allows as well as details
+    # like the requested subdomains'd realm icon (if known).
+    url(r'^api/v1/server_settings', zerver.views.auth.api_get_server_settings),
+    # This is a deprecated old version of api/v1/server_settings that only returns auth backends.
     url(r'^api/v1/get_auth_backends', zerver.views.auth.api_get_auth_backends, name='zerver.views.auth.api_get_auth_backends'),
 
     # used by mobile apps to check if they are compatible with the server