Annotate zproject/backends.py.

zproject/backends.py

@@ -1,12 +1,15 @@
 from __future__ import absolute_import
 
 import logging
+from typing import Any, Set, Tuple, Optional
+from six import text_type
 
 from django.contrib.auth.backends import RemoteUserBackend
 from django.conf import settings
+from django.http import HttpResponse
 import django.contrib.auth
 
-from django_auth_ldap.backend import LDAPBackend
+from django_auth_ldap.backend import LDAPBackend, _LDAPUser
 from zerver.lib.actions import do_create_user
 
 from zerver.models import UserProfile, Realm, get_user_profile_by_id, \
@@ -21,6 +24,7 @@ from social.exceptions import AuthFailed
 from django.contrib.auth import authenticate
 
 def password_auth_enabled(realm):
+    # type: (Realm) -> bool
     if realm is not None:
         if realm.domain == 'zulip.com' and settings.PRODUCTION:
             # the dropbox realm is SSO only, but the unit tests still need to be
@@ -35,18 +39,21 @@ def password_auth_enabled(realm):
     return False
 
 def dev_auth_enabled():
+    # type: () -> bool
     for backend in django.contrib.auth.get_backends():
         if isinstance(backend, DevAuthBackend):
             return True
     return False
 
 def google_auth_enabled():
+    # type: () -> bool
     for backend in django.contrib.auth.get_backends():
         if isinstance(backend, GoogleMobileOauth2Backend):
             return True
     return False
 
 def common_get_active_user_by_email(email, return_data=None):
+    # type: (text_type, Optional[Dict[str, Any]]) -> Optional[UserProfile]
     try:
         user_profile = get_user_profile_by_email(email)
     except UserProfile.DoesNotExist:
@@ -62,6 +69,7 @@ def common_get_active_user_by_email(email, return_data=None):
     return user_profile
 
 def github_auth_enabled():
+    # type: () -> bool
     for backend in django.contrib.auth.get_backends():
         if isinstance(backend, GitHubAuthBackend):
             return True
@@ -69,6 +77,7 @@ def github_auth_enabled():
 
 class ZulipAuthMixin(object):
     def get_user(self, user_profile_id):
+        # type: (int) -> Optional[UserProfile]
         """ Get a UserProfile object from the user_profile_id. """
         try:
             return get_user_profile_by_id(user_profile_id)
@@ -77,12 +86,15 @@ class ZulipAuthMixin(object):
 
 class SocialAuthMixin(ZulipAuthMixin):
     def get_email_address(self, *args, **kwargs):
+        # type: (*Any, **Any) -> text_type
         raise NotImplementedError
 
     def get_full_name(self, *args, **kwargs):
+        # type: (*Any, **Any) -> text_type
         raise NotImplementedError
 
     def authenticate(self, *args, **kwargs):
+        # type: (*Any, **Any) -> Optional[UserProfile]
         return_data = kwargs.get('return_data', {})
 
         email_address = self.get_email_address(*args, **kwargs)
@@ -106,6 +118,7 @@ class SocialAuthMixin(ZulipAuthMixin):
         return user_profile
 
     def process_do_auth(self, user_profile, *args, **kwargs):
+        # type: (UserProfile, *Any, **Any) -> Optional[HttpResponse]
         # This function needs to be imported from here due to the cyclic
         # dependency.
         from zerver.views import login_or_register_remote_user
@@ -118,7 +131,7 @@ class SocialAuthMixin(ZulipAuthMixin):
         if inactive_user or inactive_realm:
             return None
 
-        request = self.strategy.request
+        request = self.strategy.request  # type: ignore # This comes from Python Social Auth.
         email_address = self.get_email_address(*args, **kwargs)
         full_name = self.get_full_name(*args, **kwargs)
 
@@ -130,6 +143,7 @@ class ZulipDummyBackend(ZulipAuthMixin):
     Used when we want to log you in but we don't know which backend to use.
     """
     def authenticate(self, username=None, use_dummy_backend=False):
+        # type: (Optional[str], bool) -> Optional[UserProfile]
         if use_dummy_backend:
             return common_get_active_user_by_email(username)
         return None
@@ -143,6 +157,7 @@ class EmailAuthBackend(ZulipAuthMixin):
     """
 
     def authenticate(self, username=None, password=None, return_data=None):
+        # type: (Optional[text_type], Optional[str], Optional[Dict[str, Any]]) -> Optional[UserProfile]
         """ Authenticate a user based on email address as the user name. """
         if username is None or password is None:
             # Return immediately.  Otherwise we will look for a SQL row with
@@ -171,7 +186,8 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin):
         https://developers.google.com/accounts/docs/CrossClientAuth#offlineAccess
 
     """
-    def authenticate(self, google_oauth2_token=None, return_data={}):
+    def authenticate(self, google_oauth2_token=None, return_data=dict()):
+        # type: (Optional[str], Dict[str, Any]) -> Optional[UserProfile]
         try:
             token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
         except AppIdentityError:
@@ -196,6 +212,7 @@ class ZulipRemoteUserBackend(RemoteUserBackend):
     create_unknown_user = False
 
     def authenticate(self, remote_user):
+        # type: (str) -> Optional[UserProfile]
         if not remote_user:
             return None
 
@@ -208,27 +225,40 @@ class ZulipLDAPException(Exception):
 class ZulipLDAPAuthBackendBase(ZulipAuthMixin, LDAPBackend):
     # Don't use Django LDAP's permissions functions
     def has_perm(self, user, perm, obj=None):
+        # type: (UserProfile, Any, Any) -> bool
+        # Using Any type is safe because we are not doing anything with
+        # the arguments.
         return False
     def has_module_perms(self, user, app_label):
+        # type: (UserProfile, str) -> bool
         return False
     def get_all_permissions(self, user, obj=None):
+        # type: (UserProfile, Any) -> Set
+        # Using Any type is safe because we are not doing anything with
+        # the arguments.
         return set()
     def get_group_permissions(self, user, obj=None):
+        # type: (UserProfile, Any) -> Set
+        # Using Any type is safe because we are not doing anything with
+        # the arguments.
         return set()
 
     def django_to_ldap_username(self, username):
+        # type: (text_type) -> text_type
         if settings.LDAP_APPEND_DOMAIN:
             if not username.endswith("@" + settings.LDAP_APPEND_DOMAIN):
                 raise ZulipLDAPException("Username does not match LDAP domain.")
             return email_to_username(username)
         return username
     def ldap_to_django_username(self, username):
+        # type: (str) -> str
         if settings.LDAP_APPEND_DOMAIN:
             return "@".join((username, settings.LDAP_APPEND_DOMAIN))
         return username
 
 class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
     def authenticate(self, username, password, return_data=None):
+        # type: (text_type, str, Optional[Dict[str, Any]]) -> Optional[str]
         try:
             username = self.django_to_ldap_username(username)
             return ZulipLDAPAuthBackendBase.authenticate(self, username, password)
@@ -238,6 +268,7 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
             return None
 
     def get_or_create_user(self, username, ldap_user):
+        # type: (str, _LDAPUser) -> Tuple[UserProfile, bool]
         try:
             user_profile = get_user_profile_by_email(username)
             if not user_profile.is_active or user_profile.realm.deactivated:
@@ -262,6 +293,7 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
 # Just like ZulipLDAPAuthBackend, but doesn't let you log in.
 class ZulipLDAPUserPopulator(ZulipLDAPAuthBackendBase):
     def authenticate(self, username, password):
+        # type: (text_type, str) -> None
         return None
 
 class DevAuthBackend(ZulipAuthMixin):
@@ -269,22 +301,26 @@ class DevAuthBackend(ZulipAuthMixin):
     # This is used for convenience when developing Zulip.
 
     def authenticate(self, username, return_data=None):
+        # type: (text_type, Optional[Dict[str, Any]]) -> UserProfile
         return common_get_active_user_by_email(username, return_data=return_data)
 
 class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
     def get_email_address(self, *args, **kwargs):
+        # type: (*Any, **Any) -> Optional[text_type]
         try:
             return kwargs['response']['email']
         except KeyError:
             return None
 
     def get_full_name(self, *args, **kwargs):
+        # type: (*Any, **Any) -> text_type
         try:
             return kwargs['response']['name']
         except KeyError:
             return ''
 
     def do_auth(self, *args, **kwargs):
+        # type: (*Any, **Any) -> Optional[UserProfile]
         kwargs['return_data'] = {}
         user_profile = None