From 8c21619be856483b8745578b23682ab4879256da Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Tue, 21 Nov 2017 12:39:56 -0800
Subject: [PATCH] auth: Move checks for password_auth_enabled earlier.

This way, we don't attempt to evaluate whether the user's account is
active (etc.) until after we've checked the backend is enabled.  This
won't change the result of actual auth, but feels more readable.
---
 zproject/backends.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/zproject/backends.py b/zproject/backends.py
index 9afa225a8d..e231fe7ad0 100644
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -345,10 +345,6 @@ class EmailAuthBackend(ZulipAuthMixin):
             raise AssertionError("Invalid call to authenticate for EmailAuthBackend")
         if realm is None:
             return None
-
-        user_profile = common_get_active_user_by_email(username, return_data=return_data)
-        if user_profile is None:
-            return None
         if not password_auth_enabled(realm):
             if return_data is not None:
                 return_data['password_auth_disabled'] = True
@@ -357,6 +353,10 @@ class EmailAuthBackend(ZulipAuthMixin):
             if return_data is not None:
                 return_data['email_auth_disabled'] = True
             return None
+
+        user_profile = common_get_active_user_by_email(username, return_data=return_data)
+        if user_profile is None:
+            return None
         if user_profile.check_password(password):
             if not user_matches_subdomain(realm.subdomain, user_profile):
                 if return_data is not None: