Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

login: Remove external_authentication_methods from page_params. 

This was used by a work-in-progress social login implementation in
zulip-desktop that was reverted for security reasons and never
released.

https://github.com/zulip/zulip/pull/13782
https://github.com/zulip/zulip-desktop/pull/863

We replaced it by a secure implementation with a maintainable API.

https://github.com/zulip/zulip-desktop/pull/943

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2023-12-27 18:50:18 -08:00 committed by Anders Kaseorg
parent 711f6433cb
commit 9703b4d70b
3 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
templates/zerver/accounts_home.html
View File

@ -72,16 +72,16 @@ page can be easily identified in it's respective JavaScript file -->
<button class="full-width" type="submit">{{ _('Sign up') }}</button>
</form>
{% if page_params.external_authentication_methods|length > 0 %}
{% if external_authentication_methods|length > 0 %}
<div class="or"><span>{{ _('OR') }}</span></div>
{% endif %}
{% endif %}
{% for backend in page_params.external_authentication_methods %}
{% for backend in external_authentication_methods %}
<div class="login-social">
<form class="form-inline" action="{{ backend.signup_url }}" method="get">
<input type='hidden' name='multiuse_object_key' value='{{ multiuse_object_key }}' />
<button id="register_{{ backend.button_id_suffix }}" class="login-social-button full-width"
<button id="register_auth_button_{{ backend.name }}" class="login-social-button full-width"
{% if backend.display_icon %} style="background-image:url({{ backend.display_icon }})" {% endif %}>
{{ _('Sign up with %(identity_provider)s', identity_provider=backend.display_name) }}
</button>

6
templates/zerver/login.html
View File

@ -129,17 +129,17 @@ page can be easily identified in it's respective JavaScript file. -->
</button>
</form>
{% if page_params.external_authentication_methods|length > 0 %}
{% if external_authentication_methods|length > 0 %}
<div class="or"><span>{{ _('OR') }}</span></div>
{% endif %}
{% endif %} <!-- if password_auth_enabled -->
{% for backend in page_params.external_authentication_methods %}
{% for backend in external_authentication_methods %}
<div class="login-social">
<form class="social_login_form form-inline" action="{{ backend.login_url }}" method="get">
<input type="hidden" name="next" value="{{ next }}" />
<button id="login_{{ backend.button_id_suffix }}" class="login-social-button"
<button id="login_auth_button_{{ backend.name }}" class="login-social-button"
{% if backend.display_icon %} style="background-image:url({{ backend.display_icon }})" {% endif %}> {{ _('Log in with %(identity_provider)s', identity_provider=backend.display_name) }}
</button>
</form>

9
zerver/context_processors.py
View File

@ -263,15 +263,6 @@ def login_context(request: HttpRequest) -> Dict[str, Any]:
context["external_authentication_methods"] = get_external_method_dicts(realm)
context["no_auth_enabled"] = no_auth_enabled
# Include another copy of external_authentication_methods in page_params for use
# by the desktop client. We expand it with IDs of the <button> elements corresponding
# to the authentication methods.
context["page_params"] = dict(
external_authentication_methods=get_external_method_dicts(realm),
)
for auth_dict in context["page_params"]["external_authentication_methods"]:
auth_dict["button_id_suffix"] = "auth_button_{}".format(auth_dict["name"])
return context