login: Remove external_authentication_methods from page_params.

This was used by a work-in-progress social login implementation in
zulip-desktop that was reverted for security reasons and never
released.

https://github.com/zulip/zulip/pull/13782
https://github.com/zulip/zulip-desktop/pull/863

We replaced it by a secure implementation with a maintainable API.

https://github.com/zulip/zulip-desktop/pull/943

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2023-12-27 18:50:18 -08:00 committed by Anders Kaseorg
parent 711f6433cb
commit 9703b4d70b
3 changed files with 6 additions and 15 deletions

View File

@ -72,16 +72,16 @@ page can be easily identified in it's respective JavaScript file -->
<button class="full-width" type="submit">{{ _('Sign up') }}</button> <button class="full-width" type="submit">{{ _('Sign up') }}</button>
</form> </form>
{% if page_params.external_authentication_methods|length > 0 %} {% if external_authentication_methods|length > 0 %}
<div class="or"><span>{{ _('OR') }}</span></div> <div class="or"><span>{{ _('OR') }}</span></div>
{% endif %} {% endif %}
{% endif %} {% endif %}
{% for backend in page_params.external_authentication_methods %} {% for backend in external_authentication_methods %}
<div class="login-social"> <div class="login-social">
<form class="form-inline" action="{{ backend.signup_url }}" method="get"> <form class="form-inline" action="{{ backend.signup_url }}" method="get">
<input type='hidden' name='multiuse_object_key' value='{{ multiuse_object_key }}' /> <input type='hidden' name='multiuse_object_key' value='{{ multiuse_object_key }}' />
<button id="register_{{ backend.button_id_suffix }}" class="login-social-button full-width" <button id="register_auth_button_{{ backend.name }}" class="login-social-button full-width"
{% if backend.display_icon %} style="background-image:url({{ backend.display_icon }})" {% endif %}> {% if backend.display_icon %} style="background-image:url({{ backend.display_icon }})" {% endif %}>
{{ _('Sign up with %(identity_provider)s', identity_provider=backend.display_name) }} {{ _('Sign up with %(identity_provider)s', identity_provider=backend.display_name) }}
</button> </button>

View File

@ -129,17 +129,17 @@ page can be easily identified in it's respective JavaScript file. -->
</button> </button>
</form> </form>
{% if page_params.external_authentication_methods|length > 0 %} {% if external_authentication_methods|length > 0 %}
<div class="or"><span>{{ _('OR') }}</span></div> <div class="or"><span>{{ _('OR') }}</span></div>
{% endif %} {% endif %}
{% endif %} <!-- if password_auth_enabled --> {% endif %} <!-- if password_auth_enabled -->
{% for backend in page_params.external_authentication_methods %} {% for backend in external_authentication_methods %}
<div class="login-social"> <div class="login-social">
<form class="social_login_form form-inline" action="{{ backend.login_url }}" method="get"> <form class="social_login_form form-inline" action="{{ backend.login_url }}" method="get">
<input type="hidden" name="next" value="{{ next }}" /> <input type="hidden" name="next" value="{{ next }}" />
<button id="login_{{ backend.button_id_suffix }}" class="login-social-button" <button id="login_auth_button_{{ backend.name }}" class="login-social-button"
{% if backend.display_icon %} style="background-image:url({{ backend.display_icon }})" {% endif %}> {{ _('Log in with %(identity_provider)s', identity_provider=backend.display_name) }} {% if backend.display_icon %} style="background-image:url({{ backend.display_icon }})" {% endif %}> {{ _('Log in with %(identity_provider)s', identity_provider=backend.display_name) }}
</button> </button>
</form> </form>

View File

@ -263,15 +263,6 @@ def login_context(request: HttpRequest) -> Dict[str, Any]:
context["external_authentication_methods"] = get_external_method_dicts(realm) context["external_authentication_methods"] = get_external_method_dicts(realm)
context["no_auth_enabled"] = no_auth_enabled context["no_auth_enabled"] = no_auth_enabled
# Include another copy of external_authentication_methods in page_params for use
# by the desktop client. We expand it with IDs of the <button> elements corresponding
# to the authentication methods.
context["page_params"] = dict(
external_authentication_methods=get_external_method_dicts(realm),
)
for auth_dict in context["page_params"]["external_authentication_methods"]:
auth_dict["button_id_suffix"] = "auth_button_{}".format(auth_dict["name"])
return context return context