Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

auth: Remove redundant realm argument to finish_desktop_flow. 

finish_desktop_flow is called with the assumption that the request
successfully proved control over the user_profile and generates a
special link to log into the user_profile account. There's no reason to
pass the realm param, as user_profile.realm can be assumed.
This commit is contained in:
Mateusz Mandera 2020-02-22 15:55:32 +01:00 committed by Tim Abbott
parent 7a9a5263cd
commit 98ae2fb940
3 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
zerver/views/auth.py
View File

@ -233,7 +233,6 @@ def login_or_register_remote_user(request: HttpRequest, remote_username: str,
user_profile: Optional[UserProfile], full_name: str='',
mobile_flow_otp: Optional[str]=None,
desktop_flow_otp: Optional[str]=None,
realm: Optional[Realm]=None,
is_signup: bool=False, redirect_to: str='',
multiuse_object_key: str='',
full_name_validated: bool=False) -> HttpResponse:
@ -269,8 +268,7 @@ def login_or_register_remote_user(request: HttpRequest, remote_username: str,
if mobile_flow_otp is not None:
return finish_mobile_flow(request, user_profile, mobile_flow_otp)
elif desktop_flow_otp is not None:
assert realm is not None
return finish_desktop_flow(request, user_profile, realm, desktop_flow_otp)
return finish_desktop_flow(request, user_profile, desktop_flow_otp)
do_login(request, user_profile)
@ -278,7 +276,7 @@ def login_or_register_remote_user(request: HttpRequest, remote_username: str,
return HttpResponseRedirect(redirect_to)
def finish_desktop_flow(request: HttpRequest, user_profile: UserProfile,
realm: Realm, otp: str) -> HttpResponse:
otp: str) -> HttpResponse:
"""
The desktop otp flow returns to the app (through a zulip:// redirect)
a token that allows obtaining (through log_into_subdomain) a logged in session
@ -288,14 +286,14 @@ def finish_desktop_flow(request: HttpRequest, user_profile: UserProfile,
and this ensures the key can only be used for completing this authentication attempt.
"""
data = {'email': user_profile.delivery_email,
'subdomain': realm.subdomain}
'subdomain': user_profile.realm.subdomain}
token = store_login_data(data)
response = create_response_for_otp_flow(token, otp, user_profile,
encrypted_key_field_name='otp_encrypted_login_key')
browser_url = user_profile.realm.uri + reverse('zerver.views.auth.log_into_subdomain', args=[token])
context = {'desktop_url': response['Location'],
'browser_url': browser_url,
'realm_icon_url': realm_icon_url(realm)}
'realm_icon_url': realm_icon_url(user_profile.realm)}
return render(request, 'zerver/desktop_redirect.html', context=context)
def finish_mobile_flow(request: HttpRequest, user_profile: UserProfile, otp: str) -> HttpResponse:
@ -375,7 +373,6 @@ def remote_user_sso(request: HttpRequest,
return login_or_register_remote_user(request, remote_user, user_profile,
mobile_flow_otp=mobile_flow_otp,
desktop_flow_otp=desktop_flow_otp,
realm=realm,
redirect_to=redirect_to)
@csrf_exempt

2
zerver/views/registration.py
View File

@ -388,7 +388,7 @@ def login_and_go_to_home(request: HttpRequest, user_profile: UserProfile) -> Htt
if mobile_flow_otp is not None:
return finish_mobile_flow(request, user_profile, mobile_flow_otp)
elif desktop_flow_otp is not None:
return finish_desktop_flow(request, user_profile, user_profile.realm, desktop_flow_otp)
return finish_desktop_flow(request, user_profile, desktop_flow_otp)
do_login(request, user_profile)
return HttpResponseRedirect(user_profile.realm.uri + reverse('zerver.views.home.home'))

1
zproject/backends.py
View File

@ -1170,7 +1170,6 @@ def social_auth_finish(backend: Any,
extra_kwargs["mobile_flow_otp"] = mobile_flow_otp
elif desktop_flow_otp:
extra_kwargs["desktop_flow_otp"] = desktop_flow_otp
extra_kwargs["realm"] = realm
if user_profile is not None and not user_profile.is_mirror_dummy:
# For mobile and desktop app authentication, login_or_register_remote_user