From ab260731a98b8edd4884826cedbb042981e1dfff Mon Sep 17 00:00:00 2001
From: Umair Khan <umair.waheed@gmail.com>
Date: Fri, 14 Apr 2017 13:02:19 +0500
Subject: [PATCH] github: Call the appropriate authenticate.

This commit makes sure that GitHubAuthBackend will only authenticate
using its own authenticate method. This is done by adding a new
Python Social Auth strategy which instead of calling authenticate
method of Django, calls the authenticate of the backend directly.

The problem this commit solves is that while authenticating through
GitHub backend, we were ending up getting authenticated through
ZulipDummyBackend. This might happen because the default strategy used
by Python Social Auth calls the authenticate method of Django which
iterates over all the backends and tries the authenticate methods
which match with the function arguments. The new strategy this commit
adds calls the authenticate method of GitHub backend directly which
makes sense because we already know that we want to authenticate with
GithHub.

The actual problem of why we are ending up on ZulipDummyBackend is
still a mystery because the function arguments passed to its
authenticate method are different. It shouldn't be called.
---
 zerver/tests/test_auth_backends.py | 7 +++----
 zproject/backends.py               | 8 +++++++-
 zproject/settings.py               | 1 +
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/zerver/tests/test_auth_backends.py b/zerver/tests/test_auth_backends.py
index c7b42fef90..d49fe8183d 100644
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -39,13 +39,12 @@ from zproject.backends import ZulipDummyBackend, EmailAuthBackend, \
     GoogleMobileOauth2Backend, ZulipRemoteUserBackend, ZulipLDAPAuthBackend, \
     ZulipLDAPUserPopulator, DevAuthBackend, GitHubAuthBackend, ZulipAuthMixin, \
     dev_auth_enabled, password_auth_enabled, github_auth_enabled, \
-    SocialAuthMixin, AUTH_BACKEND_NAME_MAP
+    SocialAuthMixin, AUTH_BACKEND_NAME_MAP, SocialAuthStrategy
 
 from zerver.views.auth import maybe_send_to_registration
 from version import ZULIP_VERSION
 
 from social_core.exceptions import AuthFailed, AuthStateForbidden
-from social_django.strategy import DjangoStrategy
 from social_django.storage import BaseDjangoStorage
 from social_core.backends.github import GithubOrganizationOAuth2, GithubTeamOAuth2, \
     GithubOAuth2
@@ -392,7 +391,7 @@ class GitHubAuthBackendTest(ZulipTestCase):
         self.email = 'hamlet@zulip.com'
         self.name = 'Hamlet'
         self.backend = GitHubAuthBackend()
-        self.backend.strategy = DjangoStrategy(storage=BaseDjangoStorage())
+        self.backend.strategy = SocialAuthStrategy(storage=BaseDjangoStorage())
         self.user_profile = get_user_profile_by_email(self.email)
         self.user_profile.backend = self.backend
 
@@ -406,7 +405,7 @@ class GitHubAuthBackendTest(ZulipTestCase):
     def do_auth(self, *args, **kwargs):
         # type: (*Any, **Any) -> UserProfile
         with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.GitHubAuthBackend',)):
-            return self.backend.authenticate(**kwargs)
+            return self.backend.strategy.authenticate(self.backend, **kwargs)
 
     def test_github_auth_enabled(self):
         # type: () -> None
diff --git a/zproject/backends.py b/zproject/backends.py
index 59576be16f..c442e9e999 100644
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -17,6 +17,7 @@ from zerver.models import UserProfile, Realm, get_user_profile_by_id, \
 
 from apiclient.sample_tools import client as googleapiclient
 from oauth2client.crypt import AppIdentityError
+from social_core.backends.base import BaseAuth
 from social_core.backends.github import GithubOAuth2, GithubOrganizationOAuth2, \
     GithubTeamOAuth2
 from social_core.exceptions import AuthFailed, SocialAuthBaseException
@@ -102,6 +103,11 @@ class ZulipAuthMixin(object):
         except UserProfile.DoesNotExist:
             return None
 
+class SocialAuthStrategy(DjangoStrategy):
+    def authenticate(self, backend, *args, **kwargs):
+        # type: (BaseAuth, *Any, **Any) -> None
+        return backend.authenticate(*args, **kwargs)
+
 class SocialAuthMixin(ZulipAuthMixin):
     auth_backend_name = None # type: Text
 
@@ -116,7 +122,7 @@ class SocialAuthMixin(ZulipAuthMixin):
     def authenticate(self,
                      realm_subdomain='',  # type: Optional[Text]
                      storage=None,  # type: Optional[DjangoStorage]
-                     strategy=None,  # type: Optional[DjangoStrategy]
+                     strategy=None,  # type: Optional[SocialAuthStrategy]
                      user=None,  # type: Optional[Dict[str, Any]]
                      return_data=None,  # type: Optional[Dict[str, Any]]
                      response=None,  # type: Optional[Dict[str, Any]]
diff --git a/zproject/settings.py b/zproject/settings.py
index 1969e56410..5f6f1205ed 100644
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -1202,6 +1202,7 @@ SOCIAL_AUTH_GITHUB_ORG_KEY = SOCIAL_AUTH_GITHUB_KEY
 SOCIAL_AUTH_GITHUB_ORG_SECRET = SOCIAL_AUTH_GITHUB_SECRET
 SOCIAL_AUTH_GITHUB_TEAM_KEY = SOCIAL_AUTH_GITHUB_KEY
 SOCIAL_AUTH_GITHUB_TEAM_SECRET = SOCIAL_AUTH_GITHUB_SECRET
+SOCIAL_AUTH_STRATEGY = 'zproject.backends.SocialAuthStrategy'
 
 ########################################################################
 # EMAIL SETTINGS