decorator: Add human_users_only decorator.

Applies it to presence.update_active_status_backend as an example of usage.

zerver/decorator.py

@@ -310,6 +310,16 @@ def add_logging_data(view_func):
         return rate_limit()(view_func)(request, *args, **kwargs)
     return _wrapped_view_func  # type: ignore # https://github.com/python/mypy/issues/1927
 
+def human_users_only(view_func):
+    # type: (ViewFuncT) -> ViewFuncT
+    @wraps(view_func)
+    def _wrapped_view_func(request, *args, **kwargs):
+        # type: (HttpRequest, *Any, **Any) -> HttpResponse
+        if request.user.is_bot:
+            return json_error(_("This endpoint does not accept bot requests."))
+        return view_func(request, *args, **kwargs)
+    return _wrapped_view_func  # type: ignore # https://github.com/python/mypy/issues/1927
+
 # Based on Django 1.8's @login_required
 def zulip_login_required(function=None,
                          redirect_field_name=REDIRECT_FIELD_NAME,

zerver/tests/test_decorators.py

@@ -889,6 +889,16 @@ class TestInternalNotifyView(TestCase):
         self.assertTrue(is_local_addr('::1'))
         self.assertFalse(is_local_addr('42.43.44.45'))
 
+class TestHumanUsersOnlyDecorator(ZulipTestCase):
+    def test_human_only_endpoints(self):
+        # type: () -> None
+        endpoints = [
+            "/api/v1/users/me/presence",
+        ]
+        for endpoint in endpoints:
+            result = self.client_post(endpoint, **self.api_auth('default-bot@zulip.com'))
+            self.assert_json_error(result, "This endpoint does not accept bot requests.")
+
 class TestAuthenticatedJsonPostViewDecorator(ZulipTestCase):
     def test_authenticated_json_post_view_if_everything_is_correct(self):
         # type: () -> None

zerver/tests/test_presence.py

@@ -264,12 +264,6 @@ class SingleUserPresenceTests(ZulipTestCase):
         result = self.client_post("/json/users/me/presence", req)
         self.assertEqual(result.json()['msg'], '')
 
-    def test_bot_post(self):
-        # type: () -> None
-        result = self.client_post("/api/v1/users/me/presence", {'status': 'active'},
-                                  **self.api_auth('default-bot@zulip.com'))
-        self.assert_json_error(result, "Presence is not supported for bot users.")
-
 class UserPresenceAggregationTests(ZulipTestCase):
     def _send_presence_for_aggregated_tests(self, email, status, validate_time):
         # type: (str, str, datetime.datetime) -> Dict[str, Dict[str, Any]]

zerver/views/presence.py

@@ -10,7 +10,7 @@ from django.http import HttpRequest, HttpResponse
 from django.utils.timezone import now as timezone_now
 from django.utils.translation import ugettext as _
 
-from zerver.decorator import authenticated_json_post_view
+from zerver.decorator import authenticated_json_post_view, human_users_only
 from zerver.lib.actions import get_status_dict, update_user_presence
 from zerver.lib.request import has_request_variables, REQ, JsonableError
 from zerver.lib.response import json_success, json_error
@@ -52,14 +52,12 @@ def get_presence_backend(request, user_profile, email):
         val.pop('pushable', None)
     return json_success(result)
 
+@human_users_only
 @has_request_variables
 def update_active_status_backend(request, user_profile, status=REQ(),
                                  ping_only=REQ(validator=check_bool, default=False),
                                  new_user_input=REQ(validator=check_bool, default=False)):
     # type: (HttpRequest, UserProfile, str, bool, bool) -> HttpResponse
-    if user_profile.is_bot:
-        return json_error(_('Presence is not supported for bot users.'))
-
     status_val = UserPresence.status_from_string(status)
     if status_val is None:
         raise JsonableError(_("Invalid status: %s") % (status,))