auth: Refactor auth backend enabled checking code.

zerver/models.py

@@ -137,6 +137,8 @@ class Realm(ModelReprMixin, models.Model):
     domain = models.CharField(max_length=40, db_index=True, unique=True) # type: text_type
     # name is the user-visible identifier for the realm. It has no required
     # structure.
+    AUTHENTICATION_FLAGS = [u'Google', u'Email', u'GitHub', u'LDAP', u'Dev', u'RemoteUser']
+
     name = models.CharField(max_length=40, null=True) # type: Optional[text_type]
     string_id = models.CharField(max_length=40, unique=True) # type: text_type
     restricted_to_domain = models.BooleanField(default=False) # type: bool

zproject/backends.py

@@ -24,28 +24,42 @@ from social.exceptions import AuthFailed
 from django.contrib.auth import authenticate
 from zerver.lib.utils import check_subdomain, get_subdomain
 
-def password_auth_enabled(realm):
+def pad_method_dict(method_dict):
-    # type: (Realm) -> bool
+    # type: (Dict[text_type, bool]) -> Dict[text_type, bool]
-    for backend in django.contrib.auth.get_backends():
+    """Pads an authentication methods dict to contain all auth backends
-         if isinstance(backend, EmailAuthBackend):
+    supported by the software, regardless of whether they are
-             return True
+    configured on this server"""
-         if isinstance(backend, ZulipLDAPAuthBackend):
+    for key in AUTH_BACKEND_NAME_MAP:
-             return True
+        if key not in method_dict:
+            method_dict[key] = False
+    return method_dict
+
+def auth_enabled_helper(backends_to_check, realm):
+    # type: (List[text_type], Optional[Realm]) -> bool
+    enabled_method_dict = dict((method, True) for method in Realm.AUTHENTICATION_FLAGS)
+    pad_method_dict(enabled_method_dict)
+    for supported_backend in django.contrib.auth.get_backends():
+        for backend_name in backends_to_check:
+            backend = AUTH_BACKEND_NAME_MAP[backend_name]
+            if enabled_method_dict[backend_name] and isinstance(supported_backend, backend):
+                return True
     return False
 
-def dev_auth_enabled():
+def password_auth_enabled(realm=None):
-    # type: () -> bool
+    # type: (Optional[Realm]) -> bool
-    for backend in django.contrib.auth.get_backends():
+    return auth_enabled_helper([u'Email', u'LDAP'], realm)
-        if isinstance(backend, DevAuthBackend):
-            return True
-    return False
 
-def google_auth_enabled():
+def dev_auth_enabled(realm=None):
-    # type: () -> bool
+    # type: (Optional[Realm]) -> bool
-    for backend in django.contrib.auth.get_backends():
+    return auth_enabled_helper([u'Dev'], realm)
-        if isinstance(backend, GoogleMobileOauth2Backend):
+
-            return True
+def google_auth_enabled(realm=None):
-    return False
+    # type: (Optional[Realm]) -> bool
+    return auth_enabled_helper([u'Google'], realm)
+
+def github_auth_enabled(realm=None):
+    # type: (Optional[Realm]) -> bool
+    return auth_enabled_helper([u'GitHub'], realm)
 
 def common_get_active_user_by_email(email, return_data=None):
     # type: (text_type, Optional[Dict[str, Any]]) -> Optional[UserProfile]
@@ -63,13 +77,6 @@ def common_get_active_user_by_email(email, return_data=None):
         return None
     return user_profile
 
-def github_auth_enabled():
-    # type: () -> bool
-    for backend in django.contrib.auth.get_backends():
-        if isinstance(backend, GitHubAuthBackend):
-            return True
-    return False
-
 class ZulipAuthMixin(object):
     def get_user(self, user_profile_id):
         # type: (int) -> Optional[UserProfile]
@@ -372,3 +379,12 @@ class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
                 user_profile = None
 
         return self.process_do_auth(user_profile, *args, **kwargs)
+
+AUTH_BACKEND_NAME_MAP = {
+    u'Dev': DevAuthBackend,
+    u'Email': EmailAuthBackend,
+    u'GitHub': GitHubAuthBackend,
+    u'Google': GoogleMobileOauth2Backend,
+    u'LDAP': ZulipLDAPAuthBackend,
+    u'RemoteUser': ZulipRemoteUserBackend,
+    } # type: Dict[text_type, Any]