paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

subdomains: Hardcode REALMS_HAVE_SUBDOMAINS=True.

Browse Source
This commit is contained in:
Tim Abbott
2017-10-01 23:32:09 -07:00
parent 95a0a4a06f
commit 1d72629dc4
17 changed files with 66 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tools/test-backend
View File

@@ -90,7 +90,6 @@ not_yet_fully_covered = {
'zerver/lib/push_notifications.py',
'zerver/lib/upload.py',
'zerver/models.py',
'zproject/backends.py',
# Webhook integrations with incomplete coverage
'zerver/webhooks/basecamp/view.py',
'zerver/webhooks/beanstalk/view.py',

6
zerver/context_processors.py
View File

@@ -48,9 +48,8 @@ def zulip_default_context(request):
bottom of this function in a wide range of situations: logged-in
or logged-out, subdomains or not, etc.
The main variable in the below is whether we know the realm, which
is the case if there is only one realm, or we're on a
REALMS_HAVE_SUBDOMAINS subdomain, or the user is logged in.
The main variable in the below is whether we know what realm the
user is trying to interact with.
"""
realm = get_realm_from_request(request)
@@ -97,7 +96,6 @@ def zulip_default_context(request):
settings_comments_path = "/etc/zulip/settings.py"
return {
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'root_domain_landing_page': settings.ROOT_DOMAIN_LANDING_PAGE,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': register_link_disabled,

33
zerver/forms.py
View File

@@ -18,7 +18,7 @@ from zerver.lib.send_email import send_email, FromAddress
from zerver.lib.users import check_full_name
from zerver.lib.utils import get_subdomain, check_subdomain
from zerver.models import Realm, get_user_profile_by_email, UserProfile, \
get_realm_by_email_domain, get_realm, email_to_domain, email_allowed_for_realm
get_realm, email_to_domain, email_allowed_for_realm
from zproject.backends import password_auth_enabled
import logging
@@ -81,18 +81,12 @@ class RegistrationForm(forms.Form):
def clean_realm_subdomain(self):
# type: () -> str
if settings.REALMS_HAVE_SUBDOMAINS:
error_strings = {
'too short': _("Subdomain needs to have length 3 or greater."),
'extremal dash': _("Subdomain cannot start or end with a '-'."),
'bad character': _("Subdomain can only have lowercase letters, numbers, and '-'s."),
'unavailable': _("Subdomain unavailable. Please choose a different one.")}
else:
error_strings = {
'too short': _("Short name needs at least 3 characters."),
'extremal dash': _("Short name cannot start or end with a '-'."),
'bad character': _("Short name can only have lowercase letters, numbers, and '-'s."),
'unavailable': _("Short name unavailable. Please choose a different one.")}
error_strings = {
'too short': _("Subdomain needs to have length 3 or greater."),
'extremal dash': _("Subdomain cannot start or end with a '-'."),
'bad character': _("Subdomain can only have lowercase letters, numbers, and '-'s."),
'unavailable': _("Subdomain unavailable. Please choose a different one.")}
subdomain = self.cleaned_data['realm_subdomain']
if not subdomain:
return ''
@@ -128,18 +122,11 @@ class HomepageForm(forms.Form):
# Otherwise, the user is trying to join a specific realm.
realm = self.realm
from_multiuse_invite = self.from_multiuse_invite
if realm is None and not settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm_by_email_domain(email)
if realm is None:
if settings.REALMS_HAVE_SUBDOMAINS:
raise ValidationError(_("The organization you are trying to "
"join using {email} does not "
"exist.").format(email=email))
else:
raise ValidationError(_("Your email address, {email}, does not "
"correspond to any existing "
"organization.").format(email=email))
raise ValidationError(_("The organization you are trying to "
"join using {email} does not "
"exist.").format(email=email))
if not from_multiuse_invite and realm.invite_required:
raise ValidationError(_("Please request an invite for {email} "

2
zerver/lib/utils.py
View File

@@ -207,7 +207,7 @@ def is_subdomain_root_or_alias(request):
def check_subdomain(realm_subdomain, user_subdomain):
# type: (Optional[Text], Optional[Text]) -> bool
if settings.REALMS_HAVE_SUBDOMAINS and realm_subdomain is not None:
if realm_subdomain is not None:
if (realm_subdomain == "" and user_subdomain is None):
return True
if realm_subdomain != user_subdomain:

25
zerver/middleware.py
View File

@@ -374,17 +374,16 @@ class SessionHostDomainMiddleware(SessionMiddleware):
# just return here.
return response
if settings.REALMS_HAVE_SUBDOMAINS:
if (not request.path.startswith("/static/") and not request.path.startswith("/api/") and
not request.path.startswith("/json/")):
subdomain = get_subdomain(request)
if (request.get_host() == "127.0.0.1:9991" or request.get_host() == "localhost:9991"):
return redirect("%s%s" % (settings.EXTERNAL_URI_SCHEME,
settings.EXTERNAL_HOST))
if subdomain != "":
realm = get_realm(subdomain)
if (realm is None):
return render(request, "zerver/invalid_realm.html")
if (not request.path.startswith("/static/") and not request.path.startswith("/api/") and
not request.path.startswith("/json/")):
subdomain = get_subdomain(request)
if (request.get_host() == "127.0.0.1:9991" or request.get_host() == "localhost:9991"):
return redirect("%s%s" % (settings.EXTERNAL_URI_SCHEME,
settings.EXTERNAL_HOST))
if subdomain != "":
realm = get_realm(subdomain)
if (realm is None):
return render(request, "zerver/invalid_realm.html")
"""
If request.session was modified, or if the configuration is to save the
session every time, save the changes and set a session cookie.
@@ -411,14 +410,12 @@ class SessionHostDomainMiddleware(SessionMiddleware):
request.session.save()
host = request.get_host().split(':')[0]
session_cookie_domain = settings.SESSION_COOKIE_DOMAIN
# The subdomains feature overrides the
# SESSION_COOKIE_DOMAIN setting, since the setting
# is a fixed value and with subdomains enabled,
# the session cookie domain has to vary with the
# subdomain.
if settings.REALMS_HAVE_SUBDOMAINS:
session_cookie_domain = host
session_cookie_domain = host
response.set_cookie(settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires, domain=session_cookie_domain,

29
zerver/models.py
View File

@@ -258,9 +258,7 @@ class Realm(ModelReprMixin, models.Model):
@property
def subdomain(self):
# type: () -> Optional[Text]
if settings.REALMS_HAVE_SUBDOMAINS:
return self.string_id
return None
return self.string_id
@property
def uri(self):
@@ -337,31 +335,6 @@ def email_to_domain(email):
class GetRealmByDomainException(Exception):
pass
def get_realm_by_email_domain(email):
# type: (Text) -> Optional[Realm]
if settings.REALMS_HAVE_SUBDOMAINS:
raise GetRealmByDomainException(
"Cannot get realm from email domain when settings.REALMS_HAVE_SUBDOMAINS = True")
domain = email_to_domain(email)
query = RealmDomain.objects.select_related('realm')
# Search for the longest match. If found return immediately. Since in case of
# settings.REALMS_HAVE_SUBDOMAINS=True, we have a unique mapping between the
# realm and domain so don't worry about `allow_subdomains` being True or False.
realm_domain = query.filter(domain=domain).first()
if realm_domain is not None:
return realm_domain.realm
else:
# Since we have not found any match. We will now try matching the parent domain.
# Filter out the realm domains with `allow_subdomains=False` so that we don't end
# up matching 'test.zulip.com' wrongly to (realm, 'zulip.com', False).
query = query.filter(allow_subdomains=True)
while len(domain) > 0:
subdomain, sep, domain = domain.partition('.')
realm_domain = query.filter(domain=domain).first()
if realm_domain is not None:
return realm_domain.realm
return None
# Is a user with the given email address allowed to be in the given realm?
# (This function does not check whether the user has been invited to the realm.
# So for invite-only realms, this is the test for whether a user can be invited,

61
zerver/tests/test_auth_backends.py
View File

@@ -351,16 +351,6 @@ class GitHubAuthBackendTest(ZulipTestCase):
# type: () -> None
self.assertEqual(self.backend.get_full_name(response={'email': None}), '')
def test_github_backend_do_auth_without_subdomains(self):
# type: () -> None
with mock.patch('social_core.backends.github.GithubOAuth2.do_auth',
side_effect=self.do_auth), \
mock.patch('zerver.views.auth.do_login'):
response = dict(email=self.email, name=self.name)
result = self.backend.do_auth(response=response)
assert(result is not None)
self.assertNotIn('subdomain=1', result.url)
def test_github_backend_do_auth_with_non_existing_subdomain(self):
# type: () -> None
with mock.patch('social_core.backends.github.GithubOAuth2.do_auth',
@@ -529,9 +519,9 @@ class GitHubAuthBackendTest(ZulipTestCase):
response = dict(email=email, name='Ghost')
result = self.backend.do_auth(response=response)
self.assert_in_response('action="/register/"', result)
self.assert_in_response('Your email address, {}, does not '
'correspond to any existing '
'organization.'.format(email), result)
self.assert_in_response('Your email address, {}, is not '
'in one of the domains that are allowed to register '
'for accounts in this organization.'.format(email), result)
def test_github_backend_new_user(self):
# type: () -> None
@@ -1086,51 +1076,6 @@ class GoogleSubdomainLoginTest(GoogleOAuthTest):
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
class GoogleLoginTest(GoogleOAuthTest):
def test_google_oauth2_success(self):
# type: () -> None
token_response = ResponseMock(200, {'access_token': "unique_token"})
account_data = dict(name=dict(formatted="Full Name"),
emails=[dict(type="account",
value=self.example_email("hamlet"))])
account_response = ResponseMock(200, account_data)
self.google_oauth2_test(token_response, account_response, subdomain="")
user_profile = self.example_user('hamlet')
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
def test_google_oauth2_registration(self):
# type: () -> None
"""If the user doesn't exist yet, Google auth can be used to register an account"""
email = "newuser@zulip.com"
token_response = ResponseMock(200, {'access_token': "unique_token"})
account_data = dict(name=dict(formatted="Full Name"),
emails=[dict(type="account",
value=email)])
account_response = ResponseMock(200, account_data)
result = self.google_oauth2_test(token_response, account_response, subdomain="")
self.assert_in_response('No account found for',
result)
self.assert_in_response('newuser@zulip.com. Would you like to register instead?',
result)
# Click confirm registration button.
result = self.client_post('/register/',
{'email': email})
self.assertEqual(result.status_code, 302)
self.client_get(result.url)
assert Confirmation.objects.all().count() == 1
confirmation = Confirmation.objects.all().first()
url = confirmation_url(confirmation.confirmation_key,
settings.EXTERNAL_HOST, Confirmation.USER_REGISTRATION)
result = self.client_get(url)
key_match = re.search('value="(?P<key>[0-9a-z]+)" name="key"', result.content.decode("utf-8"))
result = self.client_post('/accounts/register/',
{'full_name': "New User",
'password': 'test_password',
'key': key_match.group("key"),
'terms': True})
self.assertEqual(result.status_code, 302)
self.assertEqual(result.url, "http://testserver/")
@override_settings(REALMS_HAVE_SUBDOMAINS=True)
@override_settings(ROOT_DOMAIN_LANDING_PAGE=True)
def test_google_oauth2_subdomains_homepage(self):

5
zerver/tests/test_bots.py
View File

@@ -48,10 +48,7 @@ class BotTest(ZulipTestCase, UploadSerializeMixin):
# the wrong subdomain, and because 'testserver.example.com' is not a valid domain for the bot's email.
# So we just test the Raelm.get_bot_domain function.
realm = get_realm('zulip')
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
self.assertEqual(realm.get_bot_domain(), 'zulip.testserver')
Realm.objects.exclude(string_id='zulip').update(deactivated=True)
self.assertEqual(realm.get_bot_domain(), 'testserver')
self.assertEqual(realm.get_bot_domain(), 'zulip.testserver')
def deactivate_bot(self):
# type: () -> None

2
zerver/tests/test_home.py
View File

@@ -238,7 +238,7 @@ class HomeTest(ZulipTestCase):
with queries_captured() as queries2:
result = self._get_home_page()
self.assert_length(queries2, 32)
self.assert_length(queries2, 33)
# Do a sanity check that our new streams were in the payload.
html = result.content.decode('utf-8')

43
zerver/tests/test_realm_domains.py
View File

@@ -10,7 +10,6 @@ from zerver.lib.actions import do_change_is_admin, \
from zerver.lib.domains import validate_domain
from zerver.lib.test_classes import ZulipTestCase
from zerver.models import email_allowed_for_realm, get_realm, \
get_realm_by_email_domain, \
GetRealmByDomainException, RealmDomain
import ujson
@@ -116,46 +115,6 @@ class RealmDomainTest(ZulipTestCase):
# would not be updated.
self.assertFalse(get_realm('zulip').restricted_to_domain)
def test_get_realm_by_email_domain(self):
# type: () -> None
realm1 = do_create_realm('testrealm1', 'Test Realm 1')
realm2 = do_create_realm('testrealm2', 'Test Realm 2')
realm3 = do_create_realm('testrealm3', 'Test Realm 3')
realm_domain_1 = RealmDomain.objects.create(realm=realm1, domain='test1.com', allow_subdomains=True)
realm_domain_2 = RealmDomain.objects.create(realm=realm2, domain='test2.test1.com', allow_subdomains=False)
RealmDomain.objects.create(realm=realm3, domain='test3.test2.test1.com', allow_subdomains=True)
def assert_and_check(email, realm_string_id):
# type: (Text, Optional[Text]) -> None
realm = get_realm_by_email_domain(email)
if realm_string_id is None:
self.assertIsNone(realm)
else:
assert(realm is not None)
self.assertEqual(realm.string_id, realm_string_id)
assert_and_check('user@zulip.com', 'zulip')
assert_and_check('user@fakedomain.com', None)
assert_and_check('user@test1.com', 'testrealm1')
assert_and_check('user@test2.test1.com', 'testrealm2')
assert_and_check('user@test3.test2.test1.com', 'testrealm3')
assert_and_check('user@test2.test1.com', 'testrealm2')
assert_and_check('user@test2.test2.test1.com', 'testrealm1')
assert_and_check('user@test1.test3.test2.test1.com', 'testrealm3')
do_change_realm_domain(realm_domain_1, False)
assert_and_check('user@test1.test1.com', None)
assert_and_check('user@test1.com', 'testrealm1')
do_change_realm_domain(realm_domain_2, True)
assert_and_check('user@test2.test1.com', 'testrealm2')
assert_and_check('user@test2.test2.test1.com', 'testrealm2')
with self.settings(REALMS_HAVE_SUBDOMAINS = True), (
self.assertRaises(GetRealmByDomainException)):
get_realm_by_email_domain('user@zulip.com')
def test_email_allowed_for_realm(self):
# type: () -> None
realm1 = do_create_realm('testrealm1', 'Test Realm 1', restricted_to_domain=True)
@@ -178,7 +137,7 @@ class RealmDomainTest(ZulipTestCase):
def test_realm_realm_domains_uniqueness(self):
# type: () -> None
realm = get_realm('zulip')
with self.settings(REALMS_HAVE_SUBDOMAINS=True), self.assertRaises(IntegrityError):
with self.assertRaises(IntegrityError):
RealmDomain.objects.create(realm=realm, domain='zulip.com', allow_subdomains=True)
def test_validate_domain(self):

21
zerver/tests/test_signup.py
View File

@@ -2068,24 +2068,3 @@ class LoginOrAskForRegistrationTestCase(ZulipTestCase):
self.assertEqual(user_id, user_profile.id)
self.assertEqual(response.status_code, 302)
self.assertIn('http://zulip.testserver', response.url)
def test_login_without_subdomains(self):
# type: () -> None
request = HostRequestMock(host="localhost")
setattr(request, 'session', self.client.session)
setattr(request, 'get_host', lambda: 'localhost')
user_profile = self.example_user('hamlet')
user_profile.backend = 'zproject.backends.GitHubAuthBackend'
full_name = 'Hamlet'
invalid_subdomain = False
with self.settings(REALMS_HAVE_SUBDOMAINS=False):
response = login_or_register_remote_user(
request,
user_profile.email,
user_profile,
full_name=full_name,
invalid_subdomain=invalid_subdomain)
user_id = get_session_dict_user(getattr(request, 'session'))
self.assertEqual(user_id, user_profile.id)
self.assertEqual(response.status_code, 302)
self.assertIn('http://localhost', response.url)

54
zerver/views/auth.py
View File

@@ -165,10 +165,7 @@ def login_or_register_remote_user(request, remote_username, user_profile, full_n
return response
do_login(request, user_profile)
if settings.REALMS_HAVE_SUBDOMAINS and user_profile.realm.subdomain is not None:
return HttpResponseRedirect(user_profile.realm.uri)
return HttpResponseRedirect("%s%s" % (settings.EXTERNAL_URI_SCHEME,
request.get_host()))
return HttpResponseRedirect(user_profile.realm.uri)
def remote_user_sso(request):
# type: (HttpRequest) -> HttpResponse
@@ -289,10 +286,9 @@ def send_oauth_request_to_google(request):
is_signup = request.GET.get('is_signup', '')
mobile_flow_otp = request.GET.get('mobile_flow_otp', '0')
if settings.REALMS_HAVE_SUBDOMAINS:
if ((settings.ROOT_DOMAIN_LANDING_PAGE and subdomain == '') or
not Realm.objects.filter(string_id=subdomain).exists()):
return redirect_to_subdomain_login_url()
if ((settings.ROOT_DOMAIN_LANDING_PAGE and subdomain == '') or
not Realm.objects.filter(string_id=subdomain).exists()):
return redirect_to_subdomain_login_url()
google_uri = 'https://accounts.google.com/o/oauth2/auth?'
cur_time = str(int(time.time()))
@@ -512,7 +508,7 @@ def login_page(request, **kwargs):
extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin]
extra_context['direct_users'] = [u.email for u in users if not u.is_realm_admin]
if settings.REALMS_HAVE_SUBDOMAINS and 'new_realm' in request.POST:
if 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm
return HttpResponseRedirect(realm.uri)
@@ -555,10 +551,7 @@ def dev_direct_login(request, **kwargs):
if user_profile is None:
raise Exception("User cannot login")
do_login(request, user_profile)
if settings.REALMS_HAVE_SUBDOMAINS and user_profile.realm.subdomain is not None:
return HttpResponseRedirect(user_profile.realm.uri)
return HttpResponseRedirect("%s%s" % (settings.EXTERNAL_URI_SCHEME,
request.get_host()))
return HttpResponseRedirect(user_profile.realm.uri)
@csrf_exempt
@require_post
@@ -656,26 +649,21 @@ def api_fetch_api_key(request, username=REQ(), password=REQ()):
def get_auth_backends_data(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Returns which authentication methods are enabled on the server"""
if settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
try:
realm = Realm.objects.get(string_id=subdomain)
except Realm.DoesNotExist:
# If not the root subdomain, this is an error
if subdomain != "":
raise JsonableError(_("Invalid subdomain"))
# With the root subdomain, it's an error or not depending
# whether ROOT_DOMAIN_LANDING_PAGE (which indicates whether
# there are some realms without subdomains on this server)
# is set.
if settings.ROOT_DOMAIN_LANDING_PAGE:
raise JsonableError(_("Subdomain required"))
else:
realm = None
else:
# Without subdomains, we just have to report what the server
# supports, since we don't know the realm.
realm = None
subdomain = get_subdomain(request)
try:
realm = Realm.objects.get(string_id=subdomain)
except Realm.DoesNotExist:
# If not the root subdomain, this is an error
if subdomain != "":
raise JsonableError(_("Invalid subdomain"))
# With the root subdomain, it's an error or not depending
# whether ROOT_DOMAIN_LANDING_PAGE (which indicates whether
# there are some realms without subdomains on this server)
# is set.
if settings.ROOT_DOMAIN_LANDING_PAGE:
raise JsonableError(_("Subdomain required"))
else:
realm = None
return {"password": password_auth_enabled(realm),
"dev": dev_auth_enabled(realm),
"github": github_auth_enabled(realm),

21
zerver/views/registration.py
View File

@@ -11,9 +11,10 @@ from django.template import RequestContext, loader
from django.utils.timezone import now
from django.core.exceptions import ValidationError
from django.core import validators
from zerver.context_processors import get_realm_from_request
from zerver.models import UserProfile, Realm, Stream, PreregistrationUser, MultiuseInvite, \
name_changes_disabled, email_to_username, email_allowed_for_realm, \
get_realm, get_realm_by_email_domain, get_user_profile_by_email
get_realm, get_user_profile_by_email
from zerver.lib.send_email import send_email, FromAddress
from zerver.lib.events import do_events_register
from zerver.lib.actions import do_change_password, do_change_full_name, do_change_is_admin, \
@@ -79,14 +80,12 @@ def accounts_register(request):
if prereg_user.referred_by:
# If someone invited you, you are joining their realm regardless
# of your e-mail address.
realm = prereg_user.referred_by.realm # type: Optional[Realm]
realm = prereg_user.referred_by.realm
elif realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
elif settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm(get_subdomain(request))
else:
realm = get_realm_by_email_domain(email)
realm = get_realm(get_subdomain(request))
if realm and not email_allowed_for_realm(email, realm):
return render(request, "zerver/closed_realm.html",
@@ -210,7 +209,7 @@ def accounts_register(request):
setup_initial_private_stream(user_profile)
send_initial_realm_messages(realm)
if realm_creation and settings.REALMS_HAVE_SUBDOMAINS:
if realm_creation:
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
@@ -246,7 +245,6 @@ def accounts_register(request):
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'password_required': password_auth_enabled(realm) and password_required,
'password_auth_enabled': password_auth_enabled(realm),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
@@ -331,13 +329,6 @@ def confirmation_key(request):
# type: (HttpRequest) -> HttpResponse
return json_success(request.session.get('confirmation_key'))
def get_realm_from_request(request):
# type: (HttpRequest) -> Realm
if settings.REALMS_HAVE_SUBDOMAINS:
realm_str = get_subdomain(request)
else:
realm_str = None
return get_realm(realm_str)
def show_deactivation_notice(request):
# type: (HttpRequest) -> HttpResponse
@@ -354,7 +345,7 @@ def redirect_to_deactivation_notice():
def accounts_home(request, multiuse_object=None):
# type: (HttpRequest, Optional[MultiuseInvite]) -> HttpResponse
realm = get_realm_from_request(request)
realm = get_realm(get_subdomain(request))
if realm and realm.deactivated:
return redirect_to_deactivation_notice()

21
zproject/backends.py
View File

@@ -12,7 +12,7 @@ from zerver.lib.actions import do_create_user
from zerver.models import UserProfile, Realm, get_user_profile_by_id, \
get_user_profile_by_email, remote_user_to_email, email_to_username, \
get_realm, get_realm_by_email_domain
get_realm
from apiclient.sample_tools import client as googleapiclient
from oauth2client.crypt import AppIdentityError
@@ -146,11 +146,8 @@ class SocialAuthMixin(ZulipAuthMixin):
if user is None:
user = {}
if return_data is None:
return_data = {}
if response is None:
response = {}
assert return_data is not None
assert response is not None
return self._common_authenticate(self,
realm_subdomain=realm_subdomain,
@@ -427,10 +424,7 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
def authenticate(self, username, password, realm_subdomain=None, return_data=None):
# type: (Text, str, Optional[Text], Optional[Dict[str, Any]]) -> Optional[UserProfile]
try:
if settings.REALMS_HAVE_SUBDOMAINS:
self._realm = get_realm(realm_subdomain)
elif settings.LDAP_EMAIL_ATTR is not None:
self._realm = get_realm_by_email_domain(username)
self._realm = get_realm(realm_subdomain)
username = self.django_to_ldap_username(username)
user_profile = ZulipLDAPAuthBackendBase.authenticate(self, username, password)
if user_profile is None:
@@ -439,9 +433,9 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
return None
return user_profile
except Realm.DoesNotExist:
return None
return None # nocoverage # TODO: this may no longer be possible
except ZulipLDAPException:
return None
return None # nocoverage # TODO: this may no longer be possible
def get_or_create_user(self, username, ldap_user):
# type: (str, _LDAPUser) -> Tuple[UserProfile, bool]
@@ -452,7 +446,6 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
raise ZulipLDAPException("LDAP user doesn't have the needed %s attribute" % (settings.LDAP_EMAIL_ATTR,))
username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
self._realm = get_realm_by_email_domain(username)
user_profile = get_user_profile_by_email(username)
if not user_profile.is_active or user_profile.realm.deactivated:
@@ -505,7 +498,7 @@ class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
# type: (*Any, **Any) -> Optional[Text]
try:
return kwargs['response']['email']
except KeyError:
except KeyError: # nocoverage # TODO: investigate
return None
def get_full_name(self, *args, **kwargs):

8
zproject/dev_settings.py
View File

@@ -7,16 +7,10 @@ from typing import Set
LOCAL_UPLOADS_DIR = 'var/uploads'
EMAIL_LOG_DIR = "/var/log/zulip/email.log"
# Default to subdomains disabled in development until we can update
# the development documentation to make sense with subdomains.
REALMS_HAVE_SUBDOMAINS = False
# Check if test_settings.py set EXTERNAL_HOST.
EXTERNAL_HOST = os.getenv('EXTERNAL_HOST')
if EXTERNAL_HOST is None:
if REALMS_HAVE_SUBDOMAINS:
EXTERNAL_HOST = 'zulipdev.com:9991'
else:
EXTERNAL_HOST = 'localhost:9991'
EXTERNAL_HOST = 'zulipdev.com:9991'
ALLOWED_HOSTS = ['*']
# Uncomment extra backends if you want to test with them. Note that

5
zproject/settings.py
View File

@@ -225,10 +225,6 @@ DEFAULT_SETTINGS.update({
# Whether anyone can create a new organization on the Zulip server.
'OPEN_REALM_CREATION': False,
# Whether every realm has its own subdomain. Soon to be set to
# True always and removed..
'REALMS_HAVE_SUBDOMAINS': True,
# Setting for where the system bot users are. Likely will have no
# purpose after the REALMS_HAVE_SUBDOMAINS migration finishes.
'SYSTEM_ONLY_REALMS': {"zulip"},
@@ -565,7 +561,6 @@ if PRODUCTION:
try:
# For get_updates hostname sharding.
domain = config_file.get('django', 'cookie_domain')
SESSION_COOKIE_DOMAIN = '.' + domain
CSRF_COOKIE_DOMAIN = '.' + domain
except six.moves.configparser.Error:
# Failing here is OK

1
zproject/test_settings.py
View File

@@ -103,7 +103,6 @@ WEBPACK_LOADER['DEFAULT']['STATS_FILE'] = os.path.join(DEPLOY_ROOT, WEBPACK_FILE
if CASPER_TESTS:
# Don't auto-restart Tornado server during casper tests
AUTORELOAD = False
REALMS_HAVE_SUBDOMAINS = True
else:
# Use local memory cache for backend tests.
CACHES['default'] = {