Make password_auth_enabled() take a realm object

This will actually be used in an upcoming commit.

(imported from commit 5d3db685a245899b2523440398f2ed2f0cfec4f4)

zerver/context_processors.py

@@ -5,6 +5,10 @@ import ujson
 from zproject.backends import password_auth_enabled
 
 def add_settings(request):
+    if hasattr(request.user, "realm"):
+        is_pw_auth_enabled = password_auth_enabled(request.user.realm)
+    else:
+        is_pw_auth_enabled = True
     return {
         'full_navbar':   settings.FULL_NAVBAR,
         # We use the not_enterprise variable name so that templates
@@ -12,7 +16,7 @@ def add_settings(request):
         # to the template
         'not_enterprise':    not settings.ENTERPRISE,
         'zulip_admin':   settings.ZULIP_ADMINISTRATOR,
-        'password_auth_enabled': password_auth_enabled(),
+        'password_auth_enabled': is_pw_auth_enabled,
         'login_url':     settings.HOME_NOT_LOGGED_IN,
         'only_sso':     settings.ONLY_SSO,
         'external_api_path': settings.EXTERNAL_API_PATH,

zerver/forms.py

@@ -40,11 +40,14 @@ def not_mit_mailing_list(value):
 
 class RegistrationForm(forms.Form):
     full_name = forms.CharField(max_length=100)
-    if password_auth_enabled():
-        password = forms.CharField(widget=forms.PasswordInput, max_length=100)
+    # The required-ness of the password field gets overridden if it isn't
+    # actually required for a realm
+    password = forms.CharField(widget=forms.PasswordInput, max_length=100,
+                               required=False)
     if not settings.ENTERPRISE:
         terms = forms.BooleanField(required=True)
 
+
 class ToSForm(forms.Form):
     full_name = forms.CharField(max_length=100)
     terms = forms.BooleanField(required=True)

zerver/views/__init__.py

@@ -336,9 +336,11 @@ def accounts_register(request):
             except KeyError:
                 pass
         form = RegistrationForm(postdata)
+        if not password_auth_enabled(realm):
+            form['password'].field.required = False
 
     if form.is_valid():
-        if password_auth_enabled():
+        if password_auth_enabled(realm):
             password = form.cleaned_data['password']
         else:
             # SSO users don't need no passwords
@@ -379,7 +381,11 @@ def accounts_register(request):
              'email': email,
              'key': key,
              'full_name': request.session.get('authenticated_full_name', None),
-             'lock_name': name_validated and name_changes_disabled(realm)
+             'lock_name': name_validated and name_changes_disabled(realm),
+             # password_auth_enabled is normally set via our context processor,
+             # but for the registration form, there is no logged in user yet, so
+             # we have to set it here.
+             'password_auth_enabled': password_auth_enabled(realm),
             },
         context_instance=RequestContext(request))
 
@@ -869,7 +875,7 @@ def home(request):
         test_suite            = settings.TEST_SUITE,
         poll_timeout          = settings.POLL_TIMEOUT,
         login_page            = settings.HOME_NOT_LOGGED_IN,
-        password_auth_enabled = password_auth_enabled(),
+        password_auth_enabled = password_auth_enabled(user_profile.realm),
         have_initial_messages = user_has_messages,
         subbed_info           = register_ret['subscriptions'],
         unsubbed_info         = register_ret['unsubscribed'],
@@ -1643,7 +1649,7 @@ def api_fetch_api_key(request, username=REQ, password=REQ):
 @authenticated_json_post_view
 @has_request_variables
 def json_fetch_api_key(request, user_profile, password=REQ(default='')):
-    if password_auth_enabled() and not user_profile.check_password(password):
+    if password_auth_enabled(user_profile.realm) and not user_profile.check_password(password):
         return json_error("Your username or password is incorrect.")
     return json_success({"api_key": user_profile.api_key})
 

zproject/backends.py

@@ -13,7 +13,7 @@ from openid.consumer.consumer import SUCCESS
 from apiclient.sample_tools import client as googleapiclient
 from oauth2client.crypt import AppIdentityError
 
-def password_auth_enabled():
+def password_auth_enabled(realm):
     for backend in django.contrib.auth.get_backends():
          if isinstance(backend, EmailAuthBackend):
              return True