paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 22:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: Convert RemoteUserBackend to accept a realm object.

Browse Source
This commit is contained in:
Tim Abbott
2017-11-17 14:14:08 -08:00
parent fb6abe1b1e
commit 387c9109ec
3 changed files with 32 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
zerver/tests/test_auth_backends.py
View File

@@ -124,6 +124,14 @@ class AuthBackendTest(ZulipTestCase):
index = getattr(user_profile.realm.authentication_methods, backend_name).number
user_profile.realm.authentication_methods.set_bit(index, False)
user_profile.realm.save()
if 'realm' in good_kwargs:
# Because this test is a little unfaithful to the ordering
# (i.e. we fetched the realm object before this function
# was called, when in fact it should be fetched after we
# changed the allowed authentication methods), we need to
# propagate the changes we just made to the actual realm
# object in good_kwargs.
good_kwargs['realm'] = user_profile.realm
self.assertIsNone(backend.authenticate(**good_kwargs))
user_profile.realm.authentication_methods.set_bit(index, True)
user_profile.realm.save()
@@ -282,9 +290,19 @@ class AuthBackendTest(ZulipTestCase):
username = self.get_username()
self.verify_backend(ZulipRemoteUserBackend(),
good_kwargs=dict(remote_user=username,
realm_subdomain='zulip'),
realm=get_realm('zulip')),
bad_kwargs=dict(remote_user=username,
realm_subdomain='acme'))
realm=get_realm('zephyr')))
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',))
def test_remote_user_backend_invalid_realm(self):
# type: () -> None
username = self.get_username()
self.verify_backend(ZulipRemoteUserBackend(),
good_kwargs=dict(remote_user=username,
realm=get_realm('zulip')),
bad_kwargs=dict(remote_user=username,
realm=None))
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',))
@override_settings(SSO_APPEND_DOMAIN='zulip.com')
@@ -293,9 +311,9 @@ class AuthBackendTest(ZulipTestCase):
username = self.get_username(email_to_username)
self.verify_backend(ZulipRemoteUserBackend(),
good_kwargs=dict(remote_user=username,
realm_subdomain='zulip'),
realm=get_realm("zulip")),
bad_kwargs=dict(remote_user=username,
realm_subdomain='acme'))
realm=get_realm('zephyr')))
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.GitHubAuthBackend',))
def test_github_backend(self):

6
zerver/views/auth.py
View File

@@ -187,7 +187,11 @@ def remote_user_sso(request):
# enabled.
validate_login_email(remote_user_to_email(remote_user))
user_profile = authenticate(remote_user=remote_user, realm_subdomain=get_subdomain(request))
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
# Since RemoteUserBackend will return None if Realm is None, we
# don't need to check whether `get_realm` returned None.
user_profile = authenticate(remote_user=remote_user, realm=realm)
return login_or_register_remote_user(request, remote_user, user_profile)
@csrf_exempt

8
zproject/backends.py
View File

@@ -411,15 +411,17 @@ class ZulipRemoteUserBackend(RemoteUserBackend):
create_unknown_user = False
def authenticate(self, remote_user: Optional[str],
realm_subdomain: Optional[str]=None) -> Optional[UserProfile]:
if not remote_user:
realm: Optional[Realm]=None) -> Optional[UserProfile]:
if realm is None:
return None
if remote_user is None:
return None
email = remote_user_to_email(remote_user)
user_profile = common_get_active_user_by_email(email)
if user_profile is None:
return None
if not user_matches_subdomain(realm_subdomain, user_profile):
if not user_matches_subdomain(realm.subdomain, user_profile):
return None
if not auth_enabled_helper(["RemoteUser"], user_profile.realm):
return None