auth: Convert DevAuthBackend to use a unique argument pattern.

This helps ensure that we won't accidentally activate this backend on other code paths.
2025-11-16 03:41:58 +00:00 · 2017-11-21 12:13:46 -08:00
parent f2d3258a56
commit 4968631d1b
4 changed files with 13 additions and 7 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -282,7 +282,7 @@ class AuthBackendTest(ZulipTestCase):
    def test_devauth_backend(self):
        # type: () -> None
        self.verify_backend(DevAuthBackend(),
-                            good_kwargs=dict(username=self.get_username()))
+                            good_kwargs=dict(dev_auth_username=self.get_username()))

    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',))
    def test_remote_user_backend(self):
--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@@ -584,7 +584,9 @@ def dev_direct_login(request, **kwargs):
        # an enabled DevAuthBackend.
        raise Exception('Direct login not supported.')
    email = request.POST['direct_email']
-    user_profile = authenticate(username=email, realm_subdomain=get_subdomain(request))
+    subdomain = get_subdomain(request)
+    realm = get_realm(subdomain)
+    user_profile = authenticate(dev_auth_username=email, realm_subdomain=realm.subdomain)
    if user_profile is None:
        raise Exception("User cannot login")
    do_login(request, user_profile)
@@ -608,9 +610,12 @@ def api_dev_fetch_api_key(request, username=REQ()):
    # enabled.
    validate_login_email(username)

+    subdomain = get_subdomain(request)
+    realm = get_realm(subdomain)
+
    return_data = {}  # type: Dict[str, bool]
-    user_profile = authenticate(username=username,
-                                realm_subdomain=get_subdomain(request),
+    user_profile = authenticate(dev_auth_username=username,
+                                realm_subdomain=realm.subdomain,
                                return_data=return_data)
    if return_data.get("inactive_realm"):
        return json_error(_("Your realm has been deactivated."),
--- a/zerver/views/email_log.py
+++ b/zerver/views/email_log.py
@@ -67,7 +67,7 @@ def generate_all_emails(request):
    assert result.status_code == 302

    # New login email
-    logged_in = client.login(username=registered_email)
+    logged_in = client.login(dev_auth_username=registered_email)
    assert logged_in

    # New user invite and reminder emails
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -533,9 +533,10 @@ class ZulipLDAPUserPopulator(ZulipLDAPAuthBackendBase):
 class DevAuthBackend(ZulipAuthMixin):
    # Allow logging in as any user without a password.
    # This is used for convenience when developing Zulip.
-    def authenticate(self, username: str, realm_subdomain: Optional[str]=None,
+    def authenticate(self, dev_auth_username: Optional[str]=None, realm_subdomain: Optional[str]=None,
                     return_data: Optional[Dict[str, Any]]=None) -> Optional[UserProfile]:
-        user_profile = common_get_active_user_by_email(username, return_data=return_data)
+        assert dev_auth_username is not None
+        user_profile = common_get_active_user_by_email(dev_auth_username, return_data=return_data)
        if user_profile is None:
            return None
        if not dev_auth_enabled(user_profile.realm):