paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-31 20:13:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

typing: Add assertions for authentication.

Browse Source 
Signed-off-by: Zixuan James Li <359101898@qq.com>
This commit is contained in:
Zixuan James Li
2022-05-30 21:17:38 -04:00
committed by Tim Abbott
parent c572d9be5a
commit 4c6f2ae7be
6 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
zerver/forms.py
View File

@@ -273,6 +273,7 @@ class LoggingSetPasswordForm(SetPasswordForm):
return new_password return new_password
def save(self, commit: bool = True) -> UserProfile: def save(self, commit: bool = True) -> UserProfile:
assert isinstance(self.user, UserProfile)
do_change_password(self.user, self.cleaned_data["new_password1"], commit=commit) do_change_password(self.user, self.cleaned_data["new_password1"], commit=commit)
return self.user return self.user

5
zerver/tests/test_auth_backends.py
View File

@@ -753,13 +753,16 @@ class RateLimitAuthenticationTests(ZulipTestCase):
def attempt_authentication( def attempt_authentication(
request: HttpRequest, username: str, password: str request: HttpRequest, username: str, password: str
) -> Optional[UserProfile]: ) -> Optional[UserProfile]:
return authenticate( user = authenticate(
request=request, request=request,
username=username, username=username,
realm=get_realm("zulip"), realm=get_realm("zulip"),
password=password, password=password,
return_data={}, return_data={},
) )
if user is not None:
assert isinstance(user, UserProfile)
return user
self.do_test_auth_rate_limiting( self.do_test_auth_rate_limiting(
attempt_authentication, attempt_authentication,

4
zerver/views/auth.py
View File

@@ -431,6 +431,8 @@ def remote_user_sso(
user_profile = None user_profile = None
else: else:
user_profile = authenticate(remote_user=remote_user, realm=realm) user_profile = authenticate(remote_user=remote_user, realm=realm)
if user_profile is not None:
assert isinstance(user_profile, UserProfile)
email = remote_user_to_email(remote_user) email = remote_user_to_email(remote_user)
data_dict = ExternalAuthDataDict( data_dict = ExternalAuthDataDict(
@@ -486,6 +488,7 @@ def remote_user_jwt(request: HttpRequest) -> HttpResponse:
data_dict={"email": email, "full_name": remote_user, "subdomain": realm.subdomain} data_dict={"email": email, "full_name": remote_user, "subdomain": realm.subdomain}
) )
else: else:
assert isinstance(user_profile, UserProfile)
result = ExternalAuthResult(user_profile=user_profile) result = ExternalAuthResult(user_profile=user_profile)
return login_or_register_remote_user(request, result) return login_or_register_remote_user(request, result)
@@ -895,6 +898,7 @@ def api_fetch_api_key(
email_on_new_login(sender=user_profile.__class__, request=request, user=user_profile) email_on_new_login(sender=user_profile.__class__, request=request, user=user_profile)
# Mark this request as having a logged-in user for our server logs. # Mark this request as having a logged-in user for our server logs.
assert isinstance(user_profile, UserProfile)
process_client(request, user_profile) process_client(request, user_profile)
RequestNotes.get_notes(request).requestor_for_logs = user_profile.format_requestor_for_logs() RequestNotes.get_notes(request).requestor_for_logs = user_profile.format_requestor_for_logs()

3
zerver/views/development/dev_login.py
View File

@@ -86,6 +86,7 @@ def dev_direct_login(
user_profile = authenticate(dev_auth_username=email, realm=realm) user_profile = authenticate(dev_auth_username=email, realm=realm)
if user_profile is None: if user_profile is None:
return config_error(request, "dev") return config_error(request, "dev")
assert isinstance(user_profile, UserProfile)
do_login(request, user_profile) do_login(request, user_profile)
redirect_to = get_safe_redirect_to(next, user_profile.realm.uri) redirect_to = get_safe_redirect_to(next, user_profile.realm.uri)
@@ -130,7 +131,7 @@ def api_dev_fetch_api_key(request: HttpRequest, username: str = REQ()) -> HttpRe
# is when one's attempting to send an email address that # is when one's attempting to send an email address that
# doesn't have an account, i.e. it's definitely invalid username. # doesn't have an account, i.e. it's definitely invalid username.
raise AuthenticationFailedError() raise AuthenticationFailedError()
assert user_profile is not None assert isinstance(user_profile, UserProfile)
do_login(request, user_profile) do_login(request, user_profile)
api_key = get_api_key(user_profile) api_key = get_api_key(user_profile)

14
zerver/views/registration.py
View File

@@ -383,7 +383,7 @@ def accounts_register(
# prereg_user.realm_creation carries the information about whether # prereg_user.realm_creation carries the information about whether
# we're in realm creation mode, and the ldap flow will handle # we're in realm creation mode, and the ldap flow will handle
# that and create the user with the appropriate parameters. # that and create the user with the appropriate parameters.
user_profile = authenticate( user = authenticate(
request=request, request=request,
username=email, username=email,
password=password, password=password,
@@ -391,7 +391,7 @@ def accounts_register(
prereg_user=prereg_user, prereg_user=prereg_user,
return_data=return_data, return_data=return_data,
) )
if user_profile is None: if user is None:
can_use_different_backend = email_auth_enabled(realm) or ( can_use_different_backend = email_auth_enabled(realm) or (
len(get_external_method_dicts(realm)) > 0 len(get_external_method_dicts(realm)) > 0
) )
@@ -419,13 +419,14 @@ def accounts_register(
query = urlencode({"email": email}) query = urlencode({"email": email})
redirect_url = append_url_query_string(view_url, query) redirect_url = append_url_query_string(view_url, query)
return HttpResponseRedirect(redirect_url) return HttpResponseRedirect(redirect_url)
elif not realm_creation:
# Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, user_profile)
else: else:
assert isinstance(user, UserProfile)
user_profile = user
if not realm_creation:
# Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, user_profile)
# With realm_creation=True, we're going to return further down, # With realm_creation=True, we're going to return further down,
# after finishing up the creation process. # after finishing up the creation process.
pass
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy: if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile user_profile = existing_user_profile
@@ -485,6 +486,7 @@ def accounts_register(
) )
return redirect("/") return redirect("/")
assert isinstance(auth_result, UserProfile)
return login_and_go_to_home(request, auth_result) return login_and_go_to_home(request, auth_result)
return render( return render(

7
zproject/backends.py
View File

@@ -1335,9 +1335,10 @@ class ExternalAuthResult:
# more customized error messages for those unlikely races, but # more customized error messages for those unlikely races, but
# it's likely not worth implementing. # it's likely not worth implementing.
realm = get_realm(data["subdomain"]) realm = get_realm(data["subdomain"])
self.user_profile = authenticate( auth_result = authenticate(username=data["email"], realm=realm, use_dummy_backend=True)
username=data["email"], realm=realm, use_dummy_backend=True if auth_result is not None:
) assert isinstance(auth_result, UserProfile)
self.user_profile = auth_result
class InvalidTokenError(Exception): class InvalidTokenError(Exception):
pass pass