From 53224a16a9e1fbc2fb858fd1bcd34317b0ce1d1f Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Tue, 21 Nov 2017 12:32:42 -0800
Subject: [PATCH] EmailAuthBackend: Convert a return to assert for a
 now-impossible case.

---
 zproject/backends.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/zproject/backends.py b/zproject/backends.py
index a76d08262a..b25bd3fb2b 100644
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -339,10 +339,10 @@ class EmailAuthBackend(ZulipAuthMixin):
                      return_data: Optional[Dict[str, Any]]=None) -> Optional[UserProfile]:
         """ Authenticate a user based on email address as the user name. """
         if username is None or password is None:
-            # Return immediately.  Otherwise we will look for a SQL row with
-            # NULL username.  While that's probably harmless, it's needless
-            # exposure.
-            return None
+            # Because of how we structure our auth calls to always
+            # specify which backend to use when not using
+            # EmailAuthBackend, username and password should always be set.
+            raise AssertionError("Invalid call to authenticate for EmailAuthBackend")
 
         user_profile = common_get_active_user_by_email(username, return_data=return_data)
         if user_profile is None: