From 5b16ee0c084d5445270a279e87b49058ed3ff5b7 Mon Sep 17 00:00:00 2001
From: Erik Tews <erik@datenzone.de>
Date: Sun, 18 Jul 2021 23:39:37 +0200
Subject: [PATCH] auth: show _OR_ during login only when other methods are
 available.

There might be good reasons to have other external authentication
methods such as SAML configured, but none of them is available.

This happens, for example, when you have enabled SAML so that Zulip is
able to generate the metadata in XML format, but you haven't
configured an IdP yet. This commit makes sure that the phrase _OR_ is
only shown on the login/account page when there are actually other
authentication methods available. When they are just configured, but
not available yet, the page looks like as if no external
authentication methods are be configured.

We achieve this by deleting any_social_backend_enabled, which was very
similar to page_params.external_authentication_methods, which
correctly has one entry per configured SAML IdP.
---
 templates/zerver/accounts_home.html | 2 +-
 templates/zerver/login.html         | 2 +-
 zerver/context_processors.py        | 2 --
 zerver/views/registration.py        | 6 +++---
 zproject/backends.py                | 9 ---------
 5 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/templates/zerver/accounts_home.html b/templates/zerver/accounts_home.html
index 8dd700ecc4..fae7e38840 100644
--- a/templates/zerver/accounts_home.html
+++ b/templates/zerver/accounts_home.html
@@ -68,7 +68,7 @@ page can be easily identified in it's respective JavaScript file -->
                                 <button class="full-width" type="submit">{{ _('Sign up') }}</button>
                             </form>
 
-                            {% if any_social_backend_enabled %}
+                            {% if page_params.external_authentication_methods|length > 0 %}
                             <div class="or"><span>{{ _('OR') }}</span></div>
                             {% endif %}
                         {% endif %}
diff --git a/templates/zerver/login.html b/templates/zerver/login.html
index 2e5b5a9407..eafc9301fd 100644
--- a/templates/zerver/login.html
+++ b/templates/zerver/login.html
@@ -104,7 +104,7 @@ page can be easily identified in it's respective JavaScript file. -->
                             </button>
                         </form>
 
-                        {% if any_social_backend_enabled %}
+                        {% if page_params.external_authentication_methods|length > 0 %}
                         <div class="or"><span>{{ _('OR') }}</span></div>
                         {% endif %}
 
diff --git a/zerver/context_processors.py b/zerver/context_processors.py
index 024240d6fd..d749f8c53e 100644
--- a/zerver/context_processors.py
+++ b/zerver/context_processors.py
@@ -22,7 +22,6 @@ from zerver.lib.subdomains import get_subdomain
 from zerver.models import Realm, UserProfile, get_realm
 from zproject.backends import (
     AUTH_BACKEND_NAME_MAP,
-    any_social_backend_enabled,
     auth_enabled_helper,
     get_external_method_dicts,
     password_auth_enabled,
@@ -192,7 +191,6 @@ def login_context(request: HttpRequest) -> Dict[str, Any]:
         "realm_description": realm_description,
         "require_email_format_usernames": require_email_format_usernames(realm),
         "password_auth_enabled": password_auth_enabled(realm),
-        "any_social_backend_enabled": any_social_backend_enabled(realm),
         "two_factor_authentication_enabled": settings.TWO_FACTOR_AUTHENTICATION_ENABLED,
     }
 
diff --git a/zerver/views/registration.py b/zerver/views/registration.py
index d68f2e3dd5..d109955af8 100644
--- a/zerver/views/registration.py
+++ b/zerver/views/registration.py
@@ -79,9 +79,9 @@ from zproject.backends import (
     ExternalAuthResult,
     ZulipLDAPAuthBackend,
     ZulipLDAPExceptionNoMatchingLDAPUser,
-    any_social_backend_enabled,
     email_auth_enabled,
     email_belongs_to_ldap,
+    get_external_method_dicts,
     ldap_auth_enabled,
     password_auth_enabled,
 )
@@ -359,8 +359,8 @@ def accounts_register(request: HttpRequest) -> HttpResponse:
                 return_data=return_data,
             )
             if user_profile is None:
-                can_use_different_backend = email_auth_enabled(realm) or any_social_backend_enabled(
-                    realm
+                can_use_different_backend = email_auth_enabled(realm) or (
+                    len(get_external_method_dicts(realm)) > 0
                 )
                 if settings.LDAP_APPEND_DOMAIN:
                     # In LDAP_APPEND_DOMAIN configurations, we don't allow making a non-LDAP account
diff --git a/zproject/backends.py b/zproject/backends.py
index 509180ba3f..650e65c523 100644
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -159,15 +159,6 @@ def saml_auth_enabled(realm: Optional[Realm] = None) -> bool:
     return auth_enabled_helper(["SAML"], realm)
 
 
-def any_social_backend_enabled(realm: Optional[Realm] = None) -> bool:
-    """Used by the login page process to determine whether to show the
-    'OR' for login with Google"""
-    social_backend_names = [
-        social_auth_subclass.auth_backend_name for social_auth_subclass in EXTERNAL_AUTH_METHODS
-    ]
-    return auth_enabled_helper(social_backend_names, realm)
-
-
 def require_email_format_usernames(realm: Optional[Realm] = None) -> bool:
     if ldap_auth_enabled(realm):
         if settings.LDAP_EMAIL_ATTR or settings.LDAP_APPEND_DOMAIN: