paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-17 04:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

api_fetch_api_key: Improve invalid email message.

Browse Source 
Show a user friendly message to the user if email is invalid.
Currently we show a generic message:
"Your username or password is incorrect."

The only backend which can accept a non-email username is LDAP.
So we check if it is enabled before showing the custom message.
This commit is contained in:
Umair Khan
2017-04-07 11:21:29 +05:00
committed by Tim Abbott
parent ad2114a7a8
commit 93aa478efb
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
zerver/tests/test_auth_backends.py
View File

@@ -995,6 +995,13 @@ class FetchAPIKeyTest(ZulipTestCase):
password=initial_password(self.email))) password=initial_password(self.email)))
self.assert_json_success(result) self.assert_json_success(result)
def test_invalid_email(self):
# type: () -> None
result = self.client_post("/api/v1/fetch_api_key",
dict(username='hamlet',
password=initial_password(self.email)))
self.assert_json_error(result, "Enter a valid email address.", 400)
def test_wrong_password(self): def test_wrong_password(self):
# type: () -> None # type: () -> None
result = self.client_post("/api/v1/fetch_api_key", result = self.client_post("/api/v1/fetch_api_key",

11
zerver/views/auth.py
View File

@@ -1,6 +1,8 @@
from __future__ import absolute_import from __future__ import absolute_import
from django.conf import settings from django.conf import settings
from django.core.exceptions import ValidationError
from django.core.validators import validate_email
from django.contrib.auth import authenticate, login, get_backends from django.contrib.auth import authenticate, login, get_backends
from django.contrib.auth.views import login as django_login_page, \ from django.contrib.auth.views import login as django_login_page, \
logout_then_login as django_logout_then_login logout_then_login as django_logout_then_login
@@ -23,10 +25,12 @@ from zerver.forms import HomepageForm, OurAuthenticationForm, \
from zerver.lib.request import REQ, has_request_variables, JsonableError from zerver.lib.request import REQ, has_request_variables, JsonableError
from zerver.lib.response import json_success, json_error from zerver.lib.response import json_success, json_error
from zerver.lib.utils import get_subdomain, is_subdomain_root_or_alias from zerver.lib.utils import get_subdomain, is_subdomain_root_or_alias
from zerver.lib.validator import validate_login_email
from zerver.models import PreregistrationUser, UserProfile, remote_user_to_email, Realm from zerver.models import PreregistrationUser, UserProfile, remote_user_to_email, Realm
from zerver.views.registration import create_preregistration_user, get_realm_from_request, \ from zerver.views.registration import create_preregistration_user, get_realm_from_request, \
redirect_and_log_into_subdomain redirect_and_log_into_subdomain
from zproject.backends import password_auth_enabled, dev_auth_enabled, google_auth_enabled from zproject.backends import password_auth_enabled, dev_auth_enabled, google_auth_enabled, \
ldap_auth_enabled
from version import ZULIP_VERSION from version import ZULIP_VERSION
import hashlib import hashlib
@@ -430,6 +434,11 @@ def api_fetch_api_key(request, username=REQ(), password=REQ()):
realm_subdomain=get_subdomain(request), realm_subdomain=get_subdomain(request),
return_data=return_data) return_data=return_data)
else: else:
if not ldap_auth_enabled(realm=get_realm_from_request(request)):
# In case we don't authenticate against LDAP, check for a valid
# email. LDAP backend can authenticate against a non-email.
validate_login_email(username)
user_profile = authenticate(username=username, user_profile = authenticate(username=username,
password=password, password=password,
realm_subdomain=get_subdomain(request), realm_subdomain=get_subdomain(request),