auth: Convert GoogleMobileOAuth2Backend to accept a realm object.

zerver/tests/test_auth_backends.py

@@ -224,14 +224,15 @@ class AuthBackendTest(ZulipTestCase):
 
         with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
             self.verify_backend(backend,
-                                good_kwargs=dict(realm_subdomain="zulip"),
-                                bad_kwargs=dict(realm_subdomain='acme'))
+                                good_kwargs=dict(realm=get_realm("zulip")),
+                                bad_kwargs=dict(realm=get_realm('invalid')))
 
         # Verify valid_attestation parameter is set correctly
         unverified_payload = dict(email_verified=False)
-        with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=unverified_payload):
+        with mock.patch('apiclient.sample_tools.client.verify_id_token',
+                        return_value=unverified_payload):
             ret = dict()  # type: Dict[str, str]
-            result = backend.authenticate(return_data=ret)
+            result = backend.authenticate(realm=get_realm("zulip"), return_data=ret)
             self.assertIsNone(result)
             self.assertFalse(ret["valid_attestation"])
 
@@ -239,13 +240,13 @@ class AuthBackendTest(ZulipTestCase):
         with mock.patch('apiclient.sample_tools.client.verify_id_token',
                         return_value=nonexistent_user_payload):
             ret = dict()
-            result = backend.authenticate(return_data=ret)
+            result = backend.authenticate(realm=get_realm("zulip"), return_data=ret)
             self.assertIsNone(result)
             self.assertTrue(ret["valid_attestation"])
         with mock.patch('apiclient.sample_tools.client.verify_id_token',
                         side_effect=AppIdentityError):
             ret = dict()
-            result = backend.authenticate(return_data=ret)
+            result = backend.authenticate(realm=get_realm("zulip"), return_data=ret)
             self.assertIsNone(result)
 
     @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))

zerver/views/auth.py

@@ -645,8 +645,10 @@ def api_fetch_api_key(request, username=REQ(), password=REQ()):
     # type: (HttpRequest, str, str) -> HttpResponse
     return_data = {}  # type: Dict[str, bool]
     if username == "google-oauth2-token":
+        subdomain = get_subdomain(request)
+        realm = get_realm(subdomain)
         user_profile = authenticate(google_oauth2_token=password,
-                                    realm_subdomain=get_subdomain(request),
+                                    realm=realm,
                                     return_data=return_data)
     else:
         if not ldap_auth_enabled(realm=get_realm_from_request(request)):

zproject/backends.py

@@ -375,8 +375,10 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin):
 
     """
 
-    def authenticate(self, google_oauth2_token: str=None, realm_subdomain: str=None,
+    def authenticate(self, google_oauth2_token: str=None, realm: Optional[Realm]=None,
                      return_data: Optional[Dict[str, Any]]=None) -> Optional[UserProfile]:
+        if realm is None:
+            return None
         if return_data is None:
             return_data = {}
 
@@ -396,7 +398,7 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin):
             if user_profile.realm.deactivated:
                 return_data["inactive_realm"] = True
                 return None
-            if not user_matches_subdomain(realm_subdomain, user_profile):
+            if not user_matches_subdomain(realm.subdomain, user_profile):
                 return_data["invalid_subdomain"] = True
                 return None
             if not google_auth_enabled(realm=user_profile.realm):