decorator: Rename authenticate_notify.

This was originally used for more Django -> Tornado communication than it now does; it is primarily not used to "notify" Tornado anymore.
2025-10-29 11:03:54 +00:00 · 2024-02-08 19:22:43 +00:00
parent e6fa1f5436
commit be75736a95
2 changed files with 11 additions and 10 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -916,11 +916,12 @@ def authenticated_json_view(
    return _wrapped_view_func


-# These views are used by the main Django server to notify the Tornado server
-# of events.  We protect them from the outside world by checking a shared
-# secret, and also the originating IP (for now).
+# These views are used for communication from Django to Tornado, or
+# from command-line tools into Django.  We protect them from the
+# outside world by checking a shared secret, and also the originating
+# IP (for now).
@has_request_variables
-def authenticate_notify(request: HttpRequest, secret: str = REQ("secret")) -> bool:
+def authenticate_internal_api(request: HttpRequest, secret: str = REQ("secret")) -> bool:
    return is_local_addr(request.META["REMOTE_ADDR"]) and constant_time_compare(
        secret, settings.SHARED_SECRET
    )
@@ -945,7 +946,7 @@ def internal_notify_view(
        def _wrapped_func_arguments(
            request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
        ) -> HttpResponse:
-            if not authenticate_notify(request):
+            if not authenticate_internal_api(request):
                raise AccessDeniedError
            request_notes = RequestNotes.get_notes(request)
            is_tornado_request = request_notes.tornado_handler_id is not None
--- a/zerver/tests/test_decorators.py
+++ b/zerver/tests/test_decorators.py
@@ -19,7 +19,7 @@ from zerver.actions.realm_settings import do_deactivate_realm, do_reactivate_rea
 from zerver.actions.user_settings import do_change_user_setting
 from zerver.actions.users import change_user_is_active, do_deactivate_user
 from zerver.decorator import (
-    authenticate_notify,
+    authenticate_internal_api,
    authenticated_json_view,
    authenticated_rest_api_view,
    authenticated_uploads_api_view,
@@ -1005,7 +1005,7 @@ class TestInternalNotifyView(ZulipTestCase):
        )

        with self.settings(SHARED_SECRET=secret):
-            self.assertTrue(authenticate_notify(request))
+            self.assertTrue(authenticate_internal_api(request))
            self.assertEqual(
                orjson.loads(self.internal_notify(False, request).content).get("msg"),
                self.BORING_RESULT,
@@ -1021,7 +1021,7 @@ class TestInternalNotifyView(ZulipTestCase):
            tornado_handler=dummy_handler,
        )
        with self.settings(SHARED_SECRET=secret):
-            self.assertTrue(authenticate_notify(request))
+            self.assertTrue(authenticate_internal_api(request))
            self.assertEqual(
                orjson.loads(self.internal_notify(True, request).content).get("msg"),
                self.BORING_RESULT,
@@ -1054,7 +1054,7 @@ class TestInternalNotifyView(ZulipTestCase):
        )

        with self.settings(SHARED_SECRET="broken"):
-            self.assertFalse(authenticate_notify(request))
+            self.assertFalse(authenticate_internal_api(request))
            with self.assertRaises(AccessDeniedError) as access_denied_error:
                self.internal_notify(True, request)
            self.assertEqual(access_denied_error.exception.http_status_code, 403)
@@ -1067,7 +1067,7 @@ class TestInternalNotifyView(ZulipTestCase):
        )

        with self.settings(SHARED_SECRET=secret):
-            self.assertFalse(authenticate_notify(request))
+            self.assertFalse(authenticate_internal_api(request))
            with self.assertRaises(AccessDeniedError) as context:
                self.internal_notify(True, request)
            self.assertEqual(context.exception.http_status_code, 403)