diff --git a/zerver/views/auth.py b/zerver/views/auth.py index f953ae43cf..5218ce9c5f 100644 --- a/zerver/views/auth.py +++ b/zerver/views/auth.py @@ -24,7 +24,7 @@ from zerver.context_processors import zulip_default_context, get_realm_from_requ from zerver.forms import HomepageForm, OurAuthenticationForm, \ WRONG_SUBDOMAIN_ERROR, DEACTIVATED_ACCOUNT_ERROR, ZulipPasswordResetForm, \ AuthenticationTokenForm -from zerver.lib.mobile_auth_otp import is_valid_otp, otp_encrypt_api_key +from zerver.lib.mobile_auth_otp import otp_encrypt_api_key from zerver.lib.push_notifications import push_notifications_enabled from zerver.lib.redis_utils import get_redis_client, get_dict_from_redis, put_dict_in_redis from zerver.lib.request import REQ, has_request_variables, JsonableError @@ -40,7 +40,7 @@ from zerver.signals import email_on_new_login from zproject.backends import password_auth_enabled, dev_auth_enabled, \ ldap_auth_enabled, ZulipLDAPConfigurationError, ZulipLDAPAuthBackend, \ AUTH_BACKEND_NAME_MAP, auth_enabled_helper, saml_auth_enabled, SAMLAuthBackend, \ - redirect_to_config_error, ZulipRemoteUserBackend + redirect_to_config_error, ZulipRemoteUserBackend, validate_otp_params from version import ZULIP_VERSION import jwt @@ -407,12 +407,6 @@ def oauth_redirect_to_root(request: HttpRequest, url: str, return redirect(main_site_uri + '?' + urllib.parse.urlencode(params)) -def validate_otp_params(mobile_flow_otp: Optional[str]=None, - desktop_flow_otp: Optional[str]=None) -> None: - for otp in [mobile_flow_otp, desktop_flow_otp]: - if otp is not None and not is_valid_otp(otp): - raise JsonableError(_("Invalid OTP")) - def start_social_login(request: HttpRequest, backend: str, extra_arg: Optional[str]=None ) -> HttpResponse: backend_url = reverse('social:begin', args=[backend]) diff --git a/zproject/backends.py b/zproject/backends.py index 5687742eb3..7a3c12c37f 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -48,6 +48,7 @@ from zerver.lib.actions import do_create_user, do_reactivate_user, do_deactivate from zerver.lib.avatar import is_avatar_new, avatar_url from zerver.lib.avatar_hash import user_avatar_content_hash from zerver.lib.dev_ldap_directory import init_fakeldap +from zerver.lib.mobile_auth_otp import is_valid_otp from zerver.lib.request import JsonableError from zerver.lib.users import check_full_name, validate_user_custom_profile_field from zerver.lib.redis_utils import get_redis_client, get_dict_from_redis, put_dict_in_redis @@ -1076,10 +1077,10 @@ def social_auth_finish(backend: Any, redirect_to = strategy.session_get('next') realm = Realm.objects.get(id=return_data["realm_id"]) multiuse_object_key = strategy.session_get('multiuse_object_key', '') + mobile_flow_otp = strategy.session_get('mobile_flow_otp') desktop_flow_otp = strategy.session_get('desktop_flow_otp') - if mobile_flow_otp and desktop_flow_otp: - raise JsonableError(_("Can't use both mobile_flow_otp and desktop_flow_otp together.")) + validate_otp_params(mobile_flow_otp, desktop_flow_otp) if user_profile is None or user_profile.is_mirror_dummy: is_signup = strategy.session_get('is_signup') == '1' @@ -1427,6 +1428,15 @@ class SAMLAuthBackend(SocialAuthMixin, SAMLAuth): return result +def validate_otp_params(mobile_flow_otp: Optional[str]=None, + desktop_flow_otp: Optional[str]=None) -> None: + for otp in [mobile_flow_otp, desktop_flow_otp]: + if otp is not None and not is_valid_otp(otp): + raise JsonableError(_("Invalid OTP")) + + if mobile_flow_otp and desktop_flow_otp: + raise JsonableError(_("Can't use both mobile_flow_otp and desktop_flow_otp together.")) + def get_external_method_dicts(realm: Optional[Realm]=None) -> List[ExternalAuthMethodDictT]: """ Returns a list of dictionaries that represent social backends, sorted