auth: Ensure only one of mobile and desktop otps in validate_otp_params.

validate_otp_params needs to be moved to backends.py, because as of this
commit it'll be used both there and in views.auth - and import from
views.auth to backends.py causes circular import issue.

zerver/views/auth.py

@@ -24,7 +24,7 @@ from zerver.context_processors import zulip_default_context, get_realm_from_requ
 from zerver.forms import HomepageForm, OurAuthenticationForm, \
     WRONG_SUBDOMAIN_ERROR, DEACTIVATED_ACCOUNT_ERROR, ZulipPasswordResetForm, \
     AuthenticationTokenForm
-from zerver.lib.mobile_auth_otp import is_valid_otp, otp_encrypt_api_key
+from zerver.lib.mobile_auth_otp import otp_encrypt_api_key
 from zerver.lib.push_notifications import push_notifications_enabled
 from zerver.lib.redis_utils import get_redis_client, get_dict_from_redis, put_dict_in_redis
 from zerver.lib.request import REQ, has_request_variables, JsonableError
@@ -40,7 +40,7 @@ from zerver.signals import email_on_new_login
 from zproject.backends import password_auth_enabled, dev_auth_enabled, \
     ldap_auth_enabled, ZulipLDAPConfigurationError, ZulipLDAPAuthBackend, \
     AUTH_BACKEND_NAME_MAP, auth_enabled_helper, saml_auth_enabled, SAMLAuthBackend, \
-    redirect_to_config_error, ZulipRemoteUserBackend
+    redirect_to_config_error, ZulipRemoteUserBackend, validate_otp_params
 from version import ZULIP_VERSION
 
 import jwt
@@ -407,12 +407,6 @@ def oauth_redirect_to_root(request: HttpRequest, url: str,
 
     return redirect(main_site_uri + '?' + urllib.parse.urlencode(params))
 
-def validate_otp_params(mobile_flow_otp: Optional[str]=None,
-                        desktop_flow_otp: Optional[str]=None) -> None:
-    for otp in [mobile_flow_otp, desktop_flow_otp]:
-        if otp is not None and not is_valid_otp(otp):
-            raise JsonableError(_("Invalid OTP"))
-
 def start_social_login(request: HttpRequest, backend: str, extra_arg: Optional[str]=None
                        ) -> HttpResponse:
     backend_url = reverse('social:begin', args=[backend])

zproject/backends.py

@@ -48,6 +48,7 @@ from zerver.lib.actions import do_create_user, do_reactivate_user, do_deactivate
 from zerver.lib.avatar import is_avatar_new, avatar_url
 from zerver.lib.avatar_hash import user_avatar_content_hash
 from zerver.lib.dev_ldap_directory import init_fakeldap
+from zerver.lib.mobile_auth_otp import is_valid_otp
 from zerver.lib.request import JsonableError
 from zerver.lib.users import check_full_name, validate_user_custom_profile_field
 from zerver.lib.redis_utils import get_redis_client, get_dict_from_redis, put_dict_in_redis
@@ -1076,10 +1077,10 @@ def social_auth_finish(backend: Any,
     redirect_to = strategy.session_get('next')
     realm = Realm.objects.get(id=return_data["realm_id"])
     multiuse_object_key = strategy.session_get('multiuse_object_key', '')
+
     mobile_flow_otp = strategy.session_get('mobile_flow_otp')
     desktop_flow_otp = strategy.session_get('desktop_flow_otp')
-    if mobile_flow_otp and desktop_flow_otp:
+    validate_otp_params(mobile_flow_otp, desktop_flow_otp)
-        raise JsonableError(_("Can't use both mobile_flow_otp and desktop_flow_otp together."))
 
     if user_profile is None or user_profile.is_mirror_dummy:
         is_signup = strategy.session_get('is_signup') == '1'
@@ -1427,6 +1428,15 @@ class SAMLAuthBackend(SocialAuthMixin, SAMLAuth):
 
         return result
 
+def validate_otp_params(mobile_flow_otp: Optional[str]=None,
+                        desktop_flow_otp: Optional[str]=None) -> None:
+    for otp in [mobile_flow_otp, desktop_flow_otp]:
+        if otp is not None and not is_valid_otp(otp):
+            raise JsonableError(_("Invalid OTP"))
+
+    if mobile_flow_otp and desktop_flow_otp:
+        raise JsonableError(_("Can't use both mobile_flow_otp and desktop_flow_otp together."))
+
 def get_external_method_dicts(realm: Optional[Realm]=None) -> List[ExternalAuthMethodDictT]:
     """
     Returns a list of dictionaries that represent social backends, sorted