From dff4ab0daf9aef7260040eb8d712968958633c9c Mon Sep 17 00:00:00 2001
From: Aman Agrawal <amanagr@zulip.com>
Date: Wed, 7 Oct 2020 17:26:30 +0530
Subject: [PATCH] spectators: Add comments and assertions on security model.

These tweaks help make reasoning about the spectators security model
easier to understand.
---
 zerver/lib/events.py          | 6 ++++++
 zerver/views/message_fetch.py | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/zerver/lib/events.py b/zerver/lib/events.py
index 07fddcfa8b..acaaff16c9 100644
--- a/zerver/lib/events.py
+++ b/zerver/lib/events.py
@@ -577,6 +577,12 @@ def fetch_initial_state_data(
         # abuse.
         state["giphy_api_key"] = settings.GIPHY_API_KEY if settings.GIPHY_API_KEY else ""
 
+    if user_profile is None:
+        # To ensure we have the correct user state set.
+        assert state["is_admin"] is False
+        assert state["is_owner"] is False
+        assert state["is_guest"] is True
+
     return state
 
 
diff --git a/zerver/views/message_fetch.py b/zerver/views/message_fetch.py
index ac4dcefa8a..b4ecf12031 100644
--- a/zerver/views/message_fetch.py
+++ b/zerver/views/message_fetch.py
@@ -965,6 +965,10 @@ def get_messages_backend(
         # cases of web-public queries (where we should return the
         # web-public results only) and clients with buggy
         # authentication code (where we should return an auth error).
+        #
+        # GetOldMessagesTest.test_unauthenticated_* tests ensure
+        # that we are not leaking any secure data (private messages and
+        # non web-public-stream messages) via this path.
         if not is_web_public_narrow(narrow):
             raise MissingAuthenticationError()
         assert narrow is not None