decorator: Extract public_json_view.

This refactoring is necessary to separate the expected type annotation for view functions with different authentication methods. Currently the signature aren't actually check against view functions because `rest_path` does not support type checking parameter types, but it will become useful once we do. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2025-10-30 19:43:47 +00:00 · 2022-08-01 14:46:23 -04:00
parent 299f3442ff
commit f54ecad6cd
3 changed files with 51 additions and 12 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -836,13 +836,11 @@ def process_as_post(
    return _wrapped_view_func


-# Checks if the user is logged in.  If not, return an error (the
-# @login_required behavior of redirecting to a login page doesn't make
-# sense for json views)
-def authenticated_json_view(
-    view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
+def public_json_view(
+    view_func: Callable[
+        Concatenate[HttpRequest, Union[UserProfile, AnonymousUser], ParamT], HttpResponse
+    ],
    skip_rate_limiting: bool = False,
-    allow_unauthenticated: bool = False,
 ) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
    @wraps(view_func)
    def _wrapped_view_func(
@@ -855,9 +853,6 @@ def authenticated_json_view(
            rate_limit(request)

        if not request.user.is_authenticated:
-            if not allow_unauthenticated:
-                raise UnauthorizedError()
-
            process_client(
                request,
                is_browser_view=True,
@@ -865,6 +860,33 @@ def authenticated_json_view(
            )
            return view_func(request, request.user, *args, **kwargs)

+        # Fall back to authenticated_json_view if the user is authenticated.
+        # Since we have done rate limiting earlier is no need to do it again.
+        return authenticated_json_view(view_func, skip_rate_limiting=True)(request, *args, **kwargs)
+
+    return _wrapped_view_func
+
+
+# Checks if the user is logged in.  If not, return an error (the
+# @login_required behavior of redirecting to a login page doesn't make
+# sense for json views)
+def authenticated_json_view(
+    view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
+    skip_rate_limiting: bool = False,
+) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
+    @wraps(view_func)
+    def _wrapped_view_func(
+        request: HttpRequest,
+        /,
+        *args: ParamT.args,
+        **kwargs: ParamT.kwargs,
+    ) -> HttpResponse:
+        if not skip_rate_limiting:
+            rate_limit(request)
+
+        if not request.user.is_authenticated:
+            raise UnauthorizedError()
+
        user_profile = request.user
        validate_account_and_subdomain(request, user_profile)