def api_dev_fetch_api_key(request: HttpRequest, username: str=REQ()) -> HttpResponse:
"""This function allows logging in without a password on the Zulip
mobile apps when connecting to a Zulip development environment. It
requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS.
"""
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
# Django invokes authenticate methods by matching arguments, and this
# authentication flow will not invoke LDAP authentication because of
# this condition of Django so no need to check if LDAP backend is
# enabled.
validate_login_email(username)
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
return_data = {} # type: Dict[str, bool]
user_profile = authenticate(dev_auth_username=username,
realm=realm,
return_data=return_data)
if return_data.get("inactive_realm"):
return json_error(_("Your realm has been deactivated."),
data={"reason": "realm deactivated"}, status=403)
if return_data.get("inactive_user"):
return json_error(_("Your account has been disabled."),
data={"reason": "user disable"}, status=403)
if user_profile is None:
return json_error(_("This user is not registered."),
data={"reason": "unregistered"}, status=403)
do_login(request, user_profile)
return json_success({"api_key": user_profile.api_key, "email": user_profile.email})
def add_settings(request):
realm = request.user.realm if hasattr(request.user, "realm") else None
return {
# We use the not_voyager variable name so that templates
# will render even if the appropriate context is not provided
# to the template
'not_voyager': not settings.VOYAGER,
'zulip_com': settings.ZULIP_COM,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(),
'google_auth_enabled': google_auth_enabled(),
'development_environment': settings.DEVELOPMENT,
}
def get_auth_backends_data(request: HttpRequest) -> Dict[str, Any]:
"""Returns which authentication methods are enabled on the server"""
subdomain = get_subdomain(request)
try:
realm = Realm.objects.get(string_id=subdomain)
except Realm.DoesNotExist:
# If not the root subdomain, this is an error
if subdomain != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
raise JsonableError(_("Invalid subdomain"))
# With the root subdomain, it's an error or not depending
# whether ROOT_DOMAIN_LANDING_PAGE (which indicates whether
# there are some realms without subdomains on this server)
# is set.
if settings.ROOT_DOMAIN_LANDING_PAGE:
raise JsonableError(_("Subdomain required"))
else:
realm = None
return {
"password": password_auth_enabled(realm),
"dev": dev_auth_enabled(realm),
"email": email_auth_enabled(realm),
"github": github_auth_enabled(realm),
"google": google_auth_enabled(realm),
"ldap": ldap_auth_enabled(realm),
}
def get_auth_backends_data(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Returns which authentication methods are enabled on the server"""
if settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
try:
realm = Realm.objects.get(string_id=subdomain)
except Realm.DoesNotExist:
# If not the root subdomain, this is an error
if subdomain != "":
raise JsonableError(_("Invalid subdomain"))
# With the root subdomain, it's an error or not depending
# whether SUBDOMAINS_HOMEPAGE (which indicates whether
# there are some realms without subdomains on this server)
# is set.
if settings.SUBDOMAINS_HOMEPAGE:
raise JsonableError(_("Subdomain required"))
else:
realm = None
else:
# Without subdomains, we just have to report what the server
# supports, since we don't know the realm.
realm = None
return {"password": password_auth_enabled(realm),
"dev": dev_auth_enabled(realm),
"github": github_auth_enabled(realm),
"google": google_auth_enabled(realm)}
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated:
return HttpResponseRedirect("/")
if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS:
redirect_url = reverse('zerver.views.registration.find_my_team')
return HttpResponseRedirect(redirect_url)
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
users = get_dev_users()
extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin]
extra_context['direct_users'] = [
u.email for u in users
if not u.is_realm_admin and u.realm.string_id == 'zulip']
extra_context['community_users'] = [
u.email for u in users
if u.realm.string_id != 'zulip']
template_response = django_login_page(
request, authentication_form=OurAuthenticationForm,
extra_context=extra_context, **kwargs)
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def api_dev_get_emails(request):
# type: (HttpRequest) -> HttpResponse
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
users = get_dev_users()
return json_success(dict(direct_admins=[u.email for u in users if u.is_realm_admin],
direct_users=[u.email for u in users if not u.is_realm_admin]))
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
# Development environments usually have only a few users, but
# it still makes sense to limit how many users we render to
# support performance testing with DevAuthBackend.
MAX_DEV_BACKEND_USERS = 100
users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True)
users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS]
extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin]
extra_context['direct_users'] = [u.email for u in users if not u.is_realm_admin]
template_response = django_login_page(
request, authentication_form=OurAuthenticationForm,
extra_context=extra_context, **kwargs)
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def add_settings(request):
# type: (HttpRequest) -> Dict[str, Any]
if hasattr(request.user, "realm"):
realm = request.user.realm
realm_uri = realm.uri
else:
realm = None
# TODO: Figure out how to add an assertion that this is not used
realm_uri = settings.SERVER_URI
return {
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(),
'google_auth_enabled': google_auth_enabled(),
'github_auth_enabled': github_auth_enabled(),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
}
def api_get_auth_backends(request):
# type: (HttpRequest) -> HttpResponse
# May return a false positive for password auth if it's been disabled
# for a specific realm. Currently only happens for zulip.com on prod
return json_success({"password": password_auth_enabled(None),
"dev": dev_auth_enabled(),
"google": google_auth_enabled(),
})
def api_dev_get_emails(request):
# type: (HttpRequest) -> HttpResponse
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
users = get_dev_users()
return json_success(
dict(direct_admins=[u.email for u in users if u.is_realm_admin],
direct_users=[u.email for u in users if not u.is_realm_admin]))
def api_dev_list_users(request: HttpRequest) -> HttpResponse:
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
users = get_dev_users()
return json_success(dict(direct_admins=[dict(email=u.email, realm_uri=u.realm.uri)
for u in users if u.is_realm_admin],
direct_users=[dict(email=u.email, realm_uri=u.realm.uri)
for u in users if not u.is_realm_admin]))
def api_get_auth_backends(request):
# type: (HttpRequest) -> HttpResponse
# May return a false positive for password auth if it's been disabled
# for a specific realm. Currently only happens for zulip.com on prod
return json_success({"password": password_auth_enabled(None),
"dev": dev_auth_enabled(),
"google": google_auth_enabled(),
})
def api_dev_list_users(request: HttpRequest) -> HttpResponse:
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
users = get_dev_users()
return json_success(dict(direct_admins=[dict(email=u.email, realm_uri=u.realm.uri)
for u in users if u.is_realm_admin],
direct_users=[dict(email=u.email, realm_uri=u.realm.uri)
for u in users if not u.is_realm_admin]))
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse:
if request.user.is_authenticated:
return HttpResponseRedirect(request.user.realm.uri)
if is_subdomain_root_or_alias(
request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse('zerver.views.registration.find_account')
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
else:
realm = get_realm_from_request(request)
add_dev_login_context(realm, extra_context)
if realm and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm, but
# only if it actually exists.
return HttpResponseRedirect(realm.uri)
if 'username' in request.POST:
extra_context['email'] = request.POST['username']
try:
template_response = django_login_page(
request,
authentication_form=OurAuthenticationForm,
extra_context=extra_context,
**kwargs)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(e.args[1])
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
already_registered = request.GET['already_registered']
template_response.context_data[
'already_registered'] = already_registered
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data[
'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse:
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
if request.user and request.user.is_verified():
return HttpResponseRedirect(request.user.realm.uri)
elif request.user.is_authenticated:
return HttpResponseRedirect(request.user.realm.uri)
if is_subdomain_root_or_alias(
request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse('zerver.views.registration.realm_redirect')
if request.method == "GET" and request.GET:
redirect_url = "{}?{}".format(redirect_url,
request.GET.urlencode())
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled() and kwargs.get(
"template_name") == "zerver/dev_login.html":
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
add_dev_login_context(realm, extra_context)
if realm and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm, but
# only if it actually exists.
return HttpResponseRedirect(realm.uri)
if 'username' in request.POST:
extra_context['email'] = request.POST['username']
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
return start_two_factor_auth(request,
extra_context=extra_context,
**kwargs)
try:
extra_context.update(login_context(request))
template_response = django_login_page(
request,
authentication_form=OurAuthenticationForm,
extra_context=extra_context,
**kwargs)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(e.args[1])
if isinstance(template_response, SimpleTemplateResponse):
# Only those responses that are rendered using a template have
# context_data attribute. This attribute doesn't exist otherwise. It is
# added in SimpleTemplateResponse class, which is a derived class of
# HttpResponse. See django.template.response.SimpleTemplateResponse,
# https://github.com/django/django/blob/master/django/template/response.py#L19.
update_login_page_context(request, template_response.context_data)
return template_response
def add_settings(request):
# type: (HttpRequest) -> Dict[str, Any]
if hasattr(request, "user") and hasattr(request.user, "realm"):
realm = request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
else:
realm = None
if realm is not None:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description = realm.description or "The coolest place in the universe."
else:
realm_uri = settings.SERVER_URI
realm_name = None
realm_icon = None
realm_description = None
return {
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'login_link_disabled': settings.LOGIN_LINK_DISABLED,
'about_link_disabled': settings.ABOUT_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'privacy_policy': settings.PRIVACY_POLICY,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'realm_name': realm_name,
'realm_icon': realm_icon,
'realm_description': realm_description,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY,
'zulip_version': ZULIP_VERSION,
}
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated:
return HttpResponseRedirect(request.user.realm.uri)
if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse('zerver.views.registration.find_account')
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
else:
realm = get_realm_from_request(request)
users = get_dev_users(realm)
extra_context['current_realm'] = realm
extra_context['all_realms'] = Realm.objects.all()
extra_context['direct_admins'] = [u for u in users if u.is_realm_admin]
extra_context['direct_users'] = [u for u in users if not u.is_realm_admin]
if realm and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm, but
# only if it actually exists.
return HttpResponseRedirect(realm.uri)
try:
template_response = django_login_page(
request, authentication_form=OurAuthenticationForm,
extra_context=extra_context, **kwargs)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(e.args[1])
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
already_registered = request.GET['already_registered']
template_response.context_data['already_registered'] = already_registered
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def api_dev_get_emails(request):
# type: (HttpRequest) -> HttpResponse
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
MAX_DEV_BACKEND_USERS = 100 # type: int
users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True)
users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS]
return json_success(dict(direct_admins=[u.email for u in users if u.is_realm_admin],
direct_users=[u.email for u in users if not u.is_realm_admin]))
def api_dev_get_emails(request):
# type: (HttpRequest) -> HttpResponse
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
MAX_DEV_BACKEND_USERS = 100 # type: int
users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True)
users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS]
return json_success(dict(direct_admins=[u.email for u in users if u.is_realm_admin],
direct_users=[u.email for u in users if not u.is_realm_admin]))
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated:
return HttpResponseRedirect("/")
if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse('zerver.views.registration.find_account')
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
else:
realm = get_realm_from_request(request)
users = get_dev_users(realm)
extra_context['current_realm'] = realm
extra_context['all_realms'] = Realm.objects.all()
extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin]
extra_context['direct_users'] = [u.email for u in users if not u.is_realm_admin]
if settings.REALMS_HAVE_SUBDOMAINS and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm
return HttpResponseRedirect(realm.uri)
try:
template_response = django_login_page(
request, authentication_form=OurAuthenticationForm,
extra_context=extra_context, **kwargs)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(e.args[1])
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
already_registered = request.GET['already_registered']
template_response.context_data['already_registered'] = already_registered
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse:
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
if request.user and request.user.is_verified():
return HttpResponseRedirect(request.user.realm.uri)
elif request.user.is_authenticated:
return HttpResponseRedirect(request.user.realm.uri)
if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse('zerver.views.registration.realm_redirect')
if request.method == "GET" and request.GET:
redirect_url = "{}?{}".format(redirect_url, request.GET.urlencode())
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
else:
realm = get_realm_from_request(request)
add_dev_login_context(realm, extra_context)
if realm and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm, but
# only if it actually exists.
return HttpResponseRedirect(realm.uri)
if 'username' in request.POST:
extra_context['email'] = request.POST['username']
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
return start_two_factor_auth(request, extra_context=extra_context,
**kwargs)
try:
template_response = django_login_page(
request, authentication_form=OurAuthenticationForm,
extra_context=extra_context, **kwargs)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(e.args[1])
if isinstance(template_response, SimpleTemplateResponse):
# Only those responses that are rendered using a template have
# context_data attribute. This attribute doesn't exist otherwise. It is
# added in SimpleTemplateResponse class, which is a derived class of
# HttpResponse. See django.template.response.SimpleTemplateResponse,
# https://github.com/django/django/blob/master/django/template/response.py#L19.
update_login_page_context(request, template_response.context_data)
return template_response
def dev_direct_login(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
# This function allows logging in without a password and should only be called in development environments.
# It may be called if the DevAuthBackend is included in settings.AUTHENTICATION_BACKENDS
if (not dev_auth_enabled()) or settings.PRODUCTION:
# This check is probably not required, since authenticate would fail without an enabled DevAuthBackend.
raise Exception('Direct login not supported.')
email = request.POST['direct_email']
user_profile = authenticate(username=email, realm_subdomain=get_subdomain(request))
if user_profile is None:
raise Exception("User cannot login")
do_login(request, user_profile)
return HttpResponseRedirect(user_profile.realm.uri)
def dev_direct_login(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
# This function allows logging in without a password and should only be called in development environments.
# It may be called if the DevAuthBackend is included in settings.AUTHENTICATION_BACKENDS
if (not dev_auth_enabled()) or settings.PRODUCTION:
# This check is probably not required, since authenticate would fail without an enabled DevAuthBackend.
raise Exception('Direct login not supported.')
email = request.POST['direct_email']
user_profile = authenticate(username=email, realm_subdomain=get_subdomain(request))
if user_profile is None:
raise Exception("User cannot login")
do_login(request, user_profile)
return HttpResponseRedirect(user_profile.realm.uri)
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated:
return HttpResponseRedirect("/")
if is_subdomain_root_or_alias(request) and settings.SUBDOMAINS_HOMEPAGE:
redirect_url = reverse('zerver.views.registration.find_my_team')
return HttpResponseRedirect(redirect_url)
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
else:
realm = get_realm_from_request(request)
users = get_dev_users(realm)
extra_context['current_realm'] = realm
extra_context['all_realms'] = Realm.objects.all()
extra_context['direct_admins'] = [
u.email for u in users if u.is_realm_admin
]
extra_context['direct_users'] = [
u.email for u in users if not u.is_realm_admin
]
if settings.REALMS_HAVE_SUBDOMAINS and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm
return HttpResponseRedirect(realm.uri)
template_response = django_login_page(
request,
authentication_form=OurAuthenticationForm,
extra_context=extra_context,
**kwargs)
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data[
'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def dev_direct_login(request: HttpRequest, **kwargs: Any) -> HttpResponse:
# This function allows logging in without a password and should only be called
# in development environments. It may be called if the DevAuthBackend is included
# in settings.AUTHENTICATION_BACKENDS
if (not dev_auth_enabled()) or settings.PRODUCTION:
# This check is probably not required, since authenticate would fail without
# an enabled DevAuthBackend.
return HttpResponseRedirect(reverse('dev_not_supported'))
email = request.POST['direct_email']
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
user_profile = authenticate(dev_auth_username=email, realm=realm)
if user_profile is None:
return HttpResponseRedirect(reverse('dev_not_supported'))
do_login(request, user_profile)
return HttpResponseRedirect(user_profile.realm.uri)
def dev_direct_login(request: HttpRequest, **kwargs: Any) -> HttpResponse:
# This function allows logging in without a password and should only be called
# in development environments. It may be called if the DevAuthBackend is included
# in settings.AUTHENTICATION_BACKENDS
if (not dev_auth_enabled()) or settings.PRODUCTION:
# This check is probably not required, since authenticate would fail without
# an enabled DevAuthBackend.
return HttpResponseRedirect(reverse('dev_not_supported'))
email = request.POST['direct_email']
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
user_profile = authenticate(dev_auth_username=email, realm=realm)
if user_profile is None:
return HttpResponseRedirect(reverse('dev_not_supported'))
do_login(request, user_profile)
return HttpResponseRedirect(user_profile.realm.uri)
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated():
return HttpResponseRedirect("/")
if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS:
redirect_url = reverse('zerver.views.registration.find_my_team')
return HttpResponseRedirect(redirect_url)
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
# Development environments usually have only a few users, but
# it still makes sense to limit how many users we render to
# support performance testing with DevAuthBackend.
MAX_DEV_BACKEND_USERS = 100
users_query = UserProfile.objects.select_related().filter(
is_bot=False, is_active=True)
users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS]
extra_context['direct_admins'] = [
u.email for u in users if u.is_realm_admin
]
extra_context['direct_users'] = [
u.email for u in users
if not u.is_realm_admin and u.realm.string_id == 'zulip'
]
extra_context['community_users'] = [
u.email for u in users if u.realm.string_id != 'zulip'
]
template_response = django_login_page(
request,
authentication_form=OurAuthenticationForm,
extra_context=extra_context,
**kwargs)
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data[
'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse:
if request.user.is_authenticated:
return HttpResponseRedirect(request.user.realm.uri)
if is_subdomain_root_or_alias(
request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse('zerver.views.registration.find_account')
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
if 'new_realm' in request.POST:
realm = get_realm(request.POST['new_realm'])
else:
realm = get_realm_from_request(request)
add_dev_login_context(realm, extra_context)
if realm and 'new_realm' in request.POST:
# If we're switching realms, redirect to that realm, but
# only if it actually exists.
return HttpResponseRedirect(realm.uri)
if 'username' in request.POST:
extra_context['email'] = request.POST['username']
try:
template_response = django_login_page(
request,
authentication_form=OurAuthenticationForm,
extra_context=extra_context,
**kwargs)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(e.args[1])
if isinstance(template_response, HttpResponseRedirect):
# We return immediately; redirect responses don't have a
# `.context_data` to update with update_login_page_context.
return template_response
update_login_page_context(request, template_response.context_data)
return template_response
def add_settings(request):
# type: (HttpRequest) -> Dict[str, Any]
realm = None
if hasattr(request.user, "realm"):
realm = request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
if realm is not None:
realm_uri = realm.uri
else:
realm_uri = settings.SERVER_URI
return {
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'login_link_disabled': settings.LOGIN_LINK_DISABLED,
'about_link_disabled': settings.ABOUT_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY,
'zulip_version': ZULIP_VERSION,
}
def add_settings(request):
# type: (HttpRequest) -> Dict[str, Any]
realm = None
if hasattr(request.user, "realm"):
realm = request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
if realm is not None:
realm_uri = realm.uri
else:
realm_uri = settings.SERVER_URI
return {
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'login_link_disabled': settings.LOGIN_LINK_DISABLED,
'about_link_disabled': settings.ABOUT_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED,
}
def api_dev_fetch_api_key(request, username=REQ()):
# type: (HttpRequest, str) -> HttpResponse
"""This function allows logging in without a password on the Zulip
mobile apps when connecting to a Zulip development environment. It
requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS.
"""
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
return_data = {} # type: Dict[str, bool]
user_profile = authenticate(username=username,
realm_subdomain=get_subdomain(request),
return_data=return_data)
if return_data.get("inactive_realm") == True:
return json_error(_("Your realm has been deactivated."),
data={"reason": "realm deactivated"}, status=403)
if return_data.get("inactive_user") == True:
return json_error(_("Your account has been disabled."),
data={"reason": "user disable"}, status=403)
login(request, user_profile)
return json_success({"api_key": user_profile.api_key, "email": user_profile.email})
def api_dev_fetch_api_key(request, username=REQ()):
# type: (HttpRequest, str) -> HttpResponse
"""This function allows logging in without a password on the Zulip
mobile apps when connecting to a Zulip development environment. It
requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS.
"""
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
return_data = {} # type: Dict[str, bool]
user_profile = authenticate(username=username,
realm_subdomain=get_subdomain(request),
return_data=return_data)
if return_data.get("inactive_realm") == True:
return json_error(_("Your realm has been deactivated."),
data={"reason": "realm deactivated"}, status=403)
if return_data.get("inactive_user") == True:
return json_error(_("Your account has been disabled."),
data={"reason": "user disable"}, status=403)
login(request, user_profile)
return json_success({"api_key": user_profile.api_key, "email": user_profile.email})
def add_settings(request):
# type: (HttpRequest) -> Dict[str, Any]
if hasattr(request.user, "realm"):
realm = request.user.realm
realm_uri = realm.uri
full_name = request.user.full_name
realm_name = realm.name
else:
realm = None
full_name = None
realm_name = None
# TODO: Figure out how to add an assertion that this is not used
realm_uri = settings.SERVER_URI
return {
'full_name': full_name,
'realm_name': realm_name,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(),
'google_auth_enabled': google_auth_enabled(),
'github_auth_enabled': github_auth_enabled(),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
}
def dev_direct_login(
request: HttpRequest,
next: str = REQ(default="/"),
) -> HttpResponse:
# This function allows logging in without a password and should only be called
# in development environments. It may be called if the DevAuthBackend is included
# in settings.AUTHENTICATION_BACKENDS
if (not dev_auth_enabled()) or settings.PRODUCTION:
# This check is probably not required, since authenticate would fail without
# an enabled DevAuthBackend.
return config_error(request, "dev")
email = request.POST["direct_email"]
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
user_profile = authenticate(dev_auth_username=email, realm=realm)
if user_profile is None:
return config_error(request, "dev")
do_login(request, user_profile)
redirect_to = get_safe_redirect_to(next, user_profile.realm.uri)
return HttpResponseRedirect(redirect_to)
def add_settings(request):
realm = request.user.realm if hasattr(request.user, "realm") else None
return {
# We use the not_voyager variable name so that templates
# will render even if the appropriate context is not provided
# to the template
'not_voyager': not settings.VOYAGER,
'zulip_com': settings.ZULIP_COM,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(),
'google_auth_enabled': google_auth_enabled(),
}
def add_settings(request):
realm = request.user.realm if hasattr(request.user, "realm") else None
return {
# We use the not_voyager variable name so that templates
# will render even if the appropriate context is not provided
# to the template
'not_voyager': not settings.VOYAGER,
'zulip_com': settings.ZULIP_COM,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(),
'google_auth_enabled': google_auth_enabled(),
}
def api_dev_fetch_api_key(
request: HttpRequest, username: str = REQ()) -> HttpResponse:
"""This function allows logging in without a password on the Zulip
mobile apps when connecting to a Zulip development environment. It
requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS.
"""
if not dev_auth_enabled() or settings.PRODUCTION:
return json_error(_("Dev environment not enabled."))
# Django invokes authenticate methods by matching arguments, and this
# authentication flow will not invoke LDAP authentication because of
# this condition of Django so no need to check if LDAP backend is
# enabled.
validate_login_email(username)
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
return_data = {} # type: Dict[str, bool]
user_profile = authenticate(dev_auth_username=username,
realm=realm,
return_data=return_data)
if return_data.get("inactive_realm"):
return json_error(_("This organization has been deactivated."),
data={"reason": "realm deactivated"},
status=403)
if return_data.get("inactive_user"):
return json_error(_("Your account has been disabled."),
data={"reason": "user disable"},
status=403)
if user_profile is None:
return json_error(_("This user is not registered."),
data={"reason": "unregistered"},
status=403)
do_login(request, user_profile)
api_key = get_api_key(user_profile)
return json_success({
"api_key": api_key,
"email": user_profile.delivery_email
})
def get_auth_backends_data(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Returns which authentication methods are enabled on the server"""
subdomain = get_subdomain(request)
try:
realm = Realm.objects.get(string_id=subdomain)
except Realm.DoesNotExist:
# If not the root subdomain, this is an error
if subdomain != "":
raise JsonableError(_("Invalid subdomain"))
# With the root subdomain, it's an error or not depending
# whether ROOT_DOMAIN_LANDING_PAGE (which indicates whether
# there are some realms without subdomains on this server)
# is set.
if settings.ROOT_DOMAIN_LANDING_PAGE:
raise JsonableError(_("Subdomain required"))
else:
realm = None
return {"password": password_auth_enabled(realm),
"dev": dev_auth_enabled(realm),
"github": github_auth_enabled(realm),
"google": google_auth_enabled(realm)}
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated():
return HttpResponseRedirect("/")
if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS:
redirect_url = reverse('zerver.views.registration.find_my_team')
return HttpResponseRedirect(redirect_url)
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
users = get_dev_users()
extra_context['direct_admins'] = [
u.email for u in users if u.is_realm_admin
]
extra_context['direct_users'] = [
u.email for u in users
if not u.is_realm_admin and u.realm.string_id == 'zulip'
]
extra_context['community_users'] = [
u.email for u in users if u.realm.string_id != 'zulip'
]
template_response = django_login_page(
request,
authentication_form=OurAuthenticationForm,
extra_context=extra_context,
**kwargs)
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data[
'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def login_page(request, **kwargs):
# type: (HttpRequest, **Any) -> HttpResponse
if request.user.is_authenticated():
return HttpResponseRedirect("/")
if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS:
redirect_url = reverse('zerver.views.registration.find_my_team')
return HttpResponseRedirect(redirect_url)
extra_context = kwargs.pop('extra_context', {})
if dev_auth_enabled():
# Development environments usually have only a few users, but
# it still makes sense to limit how many users we render to
# support performance testing with DevAuthBackend.
MAX_DEV_BACKEND_USERS = 100
users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True)
users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS]
extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin]
extra_context['direct_users'] = [
u.email for u in users
if not u.is_realm_admin and u.realm.string_id == 'zulip']
extra_context['community_users'] = [
u.email for u in users
if u.realm.string_id == 'simple']
template_response = django_login_page(
request, authentication_form=OurAuthenticationForm,
extra_context=extra_context, **kwargs)
try:
template_response.context_data['email'] = request.GET['email']
except KeyError:
pass
try:
template_response.context_data['subdomain'] = request.GET['subdomain']
template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR
except KeyError:
pass
return template_response
def check_dev_auth_backend() -> None:
if settings.PRODUCTION:
raise JsonableError(_("Endpoint not available in production."))
if not dev_auth_enabled():
raise JsonableError(_("DevAuthBackend not enabled."))
def zulip_default_context(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Context available to all Zulip Jinja2 templates that have a request
passed in. Designed to provide the long list of variables at the
bottom of this function in a wide range of situations: logged-in
or logged-out, subdomains or not, etc.
The main variable in the below is whether we know what realm the
user is trying to interact with.
"""
realm = get_realm_from_request(request)
if realm is None:
realm_uri = settings.ROOT_DOMAIN_URI
realm_name = None
realm_icon = None
realm_description = None
realm_invite_required = False
else:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description_raw = realm.description or "The coolest place in the universe."
realm_description = convert(realm_description_raw, message_realm=realm)
realm_invite_required = realm.invite_required
register_link_disabled = settings.REGISTER_LINK_DISABLED
login_link_disabled = settings.LOGIN_LINK_DISABLED
about_link_disabled = settings.ABOUT_LINK_DISABLED
find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED
if settings.ROOT_DOMAIN_LANDING_PAGE and get_subdomain(request) == "":
register_link_disabled = True
login_link_disabled = True
about_link_disabled = True
find_team_link_disabled = False
apps_page_url = 'https://zulipchat.com/apps/'
if settings.ZILENCER_ENABLED:
apps_page_url = '/apps/'
user_is_authenticated = False
if hasattr(request, 'user') and hasattr(request.user, 'is_authenticated'):
user_is_authenticated = request.user.is_authenticated.value
if settings.DEVELOPMENT:
secrets_path = "zproject/dev-secrets.conf"
settings_path = "zproject/dev_settings.py"
settings_comments_path = "zproject/prod_settings_template.py"
else:
secrets_path = "/etc/zulip/zulip-secrets.conf"
settings_path = "/etc/zulip/settings.py"
settings_comments_path = "/etc/zulip/settings.py"
if hasattr(request, "client") and request.client.name == "ZulipElectron":
platform = "ZulipElectron" # nocoverage
else:
platform = "ZulipWeb"
return {
'root_domain_landing_page':
settings.ROOT_DOMAIN_LANDING_PAGE,
'custom_logo_url':
settings.CUSTOM_LOGO_URL,
'register_link_disabled':
register_link_disabled,
'login_link_disabled':
login_link_disabled,
'about_link_disabled':
about_link_disabled,
'terms_of_service':
settings.TERMS_OF_SERVICE,
'privacy_policy':
settings.PRIVACY_POLICY,
'login_url':
settings.HOME_NOT_LOGGED_IN,
'only_sso':
settings.ONLY_SSO,
'external_api_path':
settings.EXTERNAL_API_PATH,
'external_api_uri':
settings.EXTERNAL_API_URI,
'external_host':
settings.EXTERNAL_HOST,
'external_uri_scheme':
settings.EXTERNAL_URI_SCHEME,
'realm_invite_required':
realm_invite_required,
'realm_uri':
realm_uri,
'realm_name':
realm_name,
'realm_icon':
realm_icon,
'realm_description':
realm_description,
'root_domain_uri':
settings.ROOT_DOMAIN_URI,
'api_site_required':
settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_gateway_example':
settings.EMAIL_GATEWAY_EXAMPLE,
'apps_page_url':
apps_page_url,
'open_realm_creation':
settings.OPEN_REALM_CREATION,
'password_auth_enabled':
password_auth_enabled(realm),
'dev_auth_enabled':
dev_auth_enabled(realm),
'google_auth_enabled':
google_auth_enabled(realm),
'github_auth_enabled':
github_auth_enabled(realm),
'email_auth_enabled':
email_auth_enabled(realm),
'require_email_format_usernames':
require_email_format_usernames(realm),
'any_oauth_backend_enabled':
any_oauth_backend_enabled(realm),
'no_auth_enabled':
not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm),
'development_environment':
settings.DEVELOPMENT,
'support_email':
FromAddress.SUPPORT,
'find_team_link_disabled':
find_team_link_disabled,
'password_min_length':
settings.PASSWORD_MIN_LENGTH,
'password_min_guesses':
settings.PASSWORD_MIN_GUESSES,
'zulip_version':
ZULIP_VERSION,
'user_is_authenticated':
user_is_authenticated,
'settings_path':
settings_path,
'secrets_path':
secrets_path,
'settings_comments_path':
settings_comments_path,
'platform':
platform,
}
def zulip_default_context(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Context available to all Zulip Jinja2 templates that have a request
passed in. Designed to provide the long list of variables at the
bottom of this function in a wide range of situations: logged-in
or logged-out, subdomains or not, etc.
The main variable in the below is whether we know the realm, which
is the case if there is only one realm, or we're on a
REALMS_HAVE_SUBDOMAINS subdomain, or the user is logged in.
"""
realm = get_realm_from_request(request)
if realm is not None:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description = realm.description or "The coolest place in the universe."
else:
realm_uri = settings.SERVER_URI
realm_name = None
realm_icon = None
realm_description = None
return {
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'login_link_disabled': settings.LOGIN_LINK_DISABLED,
'about_link_disabled': settings.ABOUT_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'privacy_policy': settings.PRIVACY_POLICY,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'realm_name': realm_name,
'realm_icon': realm_icon,
'realm_description': realm_description,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'any_oauth_backend_enabled': any_oauth_backend_enabled(realm),
'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY,
'zulip_version': ZULIP_VERSION,
}
def zulip_default_context(request: HttpRequest) -> Dict[str, Any]:
"""Context available to all Zulip Jinja2 templates that have a request
passed in. Designed to provide the long list of variables at the
bottom of this function in a wide range of situations: logged-in
or logged-out, subdomains or not, etc.
The main variable in the below is whether we know what realm the
user is trying to interact with.
"""
realm = get_realm_from_request(request)
if realm is None:
realm_uri = settings.ROOT_DOMAIN_URI
realm_name = None
realm_icon = None
realm_description = None
realm_invite_required = False
else:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description_raw = realm.description or "The coolest place in the universe."
realm_description = convert(realm_description_raw, message_realm=realm)
realm_invite_required = realm.invite_required
register_link_disabled = settings.REGISTER_LINK_DISABLED
login_link_disabled = settings.LOGIN_LINK_DISABLED
find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED
allow_search_engine_indexing = False
if (settings.ROOT_DOMAIN_LANDING_PAGE
and get_subdomain(request) == Realm.SUBDOMAIN_FOR_ROOT_DOMAIN):
register_link_disabled = True
login_link_disabled = True
find_team_link_disabled = False
allow_search_engine_indexing = True
apps_page_url = 'https://zulipchat.com/apps/'
if settings.ZILENCER_ENABLED:
apps_page_url = '/apps/'
user_is_authenticated = False
if hasattr(request, 'user') and hasattr(request.user, 'is_authenticated'):
user_is_authenticated = request.user.is_authenticated.value
if settings.DEVELOPMENT:
secrets_path = "zproject/dev-secrets.conf"
settings_path = "zproject/dev_settings.py"
settings_comments_path = "zproject/prod_settings_template.py"
else:
secrets_path = "/etc/zulip/zulip-secrets.conf"
settings_path = "/etc/zulip/settings.py"
settings_comments_path = "/etc/zulip/settings.py"
if hasattr(request, "client") and request.client.name == "ZulipElectron":
platform = "ZulipElectron" # nocoverage
else:
platform = "ZulipWeb"
return {
'root_domain_landing_page': settings.ROOT_DOMAIN_LANDING_PAGE,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': register_link_disabled,
'login_link_disabled': login_link_disabled,
'terms_of_service': settings.TERMS_OF_SERVICE,
'privacy_policy': settings.PRIVACY_POLICY,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'custom_profile_fields_enabled': settings.DEVELOPMENT,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_invite_required': realm_invite_required,
'realm_uri': realm_uri,
'realm_name': realm_name,
'realm_icon': realm_icon,
'realm_description': realm_description,
'root_domain_uri': settings.ROOT_DOMAIN_URI,
'apps_page_url': apps_page_url,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'email_auth_enabled': email_auth_enabled(realm),
'require_email_format_usernames': require_email_format_usernames(realm),
'any_oauth_backend_enabled': any_oauth_backend_enabled(realm),
'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm),
'development_environment': settings.DEVELOPMENT,
'support_email': FromAddress.SUPPORT,
'find_team_link_disabled': find_team_link_disabled,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_guesses': settings.PASSWORD_MIN_GUESSES,
'jitsi_server_url': settings.JITSI_SERVER_URL,
'two_factor_authentication_enabled': settings.TWO_FACTOR_AUTHENTICATION_ENABLED,
'zulip_version': ZULIP_VERSION,
'user_is_authenticated': user_is_authenticated,
'settings_path': settings_path,
'secrets_path': secrets_path,
'settings_comments_path': settings_comments_path,
'platform': platform,
'allow_search_engine_indexing': allow_search_engine_indexing,
}
def login_page(
request: HttpRequest,
next: str = REQ(default="/"),
**kwargs: Any,
) -> HttpResponse:
# To support previewing the Zulip login pages, we have a special option
# that disables the default behavior of redirecting logged-in users to the
# logged-in app.
is_preview = "preview" in request.GET
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
if request.user and request.user.is_verified():
return HttpResponseRedirect(request.user.realm.uri)
elif request.user.is_authenticated and not is_preview:
return HttpResponseRedirect(request.user.realm.uri)
if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = reverse("realm_redirect")
if request.GET:
redirect_url = add_query_to_redirect_url(redirect_url, request.GET.urlencode())
return HttpResponseRedirect(redirect_url)
realm = get_realm_from_request(request)
if realm and realm.deactivated:
return redirect_to_deactivation_notice()
extra_context = kwargs.pop("extra_context", {})
extra_context["next"] = next
if dev_auth_enabled() and kwargs.get("template_name") == "zerver/development/dev_login.html":
from zerver.views.development.dev_login import add_dev_login_context
if "new_realm" in request.POST:
try:
realm = get_realm(request.POST["new_realm"])
except Realm.DoesNotExist:
realm = None
add_dev_login_context(realm, extra_context)
if realm and "new_realm" in request.POST:
# If we're switching realms, redirect to that realm, but
# only if it actually exists.
return HttpResponseRedirect(realm.uri)
if "username" in request.POST:
extra_context["email"] = request.POST["username"]
extra_context.update(login_context(request))
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
return start_two_factor_auth(request, extra_context=extra_context, **kwargs)
try:
template_response = DjangoLoginView.as_view(
authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs
)(request)
except ZulipLDAPConfigurationError as e:
assert len(e.args) > 1
return redirect_to_misconfigured_ldap_notice(request, e.args[1])
if isinstance(template_response, SimpleTemplateResponse):
# Only those responses that are rendered using a template have
# context_data attribute. This attribute doesn't exist otherwise. It is
# added in SimpleTemplateResponse class, which is a derived class of
# HttpResponse. See django.template.response.SimpleTemplateResponse,
# https://github.com/django/django/blob/master/django/template/response.py#L19.
update_login_page_context(request, template_response.context_data)
return template_response
def zulip_default_context(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Context available to all Zulip Jinja2 templates that have a request
passed in. Designed to provide the long list of variables at the
bottom of this function in a wide range of situations: logged-in
or logged-out, subdomains or not, etc.
The main variable in the below is whether we know the realm, which
is the case if there is only one realm, or we're on a
REALMS_HAVE_SUBDOMAINS subdomain, or the user is logged in.
"""
realm = get_realm_from_request(request)
if realm is not None:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description_raw = realm.description or "The coolest place in the universe."
realm_description = convert(realm_description_raw, message_realm=realm)
else:
realm_uri = settings.SERVER_URI
realm_name = None
realm_icon = None
realm_description = None
register_link_disabled = settings.REGISTER_LINK_DISABLED
login_link_disabled = settings.LOGIN_LINK_DISABLED
about_link_disabled = settings.ABOUT_LINK_DISABLED
find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED
if settings.SUBDOMAINS_HOMEPAGE and get_subdomain(request) == "":
register_link_disabled = True
login_link_disabled = True
about_link_disabled = True
find_team_link_disabled = False
apps_page_url = 'https://zulipchat.com/apps/'
if settings.ZILENCER_ENABLED:
apps_page_url = '/apps/'
return {
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': register_link_disabled,
'login_link_disabled': login_link_disabled,
'about_link_disabled': about_link_disabled,
'terms_of_service': settings.TERMS_OF_SERVICE,
'privacy_policy': settings.PRIVACY_POLICY,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'realm_name': realm_name,
'realm_icon': realm_icon,
'realm_description': realm_description,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'apps_page_url': apps_page_url,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'any_oauth_backend_enabled': any_oauth_backend_enabled(realm),
'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm),
'development_environment': settings.DEVELOPMENT,
'support_email': FromAddress.SUPPORT,
'find_team_link_disabled': find_team_link_disabled,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY,
'zulip_version': ZULIP_VERSION,
}
