def api_dev_fetch_api_key(request: HttpRequest, username: str=REQ()) -> HttpResponse: """This function allows logging in without a password on the Zulip mobile apps when connecting to a Zulip development environment. It requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS. """ if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) # Django invokes authenticate methods by matching arguments, and this # authentication flow will not invoke LDAP authentication because of # this condition of Django so no need to check if LDAP backend is # enabled. validate_login_email(username) subdomain = get_subdomain(request) realm = get_realm(subdomain) return_data = {} # type: Dict[str, bool] user_profile = authenticate(dev_auth_username=username, realm=realm, return_data=return_data) if return_data.get("inactive_realm"): return json_error(_("Your realm has been deactivated."), data={"reason": "realm deactivated"}, status=403) if return_data.get("inactive_user"): return json_error(_("Your account has been disabled."), data={"reason": "user disable"}, status=403) if user_profile is None: return json_error(_("This user is not registered."), data={"reason": "unregistered"}, status=403) do_login(request, user_profile) return json_success({"api_key": user_profile.api_key, "email": user_profile.email})
def add_settings(request): realm = request.user.realm if hasattr(request.user, "realm") else None return { # We use the not_voyager variable name so that templates # will render even if the appropriate context is not provided # to the template 'not_voyager': not settings.VOYAGER, 'zulip_com': settings.ZULIP_COM, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(), 'google_auth_enabled': google_auth_enabled(), 'development_environment': settings.DEVELOPMENT, }
def get_auth_backends_data(request: HttpRequest) -> Dict[str, Any]: """Returns which authentication methods are enabled on the server""" subdomain = get_subdomain(request) try: realm = Realm.objects.get(string_id=subdomain) except Realm.DoesNotExist: # If not the root subdomain, this is an error if subdomain != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN: raise JsonableError(_("Invalid subdomain")) # With the root subdomain, it's an error or not depending # whether ROOT_DOMAIN_LANDING_PAGE (which indicates whether # there are some realms without subdomains on this server) # is set. if settings.ROOT_DOMAIN_LANDING_PAGE: raise JsonableError(_("Subdomain required")) else: realm = None return { "password": password_auth_enabled(realm), "dev": dev_auth_enabled(realm), "email": email_auth_enabled(realm), "github": github_auth_enabled(realm), "google": google_auth_enabled(realm), "ldap": ldap_auth_enabled(realm), }
def get_auth_backends_data(request): # type: (HttpRequest) -> Dict[str, Any] """Returns which authentication methods are enabled on the server""" if settings.REALMS_HAVE_SUBDOMAINS: subdomain = get_subdomain(request) try: realm = Realm.objects.get(string_id=subdomain) except Realm.DoesNotExist: # If not the root subdomain, this is an error if subdomain != "": raise JsonableError(_("Invalid subdomain")) # With the root subdomain, it's an error or not depending # whether SUBDOMAINS_HOMEPAGE (which indicates whether # there are some realms without subdomains on this server) # is set. if settings.SUBDOMAINS_HOMEPAGE: raise JsonableError(_("Subdomain required")) else: realm = None else: # Without subdomains, we just have to report what the server # supports, since we don't know the realm. realm = None return {"password": password_auth_enabled(realm), "dev": dev_auth_enabled(realm), "github": github_auth_enabled(realm), "google": google_auth_enabled(realm)}
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated: return HttpResponseRedirect("/") if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS: redirect_url = reverse('zerver.views.registration.find_my_team') return HttpResponseRedirect(redirect_url) extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): users = get_dev_users() extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin] extra_context['direct_users'] = [ u.email for u in users if not u.is_realm_admin and u.realm.string_id == 'zulip'] extra_context['community_users'] = [ u.email for u in users if u.realm.string_id != 'zulip'] template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def api_dev_get_emails(request): # type: (HttpRequest) -> HttpResponse if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) users = get_dev_users() return json_success(dict(direct_admins=[u.email for u in users if u.is_realm_admin], direct_users=[u.email for u in users if not u.is_realm_admin]))
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): # Development environments usually have only a few users, but # it still makes sense to limit how many users we render to # support performance testing with DevAuthBackend. MAX_DEV_BACKEND_USERS = 100 users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True) users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS] extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin] extra_context['direct_users'] = [u.email for u in users if not u.is_realm_admin] template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def add_settings(request): # type: (HttpRequest) -> Dict[str, Any] if hasattr(request.user, "realm"): realm = request.user.realm realm_uri = realm.uri else: realm = None # TODO: Figure out how to add an assertion that this is not used realm_uri = settings.SERVER_URI return { 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'terms_of_service': settings.TERMS_OF_SERVICE, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(), 'google_auth_enabled': google_auth_enabled(), 'github_auth_enabled': github_auth_enabled(), 'development_environment': settings.DEVELOPMENT, 'support_email': settings.ZULIP_ADMINISTRATOR, }
def api_get_auth_backends(request): # type: (HttpRequest) -> HttpResponse # May return a false positive for password auth if it's been disabled # for a specific realm. Currently only happens for zulip.com on prod return json_success({"password": password_auth_enabled(None), "dev": dev_auth_enabled(), "google": google_auth_enabled(), })
def api_dev_get_emails(request): # type: (HttpRequest) -> HttpResponse if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) users = get_dev_users() return json_success( dict(direct_admins=[u.email for u in users if u.is_realm_admin], direct_users=[u.email for u in users if not u.is_realm_admin]))
def api_dev_list_users(request: HttpRequest) -> HttpResponse: if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) users = get_dev_users() return json_success(dict(direct_admins=[dict(email=u.email, realm_uri=u.realm.uri) for u in users if u.is_realm_admin], direct_users=[dict(email=u.email, realm_uri=u.realm.uri) for u in users if not u.is_realm_admin]))
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse: if request.user.is_authenticated: return HttpResponseRedirect(request.user.realm.uri) if is_subdomain_root_or_alias( request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse('zerver.views.registration.find_account') return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) else: realm = get_realm_from_request(request) add_dev_login_context(realm, extra_context) if realm and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm, but # only if it actually exists. return HttpResponseRedirect(realm.uri) if 'username' in request.POST: extra_context['email'] = request.POST['username'] try: template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(e.args[1]) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: already_registered = request.GET['already_registered'] template_response.context_data[ 'already_registered'] = already_registered except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data[ 'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse: if settings.TWO_FACTOR_AUTHENTICATION_ENABLED: if request.user and request.user.is_verified(): return HttpResponseRedirect(request.user.realm.uri) elif request.user.is_authenticated: return HttpResponseRedirect(request.user.realm.uri) if is_subdomain_root_or_alias( request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse('zerver.views.registration.realm_redirect') if request.method == "GET" and request.GET: redirect_url = "{}?{}".format(redirect_url, request.GET.urlencode()) return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled() and kwargs.get( "template_name") == "zerver/dev_login.html": if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) add_dev_login_context(realm, extra_context) if realm and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm, but # only if it actually exists. return HttpResponseRedirect(realm.uri) if 'username' in request.POST: extra_context['email'] = request.POST['username'] if settings.TWO_FACTOR_AUTHENTICATION_ENABLED: return start_two_factor_auth(request, extra_context=extra_context, **kwargs) try: extra_context.update(login_context(request)) template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(e.args[1]) if isinstance(template_response, SimpleTemplateResponse): # Only those responses that are rendered using a template have # context_data attribute. This attribute doesn't exist otherwise. It is # added in SimpleTemplateResponse class, which is a derived class of # HttpResponse. See django.template.response.SimpleTemplateResponse, # https://github.com/django/django/blob/master/django/template/response.py#L19. update_login_page_context(request, template_response.context_data) return template_response
def add_settings(request): # type: (HttpRequest) -> Dict[str, Any] if hasattr(request, "user") and hasattr(request.user, "realm"): realm = request.user.realm elif settings.REALMS_HAVE_SUBDOMAINS: subdomain = get_subdomain(request) realm = get_realm(subdomain) else: realm = None if realm is not None: realm_uri = realm.uri realm_name = realm.name realm_icon = get_realm_icon_url(realm) realm_description = realm.description or "The coolest place in the universe." else: realm_uri = settings.SERVER_URI realm_name = None realm_icon = None realm_description = None return { 'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'login_link_disabled': settings.LOGIN_LINK_DISABLED, 'about_link_disabled': settings.ABOUT_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'terms_of_service': settings.TERMS_OF_SERVICE, 'privacy_policy': settings.PRIVACY_POLICY, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'realm_name': realm_name, 'realm_icon': realm_icon, 'realm_description': realm_description, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'development_environment': settings.DEVELOPMENT, 'support_email': settings.ZULIP_ADMINISTRATOR, 'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED, 'password_min_length': settings.PASSWORD_MIN_LENGTH, 'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY, 'zulip_version': ZULIP_VERSION, }
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated: return HttpResponseRedirect(request.user.realm.uri) if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse('zerver.views.registration.find_account') return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) else: realm = get_realm_from_request(request) users = get_dev_users(realm) extra_context['current_realm'] = realm extra_context['all_realms'] = Realm.objects.all() extra_context['direct_admins'] = [u for u in users if u.is_realm_admin] extra_context['direct_users'] = [u for u in users if not u.is_realm_admin] if realm and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm, but # only if it actually exists. return HttpResponseRedirect(realm.uri) try: template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(e.args[1]) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: already_registered = request.GET['already_registered'] template_response.context_data['already_registered'] = already_registered except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def api_dev_get_emails(request): # type: (HttpRequest) -> HttpResponse if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) MAX_DEV_BACKEND_USERS = 100 # type: int users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True) users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS] return json_success(dict(direct_admins=[u.email for u in users if u.is_realm_admin], direct_users=[u.email for u in users if not u.is_realm_admin]))
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated: return HttpResponseRedirect("/") if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse('zerver.views.registration.find_account') return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) else: realm = get_realm_from_request(request) users = get_dev_users(realm) extra_context['current_realm'] = realm extra_context['all_realms'] = Realm.objects.all() extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin] extra_context['direct_users'] = [u.email for u in users if not u.is_realm_admin] if settings.REALMS_HAVE_SUBDOMAINS and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm return HttpResponseRedirect(realm.uri) try: template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(e.args[1]) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: already_registered = request.GET['already_registered'] template_response.context_data['already_registered'] = already_registered except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse: if settings.TWO_FACTOR_AUTHENTICATION_ENABLED: if request.user and request.user.is_verified(): return HttpResponseRedirect(request.user.realm.uri) elif request.user.is_authenticated: return HttpResponseRedirect(request.user.realm.uri) if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse('zerver.views.registration.realm_redirect') if request.method == "GET" and request.GET: redirect_url = "{}?{}".format(redirect_url, request.GET.urlencode()) return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) else: realm = get_realm_from_request(request) add_dev_login_context(realm, extra_context) if realm and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm, but # only if it actually exists. return HttpResponseRedirect(realm.uri) if 'username' in request.POST: extra_context['email'] = request.POST['username'] if settings.TWO_FACTOR_AUTHENTICATION_ENABLED: return start_two_factor_auth(request, extra_context=extra_context, **kwargs) try: template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(e.args[1]) if isinstance(template_response, SimpleTemplateResponse): # Only those responses that are rendered using a template have # context_data attribute. This attribute doesn't exist otherwise. It is # added in SimpleTemplateResponse class, which is a derived class of # HttpResponse. See django.template.response.SimpleTemplateResponse, # https://github.com/django/django/blob/master/django/template/response.py#L19. update_login_page_context(request, template_response.context_data) return template_response
def dev_direct_login(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse # This function allows logging in without a password and should only be called in development environments. # It may be called if the DevAuthBackend is included in settings.AUTHENTICATION_BACKENDS if (not dev_auth_enabled()) or settings.PRODUCTION: # This check is probably not required, since authenticate would fail without an enabled DevAuthBackend. raise Exception('Direct login not supported.') email = request.POST['direct_email'] user_profile = authenticate(username=email, realm_subdomain=get_subdomain(request)) if user_profile is None: raise Exception("User cannot login") do_login(request, user_profile) return HttpResponseRedirect(user_profile.realm.uri)
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated: return HttpResponseRedirect("/") if is_subdomain_root_or_alias(request) and settings.SUBDOMAINS_HOMEPAGE: redirect_url = reverse('zerver.views.registration.find_my_team') return HttpResponseRedirect(redirect_url) extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) else: realm = get_realm_from_request(request) users = get_dev_users(realm) extra_context['current_realm'] = realm extra_context['all_realms'] = Realm.objects.all() extra_context['direct_admins'] = [ u.email for u in users if u.is_realm_admin ] extra_context['direct_users'] = [ u.email for u in users if not u.is_realm_admin ] if settings.REALMS_HAVE_SUBDOMAINS and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm return HttpResponseRedirect(realm.uri) template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data[ 'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def dev_direct_login(request: HttpRequest, **kwargs: Any) -> HttpResponse: # This function allows logging in without a password and should only be called # in development environments. It may be called if the DevAuthBackend is included # in settings.AUTHENTICATION_BACKENDS if (not dev_auth_enabled()) or settings.PRODUCTION: # This check is probably not required, since authenticate would fail without # an enabled DevAuthBackend. return HttpResponseRedirect(reverse('dev_not_supported')) email = request.POST['direct_email'] subdomain = get_subdomain(request) realm = get_realm(subdomain) user_profile = authenticate(dev_auth_username=email, realm=realm) if user_profile is None: return HttpResponseRedirect(reverse('dev_not_supported')) do_login(request, user_profile) return HttpResponseRedirect(user_profile.realm.uri)
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated(): return HttpResponseRedirect("/") if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS: redirect_url = reverse('zerver.views.registration.find_my_team') return HttpResponseRedirect(redirect_url) extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): # Development environments usually have only a few users, but # it still makes sense to limit how many users we render to # support performance testing with DevAuthBackend. MAX_DEV_BACKEND_USERS = 100 users_query = UserProfile.objects.select_related().filter( is_bot=False, is_active=True) users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS] extra_context['direct_admins'] = [ u.email for u in users if u.is_realm_admin ] extra_context['direct_users'] = [ u.email for u in users if not u.is_realm_admin and u.realm.string_id == 'zulip' ] extra_context['community_users'] = [ u.email for u in users if u.realm.string_id != 'zulip' ] template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data[ 'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def login_page(request: HttpRequest, **kwargs: Any) -> HttpResponse: if request.user.is_authenticated: return HttpResponseRedirect(request.user.realm.uri) if is_subdomain_root_or_alias( request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse('zerver.views.registration.find_account') return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): if 'new_realm' in request.POST: realm = get_realm(request.POST['new_realm']) else: realm = get_realm_from_request(request) add_dev_login_context(realm, extra_context) if realm and 'new_realm' in request.POST: # If we're switching realms, redirect to that realm, but # only if it actually exists. return HttpResponseRedirect(realm.uri) if 'username' in request.POST: extra_context['email'] = request.POST['username'] try: template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(e.args[1]) if isinstance(template_response, HttpResponseRedirect): # We return immediately; redirect responses don't have a # `.context_data` to update with update_login_page_context. return template_response update_login_page_context(request, template_response.context_data) return template_response
def add_settings(request): # type: (HttpRequest) -> Dict[str, Any] realm = None if hasattr(request.user, "realm"): realm = request.user.realm elif settings.REALMS_HAVE_SUBDOMAINS: subdomain = get_subdomain(request) realm = get_realm(subdomain) if realm is not None: realm_uri = realm.uri else: realm_uri = settings.SERVER_URI return { 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'login_link_disabled': settings.LOGIN_LINK_DISABLED, 'about_link_disabled': settings.ABOUT_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'terms_of_service': settings.TERMS_OF_SERVICE, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'development_environment': settings.DEVELOPMENT, 'support_email': settings.ZULIP_ADMINISTRATOR, 'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED, 'password_min_length': settings.PASSWORD_MIN_LENGTH, 'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY, 'zulip_version': ZULIP_VERSION, }
def add_settings(request): # type: (HttpRequest) -> Dict[str, Any] realm = None if hasattr(request.user, "realm"): realm = request.user.realm elif settings.REALMS_HAVE_SUBDOMAINS: subdomain = get_subdomain(request) realm = get_realm(subdomain) if realm is not None: realm_uri = realm.uri else: realm_uri = settings.SERVER_URI return { 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'login_link_disabled': settings.LOGIN_LINK_DISABLED, 'about_link_disabled': settings.ABOUT_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'terms_of_service': settings.TERMS_OF_SERVICE, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'development_environment': settings.DEVELOPMENT, 'support_email': settings.ZULIP_ADMINISTRATOR, 'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED, }
def api_dev_fetch_api_key(request, username=REQ()): # type: (HttpRequest, str) -> HttpResponse """This function allows logging in without a password on the Zulip mobile apps when connecting to a Zulip development environment. It requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS. """ if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) return_data = {} # type: Dict[str, bool] user_profile = authenticate(username=username, realm_subdomain=get_subdomain(request), return_data=return_data) if return_data.get("inactive_realm") == True: return json_error(_("Your realm has been deactivated."), data={"reason": "realm deactivated"}, status=403) if return_data.get("inactive_user") == True: return json_error(_("Your account has been disabled."), data={"reason": "user disable"}, status=403) login(request, user_profile) return json_success({"api_key": user_profile.api_key, "email": user_profile.email})
def add_settings(request): # type: (HttpRequest) -> Dict[str, Any] if hasattr(request.user, "realm"): realm = request.user.realm realm_uri = realm.uri full_name = request.user.full_name realm_name = realm.name else: realm = None full_name = None realm_name = None # TODO: Figure out how to add an assertion that this is not used realm_uri = settings.SERVER_URI return { 'full_name': full_name, 'realm_name': realm_name, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'terms_of_service': settings.TERMS_OF_SERVICE, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(), 'google_auth_enabled': google_auth_enabled(), 'github_auth_enabled': github_auth_enabled(), 'development_environment': settings.DEVELOPMENT, 'support_email': settings.ZULIP_ADMINISTRATOR, }
def dev_direct_login( request: HttpRequest, next: str = REQ(default="/"), ) -> HttpResponse: # This function allows logging in without a password and should only be called # in development environments. It may be called if the DevAuthBackend is included # in settings.AUTHENTICATION_BACKENDS if (not dev_auth_enabled()) or settings.PRODUCTION: # This check is probably not required, since authenticate would fail without # an enabled DevAuthBackend. return config_error(request, "dev") email = request.POST["direct_email"] subdomain = get_subdomain(request) realm = get_realm(subdomain) user_profile = authenticate(dev_auth_username=email, realm=realm) if user_profile is None: return config_error(request, "dev") do_login(request, user_profile) redirect_to = get_safe_redirect_to(next, user_profile.realm.uri) return HttpResponseRedirect(redirect_to)
def add_settings(request): realm = request.user.realm if hasattr(request.user, "realm") else None return { # We use the not_voyager variable name so that templates # will render even if the appropriate context is not provided # to the template 'not_voyager': not settings.VOYAGER, 'zulip_com': settings.ZULIP_COM, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(), 'google_auth_enabled': google_auth_enabled(), }
def api_dev_fetch_api_key( request: HttpRequest, username: str = REQ()) -> HttpResponse: """This function allows logging in without a password on the Zulip mobile apps when connecting to a Zulip development environment. It requires DevAuthBackend to be included in settings.AUTHENTICATION_BACKENDS. """ if not dev_auth_enabled() or settings.PRODUCTION: return json_error(_("Dev environment not enabled.")) # Django invokes authenticate methods by matching arguments, and this # authentication flow will not invoke LDAP authentication because of # this condition of Django so no need to check if LDAP backend is # enabled. validate_login_email(username) subdomain = get_subdomain(request) realm = get_realm(subdomain) return_data = {} # type: Dict[str, bool] user_profile = authenticate(dev_auth_username=username, realm=realm, return_data=return_data) if return_data.get("inactive_realm"): return json_error(_("This organization has been deactivated."), data={"reason": "realm deactivated"}, status=403) if return_data.get("inactive_user"): return json_error(_("Your account has been disabled."), data={"reason": "user disable"}, status=403) if user_profile is None: return json_error(_("This user is not registered."), data={"reason": "unregistered"}, status=403) do_login(request, user_profile) api_key = get_api_key(user_profile) return json_success({ "api_key": api_key, "email": user_profile.delivery_email })
def get_auth_backends_data(request): # type: (HttpRequest) -> Dict[str, Any] """Returns which authentication methods are enabled on the server""" subdomain = get_subdomain(request) try: realm = Realm.objects.get(string_id=subdomain) except Realm.DoesNotExist: # If not the root subdomain, this is an error if subdomain != "": raise JsonableError(_("Invalid subdomain")) # With the root subdomain, it's an error or not depending # whether ROOT_DOMAIN_LANDING_PAGE (which indicates whether # there are some realms without subdomains on this server) # is set. if settings.ROOT_DOMAIN_LANDING_PAGE: raise JsonableError(_("Subdomain required")) else: realm = None return {"password": password_auth_enabled(realm), "dev": dev_auth_enabled(realm), "github": github_auth_enabled(realm), "google": google_auth_enabled(realm)}
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated(): return HttpResponseRedirect("/") if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS: redirect_url = reverse('zerver.views.registration.find_my_team') return HttpResponseRedirect(redirect_url) extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): users = get_dev_users() extra_context['direct_admins'] = [ u.email for u in users if u.is_realm_admin ] extra_context['direct_users'] = [ u.email for u in users if not u.is_realm_admin and u.realm.string_id == 'zulip' ] extra_context['community_users'] = [ u.email for u in users if u.realm.string_id != 'zulip' ] template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data[ 'wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def login_page(request, **kwargs): # type: (HttpRequest, **Any) -> HttpResponse if request.user.is_authenticated(): return HttpResponseRedirect("/") if is_subdomain_root_or_alias(request) and settings.REALMS_HAVE_SUBDOMAINS: redirect_url = reverse('zerver.views.registration.find_my_team') return HttpResponseRedirect(redirect_url) extra_context = kwargs.pop('extra_context', {}) if dev_auth_enabled(): # Development environments usually have only a few users, but # it still makes sense to limit how many users we render to # support performance testing with DevAuthBackend. MAX_DEV_BACKEND_USERS = 100 users_query = UserProfile.objects.select_related().filter(is_bot=False, is_active=True) users = users_query.order_by('email')[0:MAX_DEV_BACKEND_USERS] extra_context['direct_admins'] = [u.email for u in users if u.is_realm_admin] extra_context['direct_users'] = [ u.email for u in users if not u.is_realm_admin and u.realm.string_id == 'zulip'] extra_context['community_users'] = [ u.email for u in users if u.realm.string_id == 'simple'] template_response = django_login_page( request, authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs) try: template_response.context_data['email'] = request.GET['email'] except KeyError: pass try: template_response.context_data['subdomain'] = request.GET['subdomain'] template_response.context_data['wrong_subdomain_error'] = WRONG_SUBDOMAIN_ERROR except KeyError: pass return template_response
def check_dev_auth_backend() -> None: if settings.PRODUCTION: raise JsonableError(_("Endpoint not available in production.")) if not dev_auth_enabled(): raise JsonableError(_("DevAuthBackend not enabled."))
def zulip_default_context(request): # type: (HttpRequest) -> Dict[str, Any] """Context available to all Zulip Jinja2 templates that have a request passed in. Designed to provide the long list of variables at the bottom of this function in a wide range of situations: logged-in or logged-out, subdomains or not, etc. The main variable in the below is whether we know what realm the user is trying to interact with. """ realm = get_realm_from_request(request) if realm is None: realm_uri = settings.ROOT_DOMAIN_URI realm_name = None realm_icon = None realm_description = None realm_invite_required = False else: realm_uri = realm.uri realm_name = realm.name realm_icon = get_realm_icon_url(realm) realm_description_raw = realm.description or "The coolest place in the universe." realm_description = convert(realm_description_raw, message_realm=realm) realm_invite_required = realm.invite_required register_link_disabled = settings.REGISTER_LINK_DISABLED login_link_disabled = settings.LOGIN_LINK_DISABLED about_link_disabled = settings.ABOUT_LINK_DISABLED find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED if settings.ROOT_DOMAIN_LANDING_PAGE and get_subdomain(request) == "": register_link_disabled = True login_link_disabled = True about_link_disabled = True find_team_link_disabled = False apps_page_url = 'https://zulipchat.com/apps/' if settings.ZILENCER_ENABLED: apps_page_url = '/apps/' user_is_authenticated = False if hasattr(request, 'user') and hasattr(request.user, 'is_authenticated'): user_is_authenticated = request.user.is_authenticated.value if settings.DEVELOPMENT: secrets_path = "zproject/dev-secrets.conf" settings_path = "zproject/dev_settings.py" settings_comments_path = "zproject/prod_settings_template.py" else: secrets_path = "/etc/zulip/zulip-secrets.conf" settings_path = "/etc/zulip/settings.py" settings_comments_path = "/etc/zulip/settings.py" if hasattr(request, "client") and request.client.name == "ZulipElectron": platform = "ZulipElectron" # nocoverage else: platform = "ZulipWeb" return { 'root_domain_landing_page': settings.ROOT_DOMAIN_LANDING_PAGE, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': register_link_disabled, 'login_link_disabled': login_link_disabled, 'about_link_disabled': about_link_disabled, 'terms_of_service': settings.TERMS_OF_SERVICE, 'privacy_policy': settings.PRIVACY_POLICY, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_invite_required': realm_invite_required, 'realm_uri': realm_uri, 'realm_name': realm_name, 'realm_icon': realm_icon, 'realm_description': realm_description, 'root_domain_uri': settings.ROOT_DOMAIN_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'apps_page_url': apps_page_url, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'email_auth_enabled': email_auth_enabled(realm), 'require_email_format_usernames': require_email_format_usernames(realm), 'any_oauth_backend_enabled': any_oauth_backend_enabled(realm), 'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm), 'development_environment': settings.DEVELOPMENT, 'support_email': FromAddress.SUPPORT, 'find_team_link_disabled': find_team_link_disabled, 'password_min_length': settings.PASSWORD_MIN_LENGTH, 'password_min_guesses': settings.PASSWORD_MIN_GUESSES, 'zulip_version': ZULIP_VERSION, 'user_is_authenticated': user_is_authenticated, 'settings_path': settings_path, 'secrets_path': secrets_path, 'settings_comments_path': settings_comments_path, 'platform': platform, }
def zulip_default_context(request): # type: (HttpRequest) -> Dict[str, Any] """Context available to all Zulip Jinja2 templates that have a request passed in. Designed to provide the long list of variables at the bottom of this function in a wide range of situations: logged-in or logged-out, subdomains or not, etc. The main variable in the below is whether we know the realm, which is the case if there is only one realm, or we're on a REALMS_HAVE_SUBDOMAINS subdomain, or the user is logged in. """ realm = get_realm_from_request(request) if realm is not None: realm_uri = realm.uri realm_name = realm.name realm_icon = get_realm_icon_url(realm) realm_description = realm.description or "The coolest place in the universe." else: realm_uri = settings.SERVER_URI realm_name = None realm_icon = None realm_description = None return { 'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': settings.REGISTER_LINK_DISABLED, 'login_link_disabled': settings.LOGIN_LINK_DISABLED, 'about_link_disabled': settings.ABOUT_LINK_DISABLED, 'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT, 'zulip_admin': settings.ZULIP_ADMINISTRATOR, 'terms_of_service': settings.TERMS_OF_SERVICE, 'privacy_policy': settings.PRIVACY_POLICY, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'realm_name': realm_name, 'realm_icon': realm_icon, 'realm_description': realm_description, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'any_oauth_backend_enabled': any_oauth_backend_enabled(realm), 'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm), 'development_environment': settings.DEVELOPMENT, 'support_email': settings.ZULIP_ADMINISTRATOR, 'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED, 'password_min_length': settings.PASSWORD_MIN_LENGTH, 'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY, 'zulip_version': ZULIP_VERSION, }
def zulip_default_context(request: HttpRequest) -> Dict[str, Any]: """Context available to all Zulip Jinja2 templates that have a request passed in. Designed to provide the long list of variables at the bottom of this function in a wide range of situations: logged-in or logged-out, subdomains or not, etc. The main variable in the below is whether we know what realm the user is trying to interact with. """ realm = get_realm_from_request(request) if realm is None: realm_uri = settings.ROOT_DOMAIN_URI realm_name = None realm_icon = None realm_description = None realm_invite_required = False else: realm_uri = realm.uri realm_name = realm.name realm_icon = get_realm_icon_url(realm) realm_description_raw = realm.description or "The coolest place in the universe." realm_description = convert(realm_description_raw, message_realm=realm) realm_invite_required = realm.invite_required register_link_disabled = settings.REGISTER_LINK_DISABLED login_link_disabled = settings.LOGIN_LINK_DISABLED find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED allow_search_engine_indexing = False if (settings.ROOT_DOMAIN_LANDING_PAGE and get_subdomain(request) == Realm.SUBDOMAIN_FOR_ROOT_DOMAIN): register_link_disabled = True login_link_disabled = True find_team_link_disabled = False allow_search_engine_indexing = True apps_page_url = 'https://zulipchat.com/apps/' if settings.ZILENCER_ENABLED: apps_page_url = '/apps/' user_is_authenticated = False if hasattr(request, 'user') and hasattr(request.user, 'is_authenticated'): user_is_authenticated = request.user.is_authenticated.value if settings.DEVELOPMENT: secrets_path = "zproject/dev-secrets.conf" settings_path = "zproject/dev_settings.py" settings_comments_path = "zproject/prod_settings_template.py" else: secrets_path = "/etc/zulip/zulip-secrets.conf" settings_path = "/etc/zulip/settings.py" settings_comments_path = "/etc/zulip/settings.py" if hasattr(request, "client") and request.client.name == "ZulipElectron": platform = "ZulipElectron" # nocoverage else: platform = "ZulipWeb" return { 'root_domain_landing_page': settings.ROOT_DOMAIN_LANDING_PAGE, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': register_link_disabled, 'login_link_disabled': login_link_disabled, 'terms_of_service': settings.TERMS_OF_SERVICE, 'privacy_policy': settings.PRIVACY_POLICY, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'custom_profile_fields_enabled': settings.DEVELOPMENT, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_invite_required': realm_invite_required, 'realm_uri': realm_uri, 'realm_name': realm_name, 'realm_icon': realm_icon, 'realm_description': realm_description, 'root_domain_uri': settings.ROOT_DOMAIN_URI, 'apps_page_url': apps_page_url, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'email_auth_enabled': email_auth_enabled(realm), 'require_email_format_usernames': require_email_format_usernames(realm), 'any_oauth_backend_enabled': any_oauth_backend_enabled(realm), 'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm), 'development_environment': settings.DEVELOPMENT, 'support_email': FromAddress.SUPPORT, 'find_team_link_disabled': find_team_link_disabled, 'password_min_length': settings.PASSWORD_MIN_LENGTH, 'password_min_guesses': settings.PASSWORD_MIN_GUESSES, 'jitsi_server_url': settings.JITSI_SERVER_URL, 'two_factor_authentication_enabled': settings.TWO_FACTOR_AUTHENTICATION_ENABLED, 'zulip_version': ZULIP_VERSION, 'user_is_authenticated': user_is_authenticated, 'settings_path': settings_path, 'secrets_path': secrets_path, 'settings_comments_path': settings_comments_path, 'platform': platform, 'allow_search_engine_indexing': allow_search_engine_indexing, }
def login_page( request: HttpRequest, next: str = REQ(default="/"), **kwargs: Any, ) -> HttpResponse: # To support previewing the Zulip login pages, we have a special option # that disables the default behavior of redirecting logged-in users to the # logged-in app. is_preview = "preview" in request.GET if settings.TWO_FACTOR_AUTHENTICATION_ENABLED: if request.user and request.user.is_verified(): return HttpResponseRedirect(request.user.realm.uri) elif request.user.is_authenticated and not is_preview: return HttpResponseRedirect(request.user.realm.uri) if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE: redirect_url = reverse("realm_redirect") if request.GET: redirect_url = add_query_to_redirect_url(redirect_url, request.GET.urlencode()) return HttpResponseRedirect(redirect_url) realm = get_realm_from_request(request) if realm and realm.deactivated: return redirect_to_deactivation_notice() extra_context = kwargs.pop("extra_context", {}) extra_context["next"] = next if dev_auth_enabled() and kwargs.get("template_name") == "zerver/development/dev_login.html": from zerver.views.development.dev_login import add_dev_login_context if "new_realm" in request.POST: try: realm = get_realm(request.POST["new_realm"]) except Realm.DoesNotExist: realm = None add_dev_login_context(realm, extra_context) if realm and "new_realm" in request.POST: # If we're switching realms, redirect to that realm, but # only if it actually exists. return HttpResponseRedirect(realm.uri) if "username" in request.POST: extra_context["email"] = request.POST["username"] extra_context.update(login_context(request)) if settings.TWO_FACTOR_AUTHENTICATION_ENABLED: return start_two_factor_auth(request, extra_context=extra_context, **kwargs) try: template_response = DjangoLoginView.as_view( authentication_form=OurAuthenticationForm, extra_context=extra_context, **kwargs )(request) except ZulipLDAPConfigurationError as e: assert len(e.args) > 1 return redirect_to_misconfigured_ldap_notice(request, e.args[1]) if isinstance(template_response, SimpleTemplateResponse): # Only those responses that are rendered using a template have # context_data attribute. This attribute doesn't exist otherwise. It is # added in SimpleTemplateResponse class, which is a derived class of # HttpResponse. See django.template.response.SimpleTemplateResponse, # https://github.com/django/django/blob/master/django/template/response.py#L19. update_login_page_context(request, template_response.context_data) return template_response
def zulip_default_context(request): # type: (HttpRequest) -> Dict[str, Any] """Context available to all Zulip Jinja2 templates that have a request passed in. Designed to provide the long list of variables at the bottom of this function in a wide range of situations: logged-in or logged-out, subdomains or not, etc. The main variable in the below is whether we know the realm, which is the case if there is only one realm, or we're on a REALMS_HAVE_SUBDOMAINS subdomain, or the user is logged in. """ realm = get_realm_from_request(request) if realm is not None: realm_uri = realm.uri realm_name = realm.name realm_icon = get_realm_icon_url(realm) realm_description_raw = realm.description or "The coolest place in the universe." realm_description = convert(realm_description_raw, message_realm=realm) else: realm_uri = settings.SERVER_URI realm_name = None realm_icon = None realm_description = None register_link_disabled = settings.REGISTER_LINK_DISABLED login_link_disabled = settings.LOGIN_LINK_DISABLED about_link_disabled = settings.ABOUT_LINK_DISABLED find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED if settings.SUBDOMAINS_HOMEPAGE and get_subdomain(request) == "": register_link_disabled = True login_link_disabled = True about_link_disabled = True find_team_link_disabled = False apps_page_url = 'https://zulipchat.com/apps/' if settings.ZILENCER_ENABLED: apps_page_url = '/apps/' return { 'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS, 'custom_logo_url': settings.CUSTOM_LOGO_URL, 'register_link_disabled': register_link_disabled, 'login_link_disabled': login_link_disabled, 'about_link_disabled': about_link_disabled, 'terms_of_service': settings.TERMS_OF_SERVICE, 'privacy_policy': settings.PRIVACY_POLICY, 'login_url': settings.HOME_NOT_LOGGED_IN, 'only_sso': settings.ONLY_SSO, 'external_api_path': settings.EXTERNAL_API_PATH, 'external_api_uri': settings.EXTERNAL_API_URI, 'external_host': settings.EXTERNAL_HOST, 'external_uri_scheme': settings.EXTERNAL_URI_SCHEME, 'realm_uri': realm_uri, 'realm_name': realm_name, 'realm_icon': realm_icon, 'realm_description': realm_description, 'server_uri': settings.SERVER_URI, 'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com", 'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE, 'apps_page_url': apps_page_url, 'open_realm_creation': settings.OPEN_REALM_CREATION, 'password_auth_enabled': password_auth_enabled(realm), 'dev_auth_enabled': dev_auth_enabled(realm), 'google_auth_enabled': google_auth_enabled(realm), 'github_auth_enabled': github_auth_enabled(realm), 'any_oauth_backend_enabled': any_oauth_backend_enabled(realm), 'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm), 'development_environment': settings.DEVELOPMENT, 'support_email': FromAddress.SUPPORT, 'find_team_link_disabled': find_team_link_disabled, 'password_min_length': settings.PASSWORD_MIN_LENGTH, 'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY, 'zulip_version': ZULIP_VERSION, }