From 69f89f57347d3244761f0cd534226489fc0f3fda Mon Sep 17 00:00:00 2001
From: Dan Braghis <dan.braghis@torchbox.com>
Date: Wed, 17 Jan 2018 10:03:12 +0000
Subject: [PATCH] Address code review feedback

---
 opentech/apply/users/decorators.py            | 14 ++++---------
 .../apply/users/templatetags/users_tags.py    | 21 ++++---------------
 opentech/apply/users/utils.py                 | 16 ++++++++++++++
 3 files changed, 24 insertions(+), 27 deletions(-)
 create mode 100644 opentech/apply/users/utils.py

diff --git a/opentech/apply/users/decorators.py b/opentech/apply/users/decorators.py
index 11539ef29..1ed11e35d 100644
--- a/opentech/apply/users/decorators.py
+++ b/opentech/apply/users/decorators.py
@@ -1,19 +1,13 @@
-from django.conf import settings
 from django.core.exceptions import PermissionDenied
 
+from .utils import can_use_oauth_check
+
 
 def require_oauth_whitelist(view_func):
     """Simple decorator that limits the use of OAuth to the configure whitelisted domains"""
     def decorated_view(request, *args, **kwargs):
-        user = request.user
-
-        try:
-            if settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-                for domain in settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-                    if user.email.endswith(f'@{domain}'):
-                        return view_func(request, *args, **kwargs)
-        except AttributeError:
-            raise PermissionDenied
+        if can_use_oauth_check(request.user):
+            return view_func(request, *args, **kwargs)
 
         raise PermissionDenied
 
diff --git a/opentech/apply/users/templatetags/users_tags.py b/opentech/apply/users/templatetags/users_tags.py
index 0125e89bd..a3e8b5432 100644
--- a/opentech/apply/users/templatetags/users_tags.py
+++ b/opentech/apply/users/templatetags/users_tags.py
@@ -1,22 +1,17 @@
 from django import template
-from django.conf import settings
+
+from ..utils import can_use_oauth_check
 
 register = template.Library()
 
 
 @register.filter
 def backend_name(name):
+    """Human readable mapping for the social auth backend"""
     return {
         'google-oauth': 'Google OAuth',
         'google-oauth2': 'Google OAuth',
         'google-openidconnect': 'Google OpenId',
-        'facebook-app': 'Facebook',
-        'stackoverflow': 'Stack Overflow',
-        'yahoo-oauth': 'Yahoo',
-        'vimeo': 'Vimeo',
-        'linkedin-oauth2': 'LinkedIn OAuth',
-        'vk-oauth2': 'VK OAuth',
-        'live': 'Windows Live',
     }.get(name, name)
 
 
@@ -29,12 +24,4 @@ def backend_class(backend):
 def can_use_oauth(context):
     user = context.get('user')
 
-    try:
-        if settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-            for domain in settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-                if user.email.endswith(f'@{domain}'):
-                    return True
-    except AttributeError:
-        return False
-
-    return False
+    return can_use_oauth_check(user)
diff --git a/opentech/apply/users/utils.py b/opentech/apply/users/utils.py
new file mode 100644
index 000000000..0e290b320
--- /dev/null
+++ b/opentech/apply/users/utils.py
@@ -0,0 +1,16 @@
+from django.conf import settings
+
+
+def can_use_oauth_check(user):
+    """
+    Checks that the user belongs to the whitelisted domains.
+    Anonymous or non-whitelisted email domains cannot log in
+    or associate OAuth accounts
+    """
+    try:
+        domain = user.email.split('@')[-1]
+        return domain in settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
+    except AttributeError:
+        # Anonymous user or setting not defined
+        pass
+    return False
-- 
GitLab