Address code review feedback

69f89f57 · Dan Braghis · 3da1e0b3 · 69f89f57 · 69f89f57 · 69f89f57
Commit 69f89f57 authored 7 years ago by Dan Braghis
--- a/opentech/apply/users/decorators.py
+++ b/opentech/apply/users/decorators.py
-from django.conf import settings
 from django.core.exceptions import PermissionDenied

+from .utils import can_use_oauth_check
+

 def require_oauth_whitelist(view_func):
    """Simple decorator that limits the use of OAuth to the configure whitelisted domains"""
    def decorated_view(request, *args, **kwargs):
-        user = request.user
-
-        try:
-            if settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-                for domain in settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-                    if user.email.endswith(f'@{domain}'):
-                        return view_func(request, *args, **kwargs)
-        except AttributeError:
-            raise PermissionDenied
+        if can_use_oauth_check(request.user):
+            return view_func(request, *args, **kwargs)

        raise PermissionDenied


--- a/opentech/apply/users/templatetags/users_tags.py
+++ b/opentech/apply/users/templatetags/users_tags.py
 from django import template
-from django.conf import settings
+
+from ..utils import can_use_oauth_check

 register = template.Library()


 @register.filter
 def backend_name(name):
+    """Human readable mapping for the social auth backend"""
    return {
        'google-oauth': 'Google OAuth',
        'google-oauth2': 'Google OAuth',
        'google-openidconnect': 'Google OpenId',
-        'facebook-app': 'Facebook',
-        'stackoverflow': 'Stack Overflow',
-        'yahoo-oauth': 'Yahoo',
-        'vimeo': 'Vimeo',
-        'linkedin-oauth2': 'LinkedIn OAuth',
-        'vk-oauth2': 'VK OAuth',
-        'live': 'Windows Live',
    }.get(name, name)


@@ -29,12 +24,4 @@ def backend_class(backend):
 def can_use_oauth(context):
    user = context.get('user')

-    try:
-        if settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-            for domain in settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS:
-                if user.email.endswith(f'@{domain}'):
-                    return True
-    except AttributeError:
-        return False
-
-    return False
+    return can_use_oauth_check(user)
--- a/opentech/apply/users/utils.py
+++ b/opentech/apply/users/utils.py
+from django.conf import settings
+
+
+def can_use_oauth_check(user):
+    """
+    Checks that the user belongs to the whitelisted domains.
+    Anonymous or non-whitelisted email domains cannot log in
+    or associate OAuth accounts
+    """
+    try:
+        domain = user.email.split('@')[-1]
+        return domain in settings.SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
+    except AttributeError:
+        # Anonymous user or setting not defined
+        pass
+    return False