Merge pull request #20925 from edx/dsheraz/prod-442

refactor the login user method

openedx/core/djangoapps/user_authn/views/login.py

@@ -191,7 +191,7 @@ def _authenticate_first_party(request, unauthenticated_user):
         raise AuthFailedError(_('Too many failed login attempts. Try again later.'))
 
 
-def _handle_failed_authentication(user, has_authentication):
+def _handle_failed_authentication(user, authenticated_user):
     """
     Handles updating the failed login count, inactive user notifications, and logging failed authentications.
     """
@@ -199,7 +199,7 @@ def _handle_failed_authentication(user, has_authentication):
         if LoginFailures.is_feature_enabled():
             LoginFailures.increment_lockout_counter(user)
 
-        if has_authentication and not user.is_active:
+        if authenticated_user and not user.is_active:
             _log_and_raise_inactive_user_auth_error(user)
 
         # if we didn't find this username earlier, the account for this email
@@ -304,11 +304,11 @@ def login_user(request):
     AJAX request to log in the user.
     """
     third_party_auth_requested = third_party_auth.is_enabled() and pipeline.running(request)
-    trumped_by_first_party_auth = bool(request.POST.get('email')) or bool(request.POST.get('password'))
-    was_authenticated_third_party = False
+    first_party_auth_requested = bool(request.POST.get('email')) or bool(request.POST.get('password'))
+    is_user_third_party_authenticated = False
 
     try:
-        if third_party_auth_requested and not trumped_by_first_party_auth:
+        if third_party_auth_requested and not first_party_auth_requested:
             # The user has already authenticated via third-party auth and has not
             # asked to do first party auth by supplying a username or password. We
             # now want to put them through the same logging and cookie calculation
@@ -317,30 +317,30 @@ def login_user(request):
             # This nested try is due to us only returning an HttpResponse in this
             # one case vs. JsonResponse everywhere else.
             try:
-                email_user = _do_third_party_auth(request)
-                was_authenticated_third_party = True
+                user = _do_third_party_auth(request)
+                is_user_third_party_authenticated = True
             except AuthFailedError as e:
                 return HttpResponse(e.value, content_type="text/plain", status=403)
         else:
-            email_user = _get_user_by_email(request)
+            user = _get_user_by_email(request)
 
-        _check_excessive_login_attempts(email_user)
+        _check_excessive_login_attempts(user)
 
-        possibly_authenticated_user = email_user
+        possibly_authenticated_user = user
 
-        if not was_authenticated_third_party:
-            possibly_authenticated_user = _authenticate_first_party(request, email_user)
+        if not is_user_third_party_authenticated:
+            possibly_authenticated_user = _authenticate_first_party(request, user)
             if possibly_authenticated_user and password_policy_compliance.should_enforce_compliance_on_login():
                 # Important: This call must be made AFTER the user was successfully authenticated.
                 _enforce_password_policy_compliance(request, possibly_authenticated_user)
 
         if possibly_authenticated_user is None or not possibly_authenticated_user.is_active:
-            _handle_failed_authentication(email_user, possibly_authenticated_user)
+            _handle_failed_authentication(user, possibly_authenticated_user)
 
         _handle_successful_authentication_and_login(possibly_authenticated_user, request)
 
         redirect_url = None  # The AJAX method calling should know the default destination upon success
-        if was_authenticated_third_party:
+        if is_user_third_party_authenticated:
             running_pipeline = pipeline.get(request)
             redirect_url = pipeline.get_complete_url(backend_name=running_pipeline['backend'])