From 481a333dc0fa86c321b56b02fbb045172faa4bbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Sp=C3=B6ttel?=
 <1682504+fspoettel@users.noreply.github.com>
Date: Fri, 4 Sep 2020 20:28:15 +0200
Subject: [PATCH] Address review feedback, thanks @hija

---
 management/daemon.py     | 10 ++++------
 management/mailconfig.py |  2 +-
 management/totp.py       |  2 +-
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/management/daemon.py b/management/daemon.py
index 09787cd6..3aee9e32 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -38,23 +38,21 @@ def authorized_personnel_only(viewfunc):
 	def newview(*args, **kwargs):
 		# Authenticate the passed credentials, which is either the API key or a username:password pair.
 		error = None
+		privs = []
+
 		try:
 			email, privs = auth_service.authenticate(request, env)
+
 		except totp.MissingTokenError as e:
-			privs = []
 			error = str(e)
 		except totp.BadTokenError as e:
 			# Write a line in the log recording the failed login
 			log_failed_login(request)
-
-			privs = []
 			error = str(e)
 		except ValueError as e:
 			# Write a line in the log recording the failed login
 			log_failed_login(request)
-
 			# Authentication failed.
-			privs = []
 			error = "Incorrect username or password"
 
 		# Authorized to access an API view?
@@ -443,7 +441,7 @@ def totp_post_enable():
 	if type(secret) != str or type(token) != str or len(token) != 6 or len(secret) != 32:
 		return json_response({ "error": 'bad_input' }, 400)
 
-	if (totp.validate(secret, token)):
+	if totp.validate(secret, token):
 		create_totp_credential(email, secret, token, env)
 		return json_response({})
 
diff --git a/management/mailconfig.py b/management/mailconfig.py
index c1a083e9..491a4d5c 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -554,7 +554,7 @@ def get_mfa_state(email, env):
 	c.execute('SELECT secret, mru_token FROM totp_credentials WHERE user_email=?', (email,))
 
 	credential_row = c.fetchone()
-	if (credential_row == None):
+	if credential_row is None:
 		return { 'type': None }
 
 	return {
diff --git a/management/totp.py b/management/totp.py
index 2cea61b8..23853129 100644
--- a/management/totp.py
+++ b/management/totp.py
@@ -61,7 +61,7 @@ class TOTPStrategy():
 		# in that case, we need to raise and indicate to the client to supply a TOTP
 		token_header = request.headers.get('x-auth-token')
 
-		if token_header == None or token_header == "":
+		if not token_header:
 			raise MissingTokenError("Two factor code missing (no x-auth-token supplied)")
 
 		# TODO: Should a token replay be handled as its own error?