Disable fresh login check in auth engines that won't support it

2017-12-12 16:00:38 -05:00 · 2017-12-12 16:00:38 -05:00 · 2214a2c7ad
commit 2214a2c7ad
parent 524d77f527
5 changed files with 20 additions and 2 deletions
--- a/data/users/init.py
+++ b/data/users/init.py
@ -187,6 +187,11 @@ class UserAuthentication(object):
    """ Returns whether this auth system supports using encrypted credentials. """
    return self.state.supports_encrypted_credentials

+  @property
+  def supports_fresh_login(self):
+    """ Returns whether this auth system supports the fresh login check. """
+    return self.state.supports_fresh_login
+
  def query_users(self, query, limit=20):
    """ Performs a lookup against the user system for the specified query. The returned tuple
        will be of the form (results, federated_login_id, err_msg). If the method is unsupported,
--- a/data/users/apptoken.py
+++ b/data/users/apptoken.py
@ -12,6 +12,10 @@ class AppTokenInternalAuth(object):
  """ Forces all internal credential login to go through an app token, by disabling all other
      access.
  """
+  @property
+  def supports_fresh_login(self):
+    # Since there is no password.
+    return False

  @property
  def federated_service(self):
--- a/data/users/database.py
+++ b/data/users/database.py
@ -5,6 +5,10 @@ class DatabaseUsers(object):
  def federated_service(self):
    return None

+  @property
+  def supports_fresh_login(self):
+    return True
+
  def ping(self):
    """ Always assumed to be working. If the DB is broken, other checks will handle it. """
    return (True, None)
--- a/data/users/federated.py
+++ b/data/users/federated.py
@ -24,6 +24,10 @@ class FederatedUsers(object):
  def federated_service(self):
    return self._federated_service

+  @property
+  def supports_fresh_login(self):
+    return True
+
  @property
  def supports_encrypted_credentials(self):
    return True
--- a/endpoints/api/init.py
+++ b/endpoints/api/init.py
@ -10,7 +10,7 @@ from flask_restful import Resource, abort, Api, reqparse
 from flask_restful.utils.cors import crossdomain
 from jsonschema import validate, ValidationError

-from app import app, metric_queue
+from app import app, metric_queue, authentication
 from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
                              AdministerRepositoryPermission, UserReadPermission,
                              UserAdminPermission)
@ -300,7 +300,8 @@ def require_fresh_login(func):
    last_login = session.get('login_time', datetime.datetime.min)
    valid_span = datetime.datetime.now() - datetime.timedelta(minutes=10)

-    if not user.password_hash or last_login >= valid_span:
+    if (not user.password_hash or last_login >= valid_span or
+        not authentication.supports_fresh_login):
      return func(*args, **kwargs)

    raise FreshLoginRequired()