Disable fresh login check in auth engines that won't support it

data/users/__init__.py

@@ -187,6 +187,11 @@ class UserAuthentication(object):
     """ Returns whether this auth system supports using encrypted credentials. """
     return self.state.supports_encrypted_credentials
 
+  @property
+  def supports_fresh_login(self):
+    """ Returns whether this auth system supports the fresh login check. """
+    return self.state.supports_fresh_login
+
   def query_users(self, query, limit=20):
     """ Performs a lookup against the user system for the specified query. The returned tuple
         will be of the form (results, federated_login_id, err_msg). If the method is unsupported,

data/users/apptoken.py

@@ -12,6 +12,10 @@ class AppTokenInternalAuth(object):
   """ Forces all internal credential login to go through an app token, by disabling all other
       access.
   """
+  @property
+  def supports_fresh_login(self):
+    # Since there is no password.
+    return False
 
   @property
   def federated_service(self):

data/users/database.py

@@ -5,6 +5,10 @@ class DatabaseUsers(object):
   def federated_service(self):
     return None
 
+  @property
+  def supports_fresh_login(self):
+    return True
+
   def ping(self):
     """ Always assumed to be working. If the DB is broken, other checks will handle it. """
     return (True, None)

data/users/federated.py

@@ -24,6 +24,10 @@ class FederatedUsers(object):
   def federated_service(self):
     return self._federated_service
 
+  @property
+  def supports_fresh_login(self):
+    return True
+
   @property
   def supports_encrypted_credentials(self):
     return True