Ensure encrypted passwords are not enabled with OIDC auth

Fixes https://jira.prod.coreos.systems/browse/QS-49
2017-10-31 16:03:28 -04:00 · 2017-10-31 16:03:28 -04:00 · 74f99ba94a
commit 74f99ba94a
parent f9dc4e79b3
2 changed files with 6 additions and 0 deletions
--- a/util/config/validators/validate_oidcauth.py
+++ b/util/config/validators/validate_oidcauth.py
@ -10,6 +10,10 @@ class OIDCAuthValidator(BaseValidator):
    if config.get('AUTHENTICATION_TYPE', 'Database') != 'OIDC':
      return

+    # Ensure that encrypted passwords are not required, as they do not work with OIDC auth.
+    if config.get('FEATURE_REQUIRE_ENCRYPTED_BASIC_AUTH', False):
+      raise ConfigValidationException('Encrypted passwords must be disabled to use OIDC auth')
+
    login_service_id = config.get('INTERNAL_OIDC_SERVICE_ID')
    if not login_service_id:
        raise ConfigValidationException('Missing OIDC provider')