Modify ldap validator to just check user existence

Remove auth user check from updating config app config remove duplicate certs install script
2018-07-11 16:03:36 -04:00 · 2018-07-11 16:03:36 -04:00 · 9024419896
commit 9024419896
parent bd54eacbad
7 changed files with 52 additions and 92 deletions
--- a/config_app/config_endpoints/api/suconfig.py
+++ b/config_app/config_endpoints/api/suconfig.py
@ -4,11 +4,9 @@ from flask import abort, request

 from config_app.config_endpoints.api.suconfig_models_pre_oci import pre_oci_model as model
 from config_app.config_endpoints.api import resource, ApiResource, nickname, validate_json_request
-from config_app.c_app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY,
-                              ip_resolver, instance_keys, INIT_SCRIPTS_LOCATION)
+from config_app.c_app import (app, config_provider, superusers, ip_resolver,
+                              instance_keys, INIT_SCRIPTS_LOCATION)

-from auth.auth_context import get_authenticated_user
-from data.users import get_federated_service_name, get_users_handler
 from data.database import configure
 from data.runmigration import run_alembic_migration
 from util.config.configutil import add_enterprise_config_defaults
@ -75,27 +73,6 @@ class SuperUserConfig(ApiResource):
        # Write the configuration changes to the config override file.
        config_provider.save_config(config_object)

-        # If the authentication system is federated, link the superuser account to the
-        # the authentication system chosen.
-        service_name = get_federated_service_name(config_object['AUTHENTICATION_TYPE'])
-        if service_name is not None:
-            current_user = get_authenticated_user()
-            if current_user is None:
-                abort(401)
-
-            service_name = get_federated_service_name(config_object['AUTHENTICATION_TYPE'])
-            if not model.has_federated_login(current_user.username, service_name):
-                # Verify the user's credentials and retrieve the user's external username+email.
-                handler = get_users_handler(config_object, config_provider, OVERRIDE_CONFIG_DIRECTORY)
-                (result, err_msg) = handler.verify_credentials(current_user.username,
-                                                               request.get_json().get('password', ''))
-                if not result:
-                    logger.error('Could not save configuration due to external auth failure: %s', err_msg)
-                    abort(400)
-
-                # Link the existing user to the external user.
-                model.attach_federated_login(current_user.username, service_name, result.username)
-
        return {
            'exists': True,
            'config': config_object