Make email addresses optional in external auth if email feature is turned off

Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-09-08 12:24:47 -04:00 · 2016-09-08 12:24:47 -04:00 · d7f56350a4
commit d7f56350a4
parent 934cdecbd6
18 changed files with 206 additions and 93 deletions
--- a/data/users/init.py
+++ b/data/users/init.py
@ -29,7 +29,7 @@ def get_federated_service_name(authentication_type):

 LDAP_CERT_FILENAME = 'ldap.crt'

-def get_users_handler(config, config_provider, override_config_dir):
+def get_users_handler(config, _, override_config_dir):
  """ Returns a users handler for the authentication configured in the given config object. """
  authentication_type = config.get('AUTHENTICATION_TYPE', 'Database')

@ -48,7 +48,8 @@ def get_users_handler(config, config_provider, override_config_dir):

    allow_tls_fallback = config.get('LDAP_ALLOW_INSECURE_FALLBACK', False)
    return LDAPUsers(ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr,
-                     allow_tls_fallback, secondary_user_rdns=secondary_user_rdns)
+                     allow_tls_fallback, secondary_user_rdns=secondary_user_rdns,
+                     requires_email=features.MAILING)

  if authentication_type == 'JWT':
    verify_url = config.get('JWT_VERIFY_ENDPOINT')
@ -59,7 +60,8 @@ def get_users_handler(config, config_provider, override_config_dir):
    getuser_url = config.get('JWT_GETUSER_ENDPOINT', None)

    return ExternalJWTAuthN(verify_url, query_url, getuser_url, issuer, override_config_dir,
-                            config['HTTPCLIENT'], max_fresh_s)
+                            config['HTTPCLIENT'], max_fresh_s,
+                            requires_email=features.MAILING)

  if authentication_type == 'Keystone':
    auth_url = config.get('KEYSTONE_AUTH_URL')
@ -68,9 +70,9 @@ def get_users_handler(config, config_provider, override_config_dir):
    keystone_admin_username = config.get('KEYSTONE_ADMIN_USERNAME')
    keystone_admin_password = config.get('KEYSTONE_ADMIN_PASSWORD')
    keystone_admin_tenant = config.get('KEYSTONE_ADMIN_TENANT')
-
    return get_keystone_users(auth_version, auth_url, keystone_admin_username,
-                             keystone_admin_password, keystone_admin_tenant, timeout)
+                             keystone_admin_password, keystone_admin_tenant, timeout,
+                             requires_email=features.MAILING)

  raise RuntimeError('Unknown authentication type: %s' % authentication_type)