Refactor auth code to be cleaner and more extensible

We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).

endpoints/v1/index.py

@@ -7,8 +7,7 @@ from functools import wraps
 from flask import request, make_response, jsonify, session
 
 from app import userevents, metric_queue
-from auth.auth_context import (get_authenticated_user, get_validated_token,
-                               get_validated_oauth_token, get_validated_app_specific_token)
+from auth.auth_context import get_authenticated_context, get_authenticated_user
 from auth.credentials import validate_credentials, CredentialKind
 from auth.decorators import process_auth
 from auth.permissions import (
@@ -106,7 +105,7 @@ def create_user():
     # Default case: Just fail.
     abort(400, result.error_message, issue='login-failure')
 
-  if result.has_user:
+  if result.has_nonrobot_user:
     # Mark that the user was logged in.
     event = userevents.get_event(username)
     event.publish_event_data('docker-cli', {'action': 'login'})
@@ -119,27 +118,14 @@ def create_user():
 @process_auth
 @anon_allowed
 def get_user():
-  if get_validated_oauth_token():
-    return jsonify({
-      'username': '$oauthtoken',
-      'email': None,
-    })
-  elif get_validated_app_specific_token():
-    return jsonify({
-      'username': "$app",
-      'email': None,
-    })
-  elif get_authenticated_user():
-    return jsonify({
-      'username': get_authenticated_user().username,
-      'email': get_authenticated_user().email,
-    })
-  elif get_validated_token():
-    return jsonify({
-      'username': '$token',
-      'email': None,
-    })
-  abort(404)
+  context = get_authenticated_context()
+  if not context or context.is_anonymous:
+    abort(404)
+
+  return jsonify({
+    'username': context.credential_username,
+    'email': None,
+  })
 
 
 @v1_bp.route('/users/<username>/', methods=['PUT'])