import logging from data import model from oauth.loginmanager import OAuthLoginManager from oauth.oidc import PublicKeyLoadException from util.security.jwtutil import InvalidTokenError logger = logging.getLogger(__name__) class AppTokenInternalAuth(object): """ Forces all internal credential login to go through an app token, by disabling all other access. """ @property def federated_service(self): return None @property def requires_distinct_cli_password(self): # Since there is no supported "password". return False @property def supports_encrypted_credentials(self): # Since there is no supported "password". return False def verify_credentials(self, username_or_email, id_token): return (None, 'An application specific token is required to login') def verify_and_link_user(self, username_or_email, password): return self.verify_credentials(username_or_email, password) def confirm_existing_user(self, username, password): return self.verify_credentials(username, password) def link_user(self, username_or_email): return (None, 'Unsupported for this authentication system') def get_and_link_federated_user_info(self, user_info): return (None, 'Unsupported for this authentication system') def query_users(self, query, limit): return (None, '', '') def check_group_lookup_args(self, group_lookup_args): return (False, 'Not supported') def iterate_group_members(self, group_lookup_args, page_size=None, disable_pagination=False): return (None, 'Not supported') def service_metadata(self): return {} def ping(self): """ Always assumed to be working. If the DB is broken, other checks will handle it. """ return (True, None)