from app import app
from data.users.oidc import OIDCInternalAuth, UnknownServiceException
from util.config.validators import BaseValidator, ConfigValidationException

class OIDCAuthValidator(BaseValidator):
  name = "oidc-auth"

  @classmethod
  def validate(cls, config, user, user_password):
    if config.get('AUTHENTICATION_TYPE', 'Database') != 'OIDC':
      return

    # Ensure that encrypted passwords are not required, as they do not work with OIDC auth.
    if config.get('FEATURE_REQUIRE_ENCRYPTED_BASIC_AUTH', False):
      raise ConfigValidationException('Encrypted passwords must be disabled to use OIDC auth')

    login_service_id = config.get('INTERNAL_OIDC_SERVICE_ID')
    if not login_service_id:
        raise ConfigValidationException('Missing OIDC provider')

    # By instantiating the auth engine, it will check if the provider exists and works.
    try:
      OIDCInternalAuth(config, login_service_id, False)
    except UnknownServiceException as use:
      raise ConfigValidationException(use.message)