mirror of
https://github.com/GAM-team/GAM.git
synced 2026-06-28 18:01:36 +00:00
4444974a9e
* Centralize OAuth2.0 Credential logic Adds a Credentials class that centralizes and handles most existing logic related to OAuth2.0 credentials, including generation, storage, file locking, and attribute retrieval. This is a step towards minimizing the duplicated code that handles credentials in various methods. The goal is to eventually get to a point where there are 2 credential entry points: `auth.get_admin_credentials()` and `auth.get_credentials_for_user(user)`. Then, we can slowly move toward using impersonated credentials for all operations and scrap the need for user consented credentials all together. * Skip test_delete_removes_lock_file when testing on Windows
28 lines
1.0 KiB
Python
28 lines
1.0 KiB
Python
"""Authentication/Credentials general purpose and convenience methods."""
|
|
|
|
from . import oauth
|
|
from var import _FN_OAUTH2_TXT
|
|
from var import GC_OAUTH2_TXT
|
|
from var import GC_Values
|
|
|
|
# TODO: Move logic that determines file name into this module. We should be able
|
|
# to discover the file location without accessing a private member or waiting
|
|
# for a global initialization.
|
|
DEFAULT_OAUTH_STORAGE_FILE = _FN_OAUTH2_TXT
|
|
|
|
|
|
def get_admin_credentials_filename():
|
|
"""Gets the name of the file that stores the admin account credentials."""
|
|
# If the environment globals are loaded, use the set global value. It may have
|
|
# some custom name in it. Otherwise, just use the default name.
|
|
if GC_Values[GC_OAUTH2_TXT]:
|
|
return GC_Values[GC_OAUTH2_TXT]
|
|
else:
|
|
return DEFAULT_OAUTH_STORAGE_FILE
|
|
|
|
|
|
def get_admin_credentials():
|
|
"""Gets oauth.Credentials that are authenticated as the domain's admin user."""
|
|
credential_file = get_admin_credentials_filename()
|
|
return oauth.Credentials.from_credentials_file(credential_file)
|