generate fixed_delegated_auth in core config, instead of serializer

ahmedhamidawan · Nov 2, 2023 · e23b3f8 · e23b3f8
1 parent bc5aca0
commit e23b3f8
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 20 deletions.
diff --git a/lib/galaxy/app.py b/lib/galaxy/app.py
@@ -709,6 +709,13 @@ def __init__(self, **kwargs) -> None:
                 self, self.config.oidc_config_file, self.config.oidc_backends_config_file
             )
 
+            # If there is only a single external authentication provider in use
+            # TODO: Future work will expand on this and provide an interface for
+            # multiple auth providers allowing explicit authenticated association.
+            self.config.fixed_delegated_auth = (
+                len(list(self.config.oidc)) == 1 and len(list(self.auth_manager.authenticators)) == 0
+            )
+
         if not self.config.enable_celery_tasks and self.config.history_audit_table_prune_interval > 0:
             self.prune_history_audit_task = IntervalTask(
                 func=lambda: galaxy.model.HistoryAudit.prune(self.model.session),

diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py
@@ -189,21 +189,9 @@ def callback(self, state_token, authz_code, trans, login_redirect_url):
         if custos_authnz_token is None:
             user = trans.user
             existing_user = trans.sa_session.query(User).filter_by(email=email).first()
-            # If there is only a single external authentication
-            # provider in use, trust the user provided and
-            # automatically associate.
-            # Equivalent to `fixed_delegated_auth` from `ConfigSerializer`
-            # TODO: Future work will expand on this and provide an
-            # interface for when there are multiple auth providers
-            # allowing explicit authenticated association.
-            fixed_delegated_auth = (
-                trans.app.config.enable_oidc
-                and len(trans.app.config.oidc) == 1
-                and len(trans.app.auth_manager.authenticators) == 0
-            )
             if not user:
                 if existing_user:
-                    if fixed_delegated_auth:
+                    if trans.app.config.fixed_delegated_auth:
                         user = existing_user
                     else:
                         message = f"There already exists a user with email {email}.  To associate this external login, you must first be logged in as that existing account."
@@ -235,7 +223,7 @@ def callback(self, state_token, authz_code, trans, login_redirect_url):
                 refresh_expiration_time=refresh_expiration_time,
             )
             label = self.config["label"]
-            if fixed_delegated_auth:
+            if trans.app.config.fixed_delegated_auth:
                 redirect_url = login_redirect_url
             elif existing_user and existing_user != user:
                 redirect_url = (

diff --git a/lib/galaxy/config/__init__.py b/lib/galaxy/config/__init__.py
@@ -857,6 +857,7 @@ def _process_config(self, kwargs: Dict[str, Any]) -> None:
         self.builds_file_path = os.path.join(self.tool_data_path, self.builds_file_path)
         self.len_file_path = os.path.join(self.tool_data_path, self.len_file_path)
         self.oidc: Dict[str, Dict] = {}
+        self.fixed_delegated_auth: bool = False
         self.integrated_tool_panel_config = self._in_managed_config_dir(self.integrated_tool_panel_config)
         integrated_tool_panel_tracking_directory = kwargs.get("integrated_tool_panel_tracking_directory")
         if integrated_tool_panel_tracking_directory:

diff --git a/lib/galaxy/managers/configuration.py b/lib/galaxy/managers/configuration.py
@@ -113,7 +113,6 @@ def _config_is_truthy(item, key, **context):
             return True if item.get(key) else False
 
         object_store = self.app.object_store
-        auth_manager = self.app.auth_manager
         self.serializers: Dict[str, base.Serializer] = {
             # TODO: this is available from user data, remove
             "is_admin_user": lambda *a, **c: False,
@@ -209,11 +208,7 @@ def _config_is_truthy(item, key, **context):
             "tool_training_recommendations_link": _use_config,
             "tool_training_recommendations_api_url": _use_config,
             "enable_notification_system": _use_config,
-            "fixed_delegated_auth": lambda item, key, **context: (
-                bool(item.get("enable_oidc"))
-                and len(list(_use_config(item, "oidc", **context))) == 1
-                and len(list(auth_manager.authenticators)) == 0
-            ),
+            "fixed_delegated_auth": _defaults_to(False),
         }