Refactor method names

galaxyproject · Nov 3, 2023 · c08a915 · c08a915
1 parent 0e01b93
commit c08a915
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 6 deletions.
diff --git a/lib/galaxy/authnz/__init__.py b/lib/galaxy/authnz/__init__.py
@@ -87,3 +87,16 @@ def logout(self, trans, post_user_logout_href=None):
         :param post_user_logout_href: Optional URL to redirect to after logging out of IDP.
         """
         raise NotImplementedError()
+
+    def find_user_by_access_token(self, sa_session, access_token):
+        """
+        Locates a user by access_token. The access token must be verified prior
+        to returning the relevant user.
+
+        :type  sa_session:      sqlalchemy.orm.scoping.scoped_session
+        :param sa_session:      SQLAlchemy database handle.
+
+        :type  access_token: string
+        :param access_token: An OIDC access token
+        """
+        raise NotImplementedError()
diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py
@@ -501,7 +501,7 @@ def _username_from_userinfo(trans, userinfo):
         else:
             return username
 
-    def match_access_token_to_user(self, sa_session, access_token):
+    def find_user_by_access_token(self, sa_session, access_token):
         signing_key = self.jwks_client.get_signing_key_from_jwt(access_token)
         decoded_jwt = jwt.decode(
             access_token,

diff --git a/lib/galaxy/authnz/managers.py b/lib/galaxy/authnz/managers.py
@@ -408,26 +408,28 @@ def create_user(self, provider, token, trans, login_redirect_url):
             log.exception(msg)
             return False, msg, (None, None)
 
-    def find_user_by_access_token_in_provider(self, sa_session, provider, access_token):
+    def _find_user_by_access_token_in_provider(self, sa_session, provider, access_token):
         try:
             success, message, backend = self._get_authnz_backend(provider)
             if success is False:
                 msg = f"An error occurred when obtaining user by token with provider `{provider}`: {message}"
                 log.error(msg)
                 return None
-            user = backend.match_access_token_to_user(sa_session, access_token)
+            user = backend.find_user_by_access_token(sa_session, access_token)
             if user:
                 log.debug(f"Found user: {user} via `{provider}` identity provider")
                 return user
             return None
+        except NotImplementedError:
+            return None
         except Exception as e:
             msg = f"An error occurred with provider: {provider} when finding user by token: {e}"
             log.error(msg)
             return None
 
-    def find_user_by_access_token(self, sa_session, access_token):
+    def match_access_token_to_user(self, sa_session, access_token):
         for provider in self.oidc_backends_config:
-            user = self.find_user_by_access_token_in_provider(sa_session, provider, access_token)
+            user = self._find_user_by_access_token_in_provider(sa_session, provider, access_token)
             if user:
                 return user
         return None

diff --git a/lib/galaxy/managers/users.py b/lib/galaxy/managers/users.py
@@ -297,7 +297,7 @@ def by_api_key(self, api_key: str, sa_session=None):
 
     def by_oidc_access_token(self, access_token: str):
         if hasattr(self.app, "authnz_manager") and self.app.authnz_manager:
-            user = self.app.authnz_manager.find_user_by_access_token(self.app.model.session, access_token)  # type: ignore[attr-defined]
+            user = self.app.authnz_manager.match_access_token_to_user(self.app.model.session, access_token)  # type: ignore[attr-defined]
             return user
         else:
             return None