Allow invalidation of keyring authenticator

2023-12-21 10:23:01 +01:00 · 2021-05-25 15:02:35 +02:00 · 2021-05-25 15:02:35 +02:00 · d905e95dbb
commit d905e95dbb
parent 61430c8739
1 changed files with 32 additions and 17 deletions
--- a/PFERD/auth/keyring.py
+++ b/PFERD/auth/keyring.py
@ -4,17 +4,14 @@ import keyring

 from ..config import Config
 from ..logging import log
-from ..utils import agetpass
+from ..utils import agetpass, ainput
 from ..version import NAME
 from .authenticator import Authenticator, AuthError, AuthSection


 class KeyringAuthSection(AuthSection):
-    def username(self) -> str:
-        name = self.s.get("username")
-        if name is None:
-            self.missing_value("username")
-        return name
+    def username(self) -> Optional[str]:
+        return self.s.get("username")

    def keyring_name(self) -> str:
        return self.s.get("keyring_name", fallback=NAME)
@ -34,23 +31,41 @@ class KeyringAuthenticator(Authenticator):
        self._password: Optional[str] = None
        self._keyring_name = section.keyring_name()

+        self._password_invalidated = False
+        self._username_fixed = section.username() is not None
+
    async def credentials(self) -> Tuple[str, str]:
-        if self._password is not None:
-            return self._username, self._password
-
-        password = keyring.get_password(self._keyring_name, self._username)
-
-        if not password:
+        # Request the username
+        if self._username is None:
            async with log.exclusive_output():
-                password = await agetpass("Password: ")
-                keyring.set_password(self._keyring_name, self._username, password)
+                self._username = await ainput("Username: ")

-        self._password = password
+        # First try looking it up in the keyring.
+        # Do not look it up if it was invalidated - we want to re-prompt in this case
+        if self._password is None and not self._password_invalidated:
+            self._password = keyring.get_password(self._keyring_name, self._username)

-        return self._username, password
+        # If that fails it wasn't saved in the keyring - we need to
+        # read it from the user and store it
+        if self._password is None:
+            async with log.exclusive_output():
+                self._password = await agetpass("Password: ")
+                keyring.set_password(self._keyring_name, self._username, self._password)
+
+        self._password_invalidated = False
+        return self._username, self._password

    def invalidate_credentials(self) -> None:
+        if not self._username_fixed:
+            self.invalidate_username()
        self.invalidate_password()

+    def invalidate_username(self) -> None:
+        if self._username_fixed:
+            raise AuthError("Configured username is invalid")
+        else:
+            self._username = None
+
    def invalidate_password(self) -> None:
-        raise AuthError("Invalid password")
+        self._password = None
+        self._password_invalidated = True