Remove get_authenticators

Author: DiamondJoseph

tiled/server/app.py

@@ -10,7 +10,7 @@
 from contextlib import asynccontextmanager
 from functools import cache, partial
 from pathlib import Path
-from typing import Optional
+from typing import Optional, Union
 
 import anyio
 import packaging.version
@@ -52,13 +52,7 @@
 from .dependencies import get_root_tree
 from .router import get_router
 from .settings import Settings, get_settings
-from .utils import (
-    API_KEY_COOKIE_NAME,
-    CSRF_COOKIE_NAME,
-    get_authenticators,
-    get_root_url,
-    record_timing,
-)
+from .utils import API_KEY_COOKIE_NAME, CSRF_COOKIE_NAME, get_root_url, record_timing
 
 SAFE_METHODS = {"GET", "HEAD", "OPTIONS", "TRACE"}
 SENSITIVE_COOKIES = {
@@ -134,7 +128,7 @@ def build_app(
         Dict of other server configuration.
     """
     authentication = authentication or {}
-    authenticators = {
+    authenticators: dict[str, Union[ExternalAuthenticator, InternalAuthenticator]] = {
         spec["provider"]: spec["authenticator"]
         for spec in authentication.get("providers", [])
     }
@@ -354,6 +348,7 @@ async def unhandled_exception_handler(
         serialization_registry,
         deserialization_registry,
         validation_registry,
+        authenticators,
     )
     app.include_router(router, prefix="/api/v1")
 
@@ -404,10 +399,6 @@ async def unhandled_exception_handler(
     else:
         app.state.authenticated = False
 
-    @cache
-    def override_get_authenticators():
-        return authenticators
-
     @cache
     def override_get_root_tree():
         return tree
@@ -733,7 +724,6 @@ async def set_cookies(request: Request, call_next):
         return response
 
     app.openapi = partial(custom_openapi, app)
-    app.dependency_overrides[get_authenticators] = override_get_authenticators
     app.dependency_overrides[get_root_tree] = override_get_root_tree
     app.dependency_overrides[get_settings] = override_get_settings
 

tiled/server/authentication.py

@@ -64,7 +64,7 @@
 from .core import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE, json_or_msgpack
 from .protocols import ExternalAuthenticator, InternalAuthenticator, UserSessionState
 from .settings import Settings, get_settings
-from .utils import API_KEY_COOKIE_NAME, get_authenticators, get_base_url
+from .utils import API_KEY_COOKIE_NAME, get_base_url
 
 ALGORITHM = "HS256"
 UNIT_SECOND = timedelta(seconds=1)
@@ -237,9 +237,9 @@ async def move_api_key(request: Request, api_key: Optional[str] = Depends(get_ap
 
 
 async def get_scopes_from_api_key(
-    api_key: str, settings: Settings, authenticators, db
+    api_key: str, settings: Settings, authenticated: bool, db: Optional[AsyncSession]
 ) -> Sequence[str]:
-    if not authenticators:
+    if not authenticated:
         # Tiled is in a "single user" mode with only one API key.
         return (
             USER_SCOPES
@@ -274,14 +274,16 @@ async def get_scopes_from_api_key(
 
 
 async def get_current_scopes(
+    request: Request,
     decoded_access_token: Optional[dict[str, Any]] = Depends(get_decoded_access_token),
     api_key: Optional[str] = Depends(get_api_key),
     settings: Settings = Depends(get_settings),
-    authenticators=Depends(get_authenticators),
     db: Optional[AsyncSession] = Depends(get_database_session),
 ) -> set[str]:
     if api_key is not None:
-        return await get_scopes_from_api_key(api_key, settings, authenticators, db)
+        return await get_scopes_from_api_key(
+            api_key, settings, request.app.state.authenticated, db
+        )
     elif decoded_access_token is not None:
         return decoded_access_token["scp"]
     else:
@@ -311,7 +313,6 @@ async def get_current_principal(
     decoded_access_token: str = Depends(get_decoded_access_token),
     api_key: str = Depends(get_api_key),
     settings: Settings = Depends(get_settings),
-    authenticators=Depends(get_authenticators),
     db: Optional[AsyncSession] = Depends(get_database_session),
     # TODO: https://github.com/bluesky/tiled/issues/923
     # Remove non-Principal return types
@@ -329,7 +330,7 @@ async def get_current_principal(
     """
 
     if api_key is not None:
-        if authenticators:
+        if request.app.state.authenticated:
             # Tiled is in a multi-user configuration with authentication providers.
             # We store the hashed value of the API key secret.
             # By comparing hashes we protect against timing attacks.

tiled/server/router.py

@@ -37,7 +37,7 @@
 from ..utils import SpecialUsers, ensure_awaitable, patch_mimetypes, path_from_uri
 from ..validation_registration import ValidationError, ValidationRegistry
 from . import schemas
-from .authentication import get_authenticators, get_current_principal
+from .authentication import get_current_principal
 from .core import (
     DEFAULT_PAGE_SIZE,
     DEPTH_LIMIT,
@@ -142,14 +142,14 @@ def get_router(
     serialization_registry: SerializationRegistry,
     deserialization_registry: SerializationRegistry,
     validation_registry: ValidationRegistry,
+    authenticators: dict[str, Union[ExternalAuthenticator, InternalAuthenticator]],
 ) -> APIRouter:
     router = APIRouter()
 
     @router.get("/", response_model=About)
     async def about(
         request: Request,
         settings: Settings = Depends(get_settings),
-        authenticators=Depends(get_authenticators),
     ):
         # TODO The lazy import of entry modules and serializers means that the
         # lists of formats are not populated until they are first used. Not very

tiled/server/utils.py

@@ -10,13 +10,6 @@
 CSRF_COOKIE_NAME = "tiled_csrf"
 
 
-def get_authenticators():
-    raise NotImplementedError(
-        "This should be overridden via dependency_overrides. "
-        "See tiled.server.app.build_app()."
-    )
-
-
 @contextlib.contextmanager
 def record_timing(metrics, key):
     """