[irods#635] Free fcns now have keyword parameter to dictate overwriting of old .irodsA

d-w-moore · alanking · commit b4599282a362 · 2024-12-11T17:32:27.000-05:00
diff --git a/README.md b/README.md
@@ -178,7 +178,9 @@ Note, in the `pam_password` case, this involves sending the cleartext password
 to the server (SSL should thus be enabled!) and then writing the scrambled token that
 returns from the transaction.
 
-If an .irodsA file exists already, it will be overwritten.
+If an .irodsA file exists already, it will be overwritten by default; however, if these functions'
+overwrite parameter is set to `False`, an exception of type `irods.client_init.irodsA_already_exists`
+will be raised to indicate the older .irodsA file is present.
 
 Examples:
 For the `native` authentication scheme, we can use the currently set iRODS password to create .irodsA file from Python thus:
diff --git a/irods/client_init.py b/irods/client_init.py
@@ -1,34 +1,65 @@
+import contextlib
+import getpass
+import os
+import sys
+
 from irods import (env_filename_from_keyword_args, derived_auth_filename)
 import irods.client_configuration as cfg
 import irods.password_obfuscation as obf
 import irods.helpers as h
-import getpass
-import os
-import sys
 
-def write_native_credentials_to_secrets_file(password, **kw):
-    env_file = env_filename_from_keyword_args(kw)
-    auth_file = derived_auth_filename(env_file)
-    old_mask = None
+@contextlib.contextmanager
+def _open_file_for_protected_contents(file_path, *arg, **kw):
+    f = old_mask = None
     try:
         old_mask = os.umask(0o77)
-        open(auth_file,'w').write(obf.encode(password))
+        f = open(file_path, *arg, **kw)
+        yield f
     finally:
         if old_mask is not None:
             os.umask(old_mask)
-            
-    return True
+        if f is not None:
+            f.close()
+
+class irodsA_already_exists(Exception):
+    pass
+
+def _write_encoded_auth_value(auth_file, encode_input, overwrite):
+    if not auth_file:
+        raise RuntimeError(f'Path to irodsA ({auth_file}) is null.')
+    if not overwrite and os.path.exists(auth_file):
+        raise irodsA_already_exists(f'Overwriting not enabled and {auth_file} already exists.')
+    with _open_file_for_protected_contents(auth_file, 'w') as irodsA:
+        irodsA.write(obf.encode(encode_input))
+
+def write_native_credentials_to_secrets_file(password, overwrite = True, **kw):
+    """Write the credentials to an .irodsA file that will enable logging in with native authentication
+       using the given cleartext password.
+
+       If overwrite is False, irodsA_already_exists will be raised if an .irodsA is found at the 
+       expected path.
+    """
+    env_file = env_filename_from_keyword_args(kw)
+    auth_file = derived_auth_filename(env_file)
+    _write_encoded_auth_value(auth_file, password, overwrite)
+
+def write_pam_credentials_to_secrets_file(password, overwrite = True, **kw):
+    """Write the credentials to an .irodsA file that will enable logging in with PAM authentication
+       using the given cleartext password.
 
-def write_pam_credentials_to_secrets_file( password ,**kw):
+       If overwrite is False, irodsA_already_exists will be raised if an .irodsA is found at the 
+       expected path.
+     """
     s = h.make_session()
     s.pool.account.password = password
+    to_encode = []
     with cfg.loadlines( [dict(setting='legacy_auth.pam.password_for_auto_renew',value=None),
                          dict(setting='legacy_auth.pam.store_password_to_environment',value=False)] ):
         to_encode = s.pam_pw_negotiated
-    if to_encode:
-        open(s.pool.account.derived_auth_file,'w').write(obf.encode(to_encode[0]))
-        return True
-    return False
+    if not to_encode:
+        raise RuntimeError(f'Password token was not passed from server.')
+    auth_file = s.pool.account.derived_auth_file
+    _write_encoded_auth_value(auth_file, to_encode[0], overwrite)
 
 if __name__ == '__main__':
     vector = {
