Always store principals as strings

di · di · commit d925a0c5f988 · 2017-12-26T14:50:38.000-05:00
Before, these were always UUID objects, but since #1329 this is stored as a string for session-based authentication only. To keep everything consistent, always use strings over UUID objects.
diff --git a/tests/unit/accounts/test_auth_policy.py b/tests/unit/accounts/test_auth_policy.py
@@ -11,6 +11,7 @@
 # limitations under the License.
 
 import pretend
+import uuid
 
 from pyramid import authentication
 from pyramid.interfaces import IAuthenticationPolicy
@@ -74,7 +75,7 @@ def test_unauthenticated_userid_with_userid(self, monkeypatch):
         add_vary_cb = pretend.call_recorder(lambda *v: vary_cb)
         monkeypatch.setattr(auth_policy, "add_vary_callback", add_vary_cb)
 
-        userid = pretend.stub()
+        userid = uuid.uuid4()
         service = pretend.stub(
             find_userid=pretend.call_recorder(lambda username: userid),
         )
@@ -83,7 +84,7 @@ def test_unauthenticated_userid_with_userid(self, monkeypatch):
             add_response_callback=pretend.call_recorder(lambda cb: None),
         )
 
-        assert policy.unauthenticated_userid(request) is userid
+        assert policy.unauthenticated_userid(request) == str(userid)
         assert extract_http_basic_credentials.calls == [pretend.call(request)]
         assert request.find_service.calls == [
             pretend.call(IUserService, context=None),
diff --git a/tests/unit/packaging/test_models.py b/tests/unit/packaging/test_models.py
@@ -95,10 +95,10 @@ def test_acl(self, db_session):
 
         assert project.__acl__() == [
             (Allow, "group:admins", "admin"),
-            (Allow, owner1.user.id, ["manage", "upload"]),
-            (Allow, owner2.user.id, ["manage", "upload"]),
-            (Allow, maintainer1.user.id, ["upload"]),
-            (Allow, maintainer2.user.id, ["upload"]),
+            (Allow, str(owner1.user.id), ["manage", "upload"]),
+            (Allow, str(owner2.user.id), ["manage", "upload"]),
+            (Allow, str(maintainer1.user.id), ["upload"]),
+            (Allow, str(maintainer2.user.id), ["upload"]),
         ]
 
 
diff --git a/warehouse/accounts/auth_policy.py b/warehouse/accounts/auth_policy.py
@@ -34,7 +34,7 @@ def unauthenticated_userid(self, request):
         # want to locate the userid from the IUserService.
         if username is not None:
             login_service = request.find_service(IUserService, context=None)
-            return login_service.find_userid(username)
+            return str(login_service.find_userid(username))
 
 
 class SessionAuthenticationPolicy(_SessionAuthenticationPolicy):
diff --git a/warehouse/packaging/models.py b/warehouse/packaging/models.py
@@ -148,9 +148,9 @@ def __acl__(self):
                 query.all(),
                 key=lambda x: ["Owner", "Maintainer"].index(x.role_name)):
             if role.role_name == "Owner":
-                acls.append((Allow, role.user.id, ["manage", "upload"]))
+                acls.append((Allow, str(role.user.id), ["manage", "upload"]))
             else:
-                acls.append((Allow, role.user.id, ["upload"]))
+                acls.append((Allow, str(role.user.id), ["upload"]))
         return acls
 
     @property
