Skip to content

Replace Userrequest.identity usages with UserContext #15748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
woodruffw opened this issue Apr 10, 2024 · 2 comments · Fixed by #15757
Closed

Replace Userrequest.identity usages with UserContext #15748

woodruffw opened this issue Apr 10, 2024 · 2 comments · Fixed by #15757
Labels
security Security-related issues and pull requests

Comments

@woodruffw
Copy link
Member

Following #15581 and #15590: we now have three types that a request.identity can be:

  • User when the identity is a user backed by a login session
  • UserTokenContext when the identity is a user backed by an API token (i.e. macaroon)
  • PublisherTokenContext when the identity is an OIDCPublisher backed by an API token

Of these, User and UserTokenContext are confusable and prone to error. We should probably collapse them into a single UserContext type of the following shape:

@dataclass
class UserContext:
    user: User
    """
    The associated user.
    """

    macaroon: Macaroon | None
    """
    The Macaroon associated to the API token used to authenticate, if token authentication was used.
    """

    def __principals__(self) -> list[str]:
        return self.user.__principals__()

...with that, we'll be able to remove UserTokenContext and simplify request.identity back down to just two types.
@woodruffw
Copy link
Member Author

CC @facutuesca

@miketheman miketheman added the security Security-related issues and pull requests label Apr 10, 2024
@facutuesca facutuesca mentioned this issue Apr 11, 2024
Merged
@facutuesca
Copy link
Contributor

PR open here: #15757

@di di closed this as completed in #15757 Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Security-related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Combine User and UserTokenContext for user-backed identities in requests trail-of-forks/warehouse
3 participants
@miketheman @woodruffw @facutuesca