Skip to content

Re-add UserTokenContext, with instance checks #15590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Mar 20, 2024
Merged

Re-add UserTokenContext, with instance checks #15590

merged 14 commits into from
Mar 20, 2024

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Mar 14, 2024
edited
Loading

Reverts #15588, reviving #15581.

WIP while I add both coverage and determine a backstop test approach here.

@woodruffw woodruffw mentioned this pull request Mar 14, 2024
Merged
@woodruffw woodruffw self-assigned this Mar 14, 2024
@woodruffw woodruffw marked this pull request as ready for review March 14, 2024 01:11
@woodruffw woodruffw requested a review from a team as a code owner March 14, 2024 01:11
@woodruffw woodruffw mentioned this pull request Mar 14, 2024
Open
@di
Copy link
Member

di commented Mar 14, 2024

There was another failure case in #15586 which I couldn't root-cause: "caveat must be an array", which change covers that here?

@woodruffw
Copy link
Member Author

There was another failure case in #15586 which I couldn't root-cause: "caveat must be an array", which change covers that here?

Hmm, that happens in caveats._core.deserialize_obj. Looking now...

@woodruffw
Copy link
Member Author

Oh, I think that error happens as a variant of #15588 (comment) when the API token is in the "legacy" format: we call _adapt_v1, which then contains a request.user check which would fail because request.user == None before this fix.

Relevant bit:

    # Our V1 token didn't have a way to specify that a token should be
    # restricted to a specific user, just that it was scoped to "the user",
    # which the user was whoever the token was linked to in the database.
    # Our new tokens strengthens that to validate that the linked user
    # matches who it is expected to be, but since we don't have that
    # data for V1 tokens, we'll just use the current user.
    if permissions == "user":
        request = get_current_request()

        # If we don't have a current request, then we can't validate this
        # token.
        if request is None:
            return None

        # If we don't have a user associated with this request, then we
        # can't validate this token.
        if request.user is None:
            return None

        return [3, str(request.user.id)]

So we'd return None, from _adapt_v1, which would then cause the "must be an array" error.

@woodruffw
Copy link
Member Author

I've added some tests for the behavior here, but I'm not immediately sure how to "backstop" this -- maybe some additional test_legacy tests that ensure uploads succeed when the "user" identity is of both sorts?

@woodruffw
Copy link
Member Author

This should be good to go now: I've added a layer of configurations on test_successful_upload that ensures identity=UserTokenContext works as expected.

@woodruffw woodruffw requested review from miketheman and di March 18, 2024 15:36
di
di approved these changes Mar 20, 2024
View reviewed changes
Copy link
Member

@di di left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@woodruffw Can you rebase & get tests passing?

@woodruffw
Copy link
Member Author

@woodruffw Can you rebase & get tests passing?

Should be good now!

@di di merged commit 7cd485b into pypi:main Mar 20, 2024
javanlacerda pushed a commit to javanlacerda/warehouse that referenced this pull request Mar 25, 2024
@woodruffw @javanlacerda
Re-add UserTokenContext, with instance checks (pypi#15590)
feaba81 
* Revert "Revert "Return `Macaroon` alongside `User` in `MacaroonSecurityPolicy.identity` (pypi#15581)" (pypi#15588)"

This reverts commit 5eba9cb.

* warehouse: add UserTokenContext checks

* warehouse: reformat, circular import

* tests: coverage

* tests: reformat

* warehouse: remove UserTokenContext.id

Eliminate the line that needed it.

* accounts/utils: lintage

* test_legacy: backstop behavior

Signed-off-by: William Woodruff <[email protected]>

* tests/unit: lintage

---------

Signed-off-by: William Woodruff <[email protected]>
@woodruffw woodruffw mentioned this pull request Apr 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@miketheman miketheman Awaiting requested review from miketheman

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@woodruffw @di