Refactor: Migrate to 2.0-style security policies by woodruffw · Pull Request #11218 · pypi/warehouse (original) (raw)

domdfcoding pushed a commit to domdfcoding/warehouse that referenced this pull request

Jun 7, 2022

• warehouse: begin using security policies

WIP.

• Remove pyramid-multiauth, begin switching to security policies

• migrations: remove incorrectly checked in migrations

• warehouse: fix principals a little bit

• warehouse: begin using real security policies

Also fixes the weirdness with ACLs.

• warehouse: port basic auth

• warehouse: port macaroon policy, remove transition shim

• utils/security_policy: fix principals

Again.

• warehouse: fix lint

• tests/unit: rename-o-rama

• Improve the readabililty of the overall diff

• warehouse: refactor security policies

Punt principal handling further down, remove the generic identity implementation, etc. etc.

• macaroons/security_policy: remove redundant route check

• accounts/security_policy: lint

• Update warehouse/utils/security_policy.py

Co-authored-by: Joachim Jablon ewjoachim@gmail.com

• macaroons/security_policy: avoid a DB roundtrip

• utils/security_policy: simplify principals, add comment

• utils/security_policy: re-add id principal

• warehouse: disambiguate user IDs inside the principal set

• packaging/models: blacken

• tests, warehouse: the long and winding road

• tests/packaging: fix ACL tests

• tests, warehouse: rewrite account security policy tests

• macaroons: make the tests pass

• tests: finish tests

• warehouse: move session invalidation to session authn

• tests, warehouse: update tests

• utils/security_policy: authenticated_userid only works for user identities

• tests: update utils/security_policy tests

Co-authored-by: Dustin Ingram di@users.noreply.github.com Co-authored-by: Joachim Jablon ewjoachim@gmail.com