Refactor: Migrate to 2.0-style security policies (pypi#11218)

* warehouse: begin using security policies WIP. * Remove pyramid-multiauth, begin switching to security policies * migrations: remove incorrectly checked in migrations * warehouse: fix principals a little bit * warehouse: begin using real security policies Also fixes the weirdness with ACLs. * warehouse: port basic auth * warehouse: port macaroon policy, remove transition shim * utils/security_policy: fix principals Again. * warehouse: fix lint * tests/unit: rename-o-rama * Improve the readabililty of the overall diff * warehouse: refactor security policies Punt principal handling further down, remove the generic identity implementation, etc. etc. * macaroons/security_policy: remove redundant route check * accounts/security_policy: lint * Update warehouse/utils/security_policy.py Co-authored-by: Joachim Jablon <ewjoachim@gmail.com> * macaroons/security_policy: avoid a DB roundtrip * utils/security_policy: simplify principals, add comment * utils/security_policy: re-add id principal * warehouse: disambiguate user IDs inside the principal set * packaging/models: blacken * tests, warehouse: the long and winding road * tests/packaging: fix ACL tests * tests, warehouse: rewrite account security policy tests * macaroons: make the tests pass * tests: finish tests * warehouse: move session invalidation to session authn * tests, warehouse: update tests * utils/security_policy: authenticated_userid only works for user identities * tests: update utils/security_policy tests Co-authored-by: Dustin Ingram <di@users.noreply.github.com> Co-authored-by: Joachim Jablon <ewjoachim@gmail.com>
domdfcoding · May 2, 2022 · 975a485 · 975a485
1 parent ad9eb8f
commit 975a485
Show file tree

Hide file tree

Showing 17 changed files with 1,272 additions and 900 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -38,7 +38,6 @@ module = [
     "pyramid.*", # https://github.com/Pylons/pyramid/issues/2638
     "pyramid_jinja2.*",
     "pyramid_mailer.*",
-    "pyramid_multiauth.*",
     "pyramid_retry.*",
     "pyramid_rpc.*",
     "pyqrcode.*",

diff --git a/requirements/main.in b/requirements/main.in
@@ -35,7 +35,6 @@ pycurl
 pyqrcode
 pyramid>=2.0
 pymacaroons
-pyramid-multiauth
 pyramid_jinja2>=2.5
 pyramid_mailer>=0.14.1
 pyramid_retry>=0.3

diff --git a/requirements/main.txt b/requirements/main.txt
@@ -990,7 +990,6 @@ pyramid==2.0 \
     #   -r requirements/main.in
     #   pyramid-jinja2
     #   pyramid-mailer
-    #   pyramid-multiauth
     #   pyramid-retry
     #   pyramid-rpc
     #   pyramid-services
@@ -1003,10 +1002,6 @@ pyramid-mailer==0.15.1 \
     --hash=sha256:28d4a7829ebc19dd40e712d8cb1998cec03c296ba675b2c112a503539738bdc1 \
     --hash=sha256:ec0aff54d9179b2aa2922ff82c2016a4dc8d1da5dc3408d6594f0e2096446f9b
     # via -r requirements/main.in
-pyramid-multiauth==1.0.1 \
-    --hash=sha256:6d8785558e1d0bbe0d0da43e296efc0fbe0de5071d1f9b1091e891f0e4ec9682 \
-    --hash=sha256:c265258af8021094e5b98602e8bfe094eec1350eebb56473f36cd0e076910822
-    # via -r requirements/main.in
 pyramid-retry==2.1.1 \
     --hash=sha256:b5129a60eb9d7409234ea52839006426d2ae887b4a1f0530c75ec336cabf2476 \
     --hash=sha256:baa8276ae68babad09e5f2f94efc4f7421f3b8fb526151df522052f8cd3ec0c9

diff --git a/tests/unit/accounts/test_auth_policy.py b/tests/unit/accounts/test_auth_policy.py