Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor: Migrate to 2.0-style security policies #11218

Merged
merged 37 commits into from
May 2, 2022
Merged

Refactor: Migrate to 2.0-style security policies #11218

merged 37 commits into from
May 2, 2022

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Apr 20, 2022
edited
Loading

Very WIP; pushing up for visibility.

Closes #11211.

Closes #11252.

@woodruffw woodruffw self-assigned this Apr 20, 2022
@woodruffw
Copy link
Member Author

This currently partially works (I can log in and navigate around), but permissions are currently broken for reasons I haven't fully debugged (trying to manage projects returns a 403).

@woodruffw
Copy link
Member Author

This needs a lot of testing, but the basic structure is here:

  • Each of session, basic, and macaroon-based authentication uses a "security policy" rather than 1.0-style AuthN APIs.

  • We provide a new MultiSecurityPolicy that wraps multiple security policies in a manner similar to the now-removed pyramid-multiauth. One significant deviation: MultiSecurityPolicy also handles AuthZ, but it doesn't use each policy's separate AuthZ -- instead it keeps a singular AuthZ policy internal to itself, since Warehouse only has one.

  • Our "identity" structure is now a dictionary with the following format:

    { "entity": entity, "principals": principals }

...where entity can be User model or any other DB model suitable for a particular AuthN/AuthZ flow, and principals is the list of relevant security principles (previously a dedicated part of Pyramid's AuthZ APIs).

@woodruffw woodruffw requested a review from di April 20, 2022 20:34
@woodruffw woodruffw mentioned this pull request Apr 20, 2022
Closed
di
di reviewed Apr 21, 2022
View reviewed changes
warehouse/accounts/__init__.py Outdated Show resolved Hide resolved
warehouse/utils/security_policy.py Outdated Show resolved Hide resolved
warehouse/utils/security_policy.py Outdated Show resolved Hide resolved
warehouse/utils/security_policy.py Show resolved Hide resolved
warehouse/utils/security_policy.py Outdated Show resolved Hide resolved
@woodruffw
warehouse: refactor security policies
0b788d9 
Punt principal handling further down, remove the generic
identity implementation, etc. etc.
@woodruffw woodruffw requested a review from di April 21, 2022 19:32
di
di approved these changes Apr 26, 2022
View reviewed changes
Copy link
Member

@di di left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great. Leaving this open for a little while to give @ewdurbin and @dstufft a chance to review if they are able.

@woodruffw woodruffw mentioned this pull request Apr 27, 2022
Merged
4 tasks
@woodruffw
Copy link
Member Author

This is the main blocker for #11272, which will "finish" the core functionality here (allowing a user to go from a JWT to an ephemeral API token).

di
di approved these changes Apr 28, 2022
View reviewed changes
Copy link
Member

@di di left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is ready to merge once this last comment is addressed.

warehouse/utils/security_policy.py Outdated Show resolved Hide resolved
@woodruffw woodruffw requested a review from di April 29, 2022 00:02
@di di merged commit 975a485 into pypi:main May 2, 2022
@di di deleted the tob-pyramid-2-security-policies branch May 2, 2022 16:49
di added a commit that referenced this pull request May 2, 2022
@di
Revert "Refactor: Migrate to 2.0-style security policies (#11218)"
1c52223 
This reverts commit 975a485.
@woodruffw woodruffw restored the tob-pyramid-2-security-policies branch May 2, 2022 21:31
di added a commit that referenced this pull request May 2, 2022
@di
Revert "Refactor: Migrate to 2.0-style security policies (#11218)" (#…
3b9a831 
…11313)

This reverts commit 975a485.
@woodruffw woodruffw mentioned this pull request May 2, 2022
Closed
woodruffw added a commit to trail-of-forks/warehouse that referenced this pull request May 2, 2022
@woodruffw
Revert "Revert "Refactor: Migrate to 2.0-style security policies (pyp…
174028d 
…i#11218)" (pypi#11313)"

This reverts commit 3b9a831.
@woodruffw woodruffw mentioned this pull request May 2, 2022
Merged
di pushed a commit that referenced this pull request May 2, 2022
@woodruffw
Revert "Revert "Refactor: Migrate to 2.0-style security policies (#11218
8b77dd7 
)" (#11313)" (#11315)

This reverts commit 3b9a831.
@woodruffw woodruffw mentioned this pull request May 3, 2022
Merged
domdfcoding pushed a commit to domdfcoding/warehouse that referenced this pull request Jun 7, 2022
@woodruffw @di
@ewjoachim @domdfcoding
Refactor: Migrate to 2.0-style security policies (pypi#11218)
1a56738 
* warehouse: begin using security policies

WIP.

* Remove pyramid-multiauth, begin switching to security policies

* migrations: remove incorrectly checked in migrations

* warehouse: fix principals a little bit

* warehouse: begin using real security policies

Also fixes the weirdness with ACLs.

* warehouse: port basic auth

* warehouse: port macaroon policy, remove transition shim

* utils/security_policy: fix principals

Again.

* warehouse: fix lint

* tests/unit: rename-o-rama

* Improve the readabililty of the overall diff

* warehouse: refactor security policies

Punt principal handling further down, remove the generic
identity implementation, etc. etc.

* macaroons/security_policy: remove redundant route check

* accounts/security_policy: lint

* Update warehouse/utils/security_policy.py

Co-authored-by: Joachim Jablon <ewjoachim@gmail.com>

* macaroons/security_policy: avoid a DB roundtrip

* utils/security_policy: simplify principals, add comment

* utils/security_policy: re-add id principal

* warehouse: disambiguate user IDs inside the principal set

* packaging/models: blacken

* tests, warehouse: the long and winding road

* tests/packaging: fix ACL tests

* tests, warehouse: rewrite account security policy tests

* macaroons: make the tests pass

* tests: finish tests

* warehouse: move session invalidation to session authn

* tests, warehouse: update tests

* utils/security_policy: authenticated_userid only works for user identities

* tests: update utils/security_policy tests

Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
Co-authored-by: Joachim Jablon <ewjoachim@gmail.com>
domdfcoding pushed a commit to domdfcoding/warehouse that referenced this pull request Jun 7, 2022
@di @domdfcoding
Revert "Refactor: Migrate to 2.0-style security policies (pypi#11218)" (
5aa7595 
pypi#11313)

This reverts commit 975a485.
domdfcoding pushed a commit to domdfcoding/warehouse that referenced this pull request Jun 7, 2022
@woodruffw @domdfcoding
Revert "Revert "Refactor: Migrate to 2.0-style security policies (pyp…
ff614bf 
…i#11218)" (pypi#11313)" (pypi#11315)

This reverts commit 3b9a831.
@woodruffw woodruffw mentioned this pull request Oct 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewjoachim ewjoachim ewjoachim approved these changes

@di di di approved these changes

@ewdurbin ewdurbin Awaiting requested review from ewdurbin

@dstufft dstufft Awaiting requested review from dstufft

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@woodruffw @dstufft @di @ewjoachim