warehouse icon indicating copy to clipboard operation
warehouse copied to clipboard

Published 20 hours ago verified publisher icon pypi

Replace `User``request.identity` usages with `UserContext`

Open woodruffw opened this issue 1 year ago • 2 comments

Following https://github.com/pypi/warehouse/pull/15581 and https://github.com/pypi/warehouse/pull/15590: we now have three types that a request.identity can be:

  • User when the identity is a user backed by a login session
  • UserTokenContext when the identity is a user backed by an API token (i.e. macaroon)
  • PublisherTokenContext when the identity is an OIDCPublisher backed by an API token

Of these, User and UserTokenContext are confusable and prone to error. We should probably collapse them into a single UserContext type of the following shape:

@dataclass
class UserContext:
    user: User
    """
    The associated user.
    """

    macaroon: Macaroon | None
    """
    The Macaroon associated to the API token used to authenticate, if token authentication was used.
    """

    def __principals__(self) -> list[str]:
        return self.user.__principals__()

...with that, we'll be able to remove UserTokenContext and simplify request.identity back down to just two types.

woodruffw avatar Apr 10 '24 17:04 woodruffw

CC @facutuesca

woodruffw avatar Apr 10 '24 17:04 woodruffw

PR open here: https://github.com/pypi/warehouse/pull/15757

facutuesca avatar Apr 11 '24 17:04 facutuesca