Fix handling of tokens in the new context block of the JWT

2015-12-15 16:52:22 -05:00 · 2015-12-15 16:52:22 -05:00 · 4e942203cb
commit 4e942203cb
parent 4a84388f15
2 changed files with 34 additions and 2 deletions
--- a/auth/registry_jwt_auth.py
+++ b/auth/registry_jwt_auth.py
@ -95,7 +95,11 @@ def get_granted_entity():
    return GrantedEntity(user=user)

  if kind == 'token':
-    return GrantedEntity(token=context.get('token'))
+    token = model.token.load_token_data(context.get('token'))
+    if not token:
+      return None
+
+    return GrantedEntity(token=token)

  if kind == 'oauth':
    user = model.user.get_user(context.get('user', ''))
@ -142,7 +146,7 @@ def build_context_and_subject(user, token, oauthtoken):
  if token:
    context = {
      'kind': 'token',
-      'token': token,
+      'token': token.code,
    }
    return (context, None)

--- a/test/registry_tests.py
+++ b/test/registry_tests.py
@ -12,6 +12,7 @@ from flask.ext.testing import LiveServerTestCase

 from app import app
 from data.database import close_db_filter, configure
+from data import model
 from endpoints.v1 import v1_bp
 from endpoints.v2 import v2_bp
 from endpoints.verbs import verbs
@ -66,6 +67,14 @@ def set_feature(feature_name):
  features._FEATURES[feature_name].value = request.get_json()['value']
  return jsonify({'old_value': old_value})

+@testbp.route('/addtoken', methods=['POST'])
+def addtoken():
+  another_token = model.token.create_delegate_token('devtable', 'newrepo', 'my-new-token', 'write')
+  another_token.code = 'somecooltokencode'
+  another_token.save()
+  return 'OK'
+
+
@testbp.route('/reloadapp', methods=['POST'])
 def reload_app():
  # Close any existing connection.
@ -597,6 +606,25 @@ class RegistryTestsMixin(object):
    self.assertEquals('buynlarge+ownerbot', logs[0]['performer']['name'])


+  def test_push_pull_logging_bytoken(self):
+    # Push the repository.
+    self.do_push('devtable', 'newrepo', 'devtable', 'password')
+
+    # Add a token.
+    self.conduct('POST', '/__test/addtoken')
+
+    # Pull the repository.
+    self.do_pull('devtable', 'newrepo', '$token', 'somecooltokencode')
+
+    # Retrieve the logs and ensure the pull was added.
+    self.conduct_api_login('devtable', 'password')
+    result = self.conduct('GET', '/api/v1/repository/devtable/newrepo/logs')
+    logs = result.json()['logs']
+
+    self.assertEquals('pull_repo', logs[0]['kind'])
+    self.assertEquals('my-new-token', logs[0]['metadata']['token'])
+
+
  def test_push_pull_logging_byoauth(self):
    # Push the repository.
    self.do_push('devtable', 'newrepo', 'devtable', 'password')