Base sessions on UUIDs.

Now that a backfill has been applied, sessions can now be based on UUIDs
because all users will have one.

auth/permissions.py

@@ -58,8 +58,8 @@ SCOPE_MAX_USER_ROLES.update({
 
 
 class QuayDeferredPermissionUser(Identity):
-  def __init__(self, db_id, auth_type, scopes):
-    super(QuayDeferredPermissionUser, self).__init__(db_id, auth_type)
+  def __init__(self, uuid, auth_type, scopes):
+    super(QuayDeferredPermissionUser, self).__init__(uuid, auth_type)
 
     self._permissions_loaded = False
     self._scope_set = scopes
@@ -88,7 +88,7 @@ class QuayDeferredPermissionUser(Identity):
   def can(self, permission):
     if not self._permissions_loaded:
       logger.debug('Loading user permissions after deferring.')
-      user_object = model.get_user_by_id(self.id)
+      user_object = model.get_user_by_uuid(self.id)
 
       # Add the superuser need, if applicable.
       if (user_object.username is not None and
@@ -228,11 +228,11 @@ def on_identity_loaded(sender, identity):
   # We have verified an identity, load in all of the permissions
 
   if isinstance(identity, QuayDeferredPermissionUser):
-    logger.debug('Deferring permissions for user: %s', identity.id)
+    logger.debug('Deferring permissions for user with uuid: %s', identity.id)
 
-  elif identity.auth_type == 'user_db_id':
-    logger.debug('Switching username permission to deferred object: %s', identity.id)
-    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_db_id', {scopes.DIRECT_LOGIN})
+  elif identity.auth_type == 'user_uuid':
+    logger.debug('Switching username permission to deferred object with uuid: %s', identity.id)
+    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_uuid', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=switch_to_deferred)
 
   elif identity.auth_type == 'token':