warehouse, tests: pick DB changes from pypi#11122 (pypi#11157)

* warehouse, tests: pick DB changes from pypi#11122

* warehouse: `make translations`

* manage/views: remove outdated note

* warehouse, tests: `Macaroon.permissions -> Macaroon.permissions_caveat`

Emphasizes that this is the entire caveat, and not just the permissions body.

* warehouse: `make translations`

* warehouse/templates: handle stale event caveats

Prior to these changes, the `caveats` field in API token events was
a dictionary, not a list.

* warehouse: `make translations`

Author: woodruffw

tests/unit/integration/github/test_utils.py

@@ -554,7 +554,10 @@ def metrics_increment(key):
     user_id = uuid.UUID(bytes=b"0" * 16)
     user = pretend.stub(id=user_id)
     database_macaroon = pretend.stub(
-        user=user, id=12, caveats={"permissions": "user"}, description="foo"
+        user=user,
+        id=12,
+        permissions_caveat={"permissions": "user", "version": 1},
+        description="foo",
     )
 
     find = pretend.call_recorder(lambda *a, **kw: database_macaroon)

tests/unit/macaroons/test_services.py

@@ -61,7 +61,7 @@ def test_find_macaroon_invalid_macaroon(self, macaroon_service):
     def test_find_macaroon(self, user_service, macaroon_service):
         user = UserFactory.create()
         _, macaroon = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
 
         dm = macaroon_service.find_macaroon(str(macaroon.id))
@@ -72,7 +72,7 @@ def test_find_macaroon(self, user_service, macaroon_service):
     def test_find_from_raw(self, user_service, macaroon_service):
         user = UserFactory.create()
         serialized, macaroon = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
 
         dm = macaroon_service.find_from_raw(serialized)
@@ -116,14 +116,14 @@ def test_find_userid_malformed_macaroon(self, macaroon_service):
     def test_find_userid_valid_macaroon_trailinglinebreak(self, macaroon_service):
         user = UserFactory.create()
         raw_macaroon, _ = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
         assert macaroon_service.find_userid(f"{raw_macaroon}\n") is None
 
     def test_find_userid(self, macaroon_service):
         user = UserFactory.create()
         raw_macaroon, _ = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
         user_id = macaroon_service.find_userid(raw_macaroon)
 
@@ -159,7 +159,7 @@ def test_verify_no_macaroon(self, macaroon_service):
     def test_verify_invalid_macaroon(self, monkeypatch, user_service, macaroon_service):
         user = UserFactory.create()
         raw_macaroon, _ = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
 
         verifier_obj = pretend.stub(verify=pretend.call_recorder(lambda k: False))
@@ -219,7 +219,7 @@ def test_verify_malformed_macaroon(self, macaroon_service):
     def test_verify_valid_macaroon(self, monkeypatch, macaroon_service):
         user = UserFactory.create()
         raw_macaroon, _ = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
 
         verifier_obj = pretend.stub(verify=pretend.call_recorder(lambda k: True))
@@ -238,7 +238,7 @@ def test_verify_valid_macaroon(self, monkeypatch, macaroon_service):
     def test_delete_macaroon(self, user_service, macaroon_service):
         user = UserFactory.create()
         _, macaroon = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
         macaroon_id = str(macaroon.id)
 
@@ -256,7 +256,7 @@ def test_get_macaroon_by_description_no_macaroon(self, macaroon_service):
     def test_get_macaroon_by_description(self, macaroon_service):
         user = UserFactory.create()
         _, macaroon = macaroon_service.create_macaroon(
-            "fake location", user.id, "fake description", {"fake": "caveats"}
+            "fake location", user.id, "fake description", [{"permissions": "user"}]
         )
 
         dm = macaroon_service.find_macaroon(str(macaroon.id))

tests/unit/manage/test_views.py

@@ -1957,10 +1957,12 @@ def test_create_macaroon(self, monkeypatch):
                 location=request.domain,
                 user_id=request.user.id,
                 description=create_macaroon_obj.description.data,
-                caveats={
-                    "permissions": create_macaroon_obj.validated_scope,
-                    "version": 1,
-                },
+                caveats=[
+                    {
+                        "permissions": create_macaroon_obj.validated_scope,
+                        "version": 1,
+                    }
+                ],
             )
         ]
         assert result == {
@@ -1975,10 +1977,12 @@ def test_create_macaroon(self, monkeypatch):
                 tag="account:api_token:added",
                 additional={
                     "description": create_macaroon_obj.description.data,
-                    "caveats": {
-                        "permissions": create_macaroon_obj.validated_scope,
-                        "version": 1,
-                    },
+                    "caveats": [
+                        {
+                            "permissions": create_macaroon_obj.validated_scope,
+                            "version": 1,
+                        }
+                    ],
                 },
             )
         ]
@@ -2044,10 +2048,12 @@ def test_create_macaroon_records_events_for_each_project(self, monkeypatch):
                 location=request.domain,
                 user_id=request.user.id,
                 description=create_macaroon_obj.description.data,
-                caveats={
-                    "permissions": create_macaroon_obj.validated_scope,
-                    "version": 1,
-                },
+                caveats=[
+                    {
+                        "permissions": create_macaroon_obj.validated_scope,
+                        "version": 1,
+                    }
+                ],
             )
         ]
         assert result == {
@@ -2062,10 +2068,12 @@ def test_create_macaroon_records_events_for_each_project(self, monkeypatch):
                 tag="account:api_token:added",
                 additional={
                     "description": create_macaroon_obj.description.data,
-                    "caveats": {
-                        "permissions": create_macaroon_obj.validated_scope,
-                        "version": 1,
-                    },
+                    "caveats": [
+                        {
+                            "permissions": create_macaroon_obj.validated_scope,
+                            "version": 1,
+                        }
+                    ],
                 },
             )
         ]
@@ -2154,9 +2162,7 @@ def test_delete_macaroon_dangerous_redirect(self, monkeypatch):
         assert macaroon_service.delete_macaroon.calls == []
 
     def test_delete_macaroon(self, monkeypatch):
-        macaroon = pretend.stub(
-            description="fake macaroon", caveats={"version": 1, "permissions": "user"}
-        )
+        macaroon = pretend.stub(description="fake macaroon", permissions_caveat="user")
         macaroon_service = pretend.stub(
             delete_macaroon=pretend.call_recorder(lambda id: pretend.stub()),
             find_macaroon=pretend.call_recorder(lambda id: macaroon),
@@ -2213,7 +2219,7 @@ def test_delete_macaroon(self, monkeypatch):
     def test_delete_macaroon_records_events_for_each_project(self, monkeypatch):
         macaroon = pretend.stub(
             description="fake macaroon",
-            caveats={"version": 1, "permissions": {"projects": ["foo", "bar"]}},
+            permissions_caveat={"projects": ["foo", "bar"]},
         )
         macaroon_service = pretend.stub(
             delete_macaroon=pretend.call_recorder(lambda id: pretend.stub()),

warehouse/integrations/github/utils.py

@@ -251,7 +251,9 @@ def _analyze_disclosure(request, disclosure_record, origin):
         additional={
             "macaroon_id": str(database_macaroon.id),
             "public_url": disclosure.public_url,
-            "permissions": database_macaroon.caveats.get("permissions", "user"),
+            "permissions": database_macaroon.permissions_caveat.get(
+                "permissions", "user"
+            ),
             "description": database_macaroon.description,
         },
     )