From 239d28afcc5b179866899b7d5ea7a1f2126653b6 Mon Sep 17 00:00:00 2001
From: memsharded <james@conan.io>
Date: Tue, 8 Oct 2024 16:05:58 +0200
Subject: [PATCH 1/3] fix server auth based on username

---
 conans/client/downloaders/file_downloader.py     | 2 +-
 conans/client/rest/auth_manager.py               | 3 +--
 conans/client/rest/file_uploader.py              | 2 +-
 conans/server/service/authorize.py               | 6 ------
 test/integration/remote/rest_api_test.py         | 6 +++++-
 test/unittests/server/service/authorizer_test.py | 7 +++----
 test/unittests/server/service/service_test.py    | 2 +-
 7 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/conans/client/downloaders/file_downloader.py b/conans/client/downloaders/file_downloader.py
index 19ac00b400c..c71f1455315 100644
--- a/conans/client/downloaders/file_downloader.py
+++ b/conans/client/downloaders/file_downloader.py
@@ -84,7 +84,7 @@ def _download_file(self, url, auth, headers, file_path, verify_ssl, try_resume=F
             if response.status_code == 404:
                 raise NotFoundException("Not found: %s" % url)
             elif response.status_code == 403:
-                if auth is None or (hasattr(auth, "token") and auth.token is None):
+                if auth is None or (hasattr(auth, "bearer") and auth.bearer is None):
                     # TODO: This is a bit weird, why this conversion? Need to investigate
                     raise AuthenticationException(response_to_str(response))
                 raise ForbiddenException(response_to_str(response))
diff --git a/conans/client/rest/auth_manager.py b/conans/client/rest/auth_manager.py
index e67745ba8e4..f69e1d6ec35 100644
--- a/conans/client/rest/auth_manager.py
+++ b/conans/client/rest/auth_manager.py
@@ -7,8 +7,7 @@
 Flow:
     Directly invoke a REST method in RestApiClient, example: get_conan.
     if receives AuthenticationException (not open method) will ask user for login and password
-    and will invoke RestApiClient.get_token() (with LOGIN_RETRIES retries) and retry to call
-    get_conan with the new token.
+    (with LOGIN_RETRIES retries) and retry to call with the new token.
 """
 
 from conan.api.output import ConanOutput
diff --git a/conans/client/rest/file_uploader.py b/conans/client/rest/file_uploader.py
index 13dd9255f58..429150581b0 100644
--- a/conans/client/rest/file_uploader.py
+++ b/conans/client/rest/file_uploader.py
@@ -26,7 +26,7 @@ def _handle_400_response(response, auth):
             raise AuthenticationException(response_to_str(response))
 
         if response.status_code == 403:
-            if auth is None or auth.token is None:
+            if auth is None or auth.bearer is None:
                 raise AuthenticationException(response_to_str(response))
             raise ForbiddenException(response_to_str(response))
 
diff --git a/conans/server/service/authorize.py b/conans/server/service/authorize.py
index a6ce3df90d6..67150205f25 100644
--- a/conans/server/service/authorize.py
+++ b/conans/server/service/authorize.py
@@ -127,9 +127,6 @@ def check_read_conan(self, username, ref):
         username: User that request to read the conans
         ref: RecipeReference
         """
-        if ref.user == username:
-            return
-
         self._check_any_rule_ok(username, self.read_permissions, ref)
 
     def check_write_conan(self, username, ref):
@@ -137,9 +134,6 @@ def check_write_conan(self, username, ref):
         username: User that request to write the conans
         ref: RecipeReference
         """
-        if ref.user == username:
-            return True
-
         self._check_any_rule_ok(username, self.write_permissions, ref)
 
     def check_delete_conan(self, username, ref):
diff --git a/test/integration/remote/rest_api_test.py b/test/integration/remote/rest_api_test.py
index cbb87dcd161..014af5b00b2 100644
--- a/test/integration/remote/rest_api_test.py
+++ b/test/integration/remote/rest_api_test.py
@@ -32,7 +32,11 @@ class RestApiTest(unittest.TestCase):
     def setUpClass(cls):
         if not cls.server:
             with environment_update({"CONAN_SERVER_PORT": str(get_free_port())}):
-                cls.server = TestServerLauncher(server_capabilities=['ImCool', 'TooCool'])
+                read_perms = [("*/*@*/*", "private_user")]
+                write_perms = [("*/*@*/*", "private_user")]
+                cls.server = TestServerLauncher(server_capabilities=['ImCool', 'TooCool'],
+                                                read_permissions=read_perms,
+                                                write_permissions=write_perms)
                 cls.server.start()
 
                 filename = os.path.join(temp_folder(), "conan.conf")
diff --git a/test/unittests/server/service/authorizer_test.py b/test/unittests/server/service/authorizer_test.py
index 1c80b8fe7af..1424dad615b 100644
--- a/test/unittests/server/service/authorizer_test.py
+++ b/test/unittests/server/service/authorizer_test.py
@@ -86,7 +86,7 @@ def test_permissions(self):
         # Only lasote can read it but other conans can be readed
         read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
         # Only pepe (and lasote because its owner) can write it and no more users can write
-        write_perms = [(str(self.openssl_ref), "pepe")]
+        write_perms = [(str(self.openssl_ref), "pepe, lasote")]
 
         authorizer = BasicAuthorizer(read_perms, write_perms)
 
@@ -185,12 +185,11 @@ def test_users(self):
         # Simple user list
         read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")]
         authorizer = BasicAuthorizer(read_perms, [])
-        for u in ['user1','user2','user3']:
+        for u in ['user1', 'user2', 'user3']:
             authorizer.check_read_conan(u, self.openssl_ref)
 
         # Spaces bewteen user names should be ignored
         read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")]
         authorizer = BasicAuthorizer(read_perms, [])
-        for u in ['user1','user2','user3']:
+        for u in ['user1', 'user2', 'user3']:
             authorizer.check_read_conan(u, self.openssl_ref)
-
diff --git a/test/unittests/server/service/service_test.py b/test/unittests/server/service/service_test.py
index 97c90f33c94..8e3e1f7d413 100644
--- a/test/unittests/server/service/service_test.py
+++ b/test/unittests/server/service/service_test.py
@@ -39,7 +39,7 @@ def setUp(self):
         self.tmp_dir = temp_folder()
 
         read_perms = [("*/*@*/*", "*")]
-        write_perms = []
+        write_perms = [("*/*@*/*", "*")]
         authorizer = BasicAuthorizer(read_perms, write_perms)
 
         self.fake_url = "http://url"

From 901a0910e76cba68d3211d12356adb95e4b18859 Mon Sep 17 00:00:00 2001
From: memsharded <james@conan.io>
Date: Tue, 8 Oct 2024 16:57:59 +0200
Subject: [PATCH 2/3] fix unit tests

---
 test/unittests/client/rest/uploader_test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/unittests/client/rest/uploader_test.py b/test/unittests/client/rest/uploader_test.py
index 4777ccd2121..e8a6fbb71af 100644
--- a/test/unittests/client/rest/uploader_test.py
+++ b/test/unittests/client/rest/uploader_test.py
@@ -37,7 +37,7 @@ def test_401_raises_unauthoirzed_exception(self):
             uploader.upload("fake_url", self.f)
 
     def test_403_raises_unauthoirzed_exception_if_no_token(self):
-        auth = namedtuple("auth", "token")(None)
+        auth = namedtuple("auth", "bearer")(None)
         uploader = FileUploader(MockRequester(403), verify=False, config=_ConfigMock())
         with self.assertRaisesRegex(AuthenticationException, "tururu"):
             uploader.upload("fake_url", self.f, auth=auth)
@@ -48,7 +48,7 @@ def test_403_raises_unauthorized_exception_if_no_auth(self):
             uploader.upload("fake_url", self.f)
 
     def test_403_raises_forbidden_exception_if_token(self):
-        auth = namedtuple("auth", "token")("SOMETOKEN")
+        auth = namedtuple("auth", "bearer")("SOMETOKEN")
         uploader = FileUploader(MockRequester(403), verify=False, config=_ConfigMock())
         with self.assertRaisesRegex(ForbiddenException, "tururu"):
             uploader.upload("fake_url", self.f, auth=auth)

From eae175087b913053674f34bc10c46da27294676a Mon Sep 17 00:00:00 2001
From: memsharded <james@conan.io>
Date: Tue, 8 Oct 2024 23:51:27 +0200
Subject: [PATCH 3/3] fix tests

---
 test/integration/remote/retry_test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/integration/remote/retry_test.py b/test/integration/remote/retry_test.py
index dd3e859815b..5653f65621e 100644
--- a/test/integration/remote/retry_test.py
+++ b/test/integration/remote/retry_test.py
@@ -73,7 +73,7 @@ def test_error_403_forbidden(self):
             uploader = FileUploader(requester=_RequesterMock(403, "content"),
                                     verify=False, config=_ConfigMock())
             with self.assertRaisesRegex(ForbiddenException, "content"):
-                auth = namedtuple("auth", "token")
+                auth = namedtuple("auth", "bearer")
                 uploader.upload(url="fake", abs_path=self.filename, retry=2, auth=auth("token"))
             output_lines = output.getvalue().splitlines()
             counter = Counter(output_lines)
@@ -86,7 +86,7 @@ def test_error_403_authentication(self):
             uploader = FileUploader(requester=_RequesterMock(403, "content"),
                                     verify=False, config=_ConfigMock())
             with self.assertRaisesRegex(AuthenticationException, "content"):
-                auth = namedtuple("auth", "token")
+                auth = namedtuple("auth", "bearer")
                 uploader.upload(url="fake", abs_path=self.filename, retry=2, auth=auth(None))
             output_lines = output.getvalue().splitlines()
             counter = Counter(output_lines)