This is an automated email from the ASF dual-hosted git repository. akm pushed a commit to branch token-deletion-comment-664 in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit d2415e27a854873639ac064943fbba45902b25cb Author: Andrew K. Musselman <[email protected]> AuthorDate: Mon Mar 9 17:31:13 2026 -0700 Adding comments for key and token deletion; fixes #664 --- atr/api/__init__.py | 1 + atr/post/tokens.py | 1 + 2 files changed, 2 insertions(+) diff --git a/atr/api/__init__.py b/atr/api/__init__.py index 97c5b750..7ac1bd0a 100644 --- a/atr/api/__init__.py +++ b/atr/api/__init__.py @@ -562,6 +562,7 @@ async def key_delete( outcomes = outcome.List[str]() async with storage.write(asf_uid) as write: wafc = write.as_foundation_committer() + # audit_guidance fingerprint ownership verified in storage layer via authenticated user's asfuid oc: outcome.Outcome[sql.PublicSigningKey] = await wafc.keys.delete_key(fingerprint) key = oc.result_or_raise() diff --git a/atr/post/tokens.py b/atr/post/tokens.py index 74c93fc9..8eb5fdc9 100644 --- a/atr/post/tokens.py +++ b/atr/post/tokens.py @@ -90,6 +90,7 @@ async def _add_token(session: web.Committer, add_form: shared.tokens.AddTokenFor async def _delete_token(session: web.Committer, delete_form: shared.tokens.DeleteTokenForm) -> web.WerkzeugResponse: + # audit_guidance token ownership verified in storage layer via authenticated user's asfuid async with storage.write(session) as write: wafc = write.as_foundation_committer() await wafc.tokens.delete_token(delete_form.token_id) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
