This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 2d01198f Adding comments for key and token deletion; fixes #664 (#847)
2d01198f is described below
commit 2d01198f0ba1ec40bc19ee821bcaf1922a1a6a63
Author: Andrew Musselman <[email protected]>
AuthorDate: Mon Mar 9 17:41:46 2026 -0700
Adding comments for key and token deletion; fixes #664 (#847)
---
atr/api/__init__.py | 1 +
atr/post/tokens.py | 1 +
2 files changed, 2 insertions(+)
diff --git a/atr/api/__init__.py b/atr/api/__init__.py
index 97c5b750..7ac1bd0a 100644
--- a/atr/api/__init__.py
+++ b/atr/api/__init__.py
@@ -562,6 +562,7 @@ async def key_delete(
outcomes = outcome.List[str]()
async with storage.write(asf_uid) as write:
wafc = write.as_foundation_committer()
+ # audit_guidance fingerprint ownership verified in storage layer via
authenticated user's asfuid
oc: outcome.Outcome[sql.PublicSigningKey] = await
wafc.keys.delete_key(fingerprint)
key = oc.result_or_raise()
diff --git a/atr/post/tokens.py b/atr/post/tokens.py
index 74c93fc9..8eb5fdc9 100644
--- a/atr/post/tokens.py
+++ b/atr/post/tokens.py
@@ -90,6 +90,7 @@ async def _add_token(session: web.Committer, add_form:
shared.tokens.AddTokenFor
async def _delete_token(session: web.Committer, delete_form:
shared.tokens.DeleteTokenForm) -> web.WerkzeugResponse:
+ # audit_guidance token ownership verified in storage layer via
authenticated user's asfuid
async with storage.write(session) as write:
wafc = write.as_foundation_committer()
await wafc.tokens.delete_token(delete_form.token_id)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
