From 34f5e964e66c030af8de6e1b52636d8c5d4c5add Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 29 Aug 2019 14:03:26 -0400
Subject: [PATCH 01/96] Psuedo code added for issue #6255.

---
 warehouse/macaroons/caveats.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index fa024f78319b..fa150a2d54a7 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -16,6 +16,8 @@
 
 from warehouse.packaging.models import Project
 
+from datetime import datetime
+
 
 class InvalidMacaroon(Exception):
     ...
@@ -67,6 +69,16 @@ def verify(self, predicate):
         projects = permissions.get("projects")
         if projects is None:
             raise InvalidMacaroon("invalid projects in predicate")
+        
+        '''
+        time = macaroon time created
+        if time > curr time - user selected amount of time:
+            raise InvalidMacaroon("time has expired.")
+        
+        project_version = macaroon project version
+        if project_version == a project version that already exists:
+            raise InvalidMacaroon("project already exists")
+        '''
 
         return self.verify_projects(projects)
 

From 545dea0dbfd468ccb6f7a1190165622c18a7a2d7 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 30 Aug 2019 13:44:01 -0400
Subject: [PATCH 02/96] Added caveats for project version and macaroon
 expiration time.

---
 warehouse/macaroons/caveats.py | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index fa150a2d54a7..4046a375c098 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -18,6 +18,8 @@
 
 from datetime import datetime
 
+from datetime import timedelta
+
 
 class InvalidMacaroon(Exception):
     ...
@@ -33,7 +35,6 @@ def verify(self, predicate):
     def __call__(self, predicate):
         return self.verify(predicate)
 
-
 class V1Caveat(Caveat):
     def verify_projects(self, projects):
         # First, ensure that we're actually operating in
@@ -44,10 +45,14 @@ def verify_projects(self, projects):
             )
 
         project = self.verifier.context
-        if project.normalized_name in projects:
-            return True
-
-        raise InvalidMacaroon("project-scoped token matches no projects")
+        if project.normalized_name not in projects:
+            raise InvalidMacaroon("project-scoped token matches no projects")
+        
+        #project version -- need to test
+        if project.version in projects:
+            raise InvalidMacaroon("project version already exists")
+        
+        return True
 
     def verify(self, predicate):
         try:
@@ -69,16 +74,6 @@ def verify(self, predicate):
         projects = permissions.get("projects")
         if projects is None:
             raise InvalidMacaroon("invalid projects in predicate")
-        
-        '''
-        time = macaroon time created
-        if time > curr time - user selected amount of time:
-            raise InvalidMacaroon("time has expired.")
-        
-        project_version = macaroon project version
-        if project_version == a project version that already exists:
-            raise InvalidMacaroon("project already exists")
-        '''
 
         return self.verify_projects(projects)
 
@@ -98,3 +93,7 @@ def verify(self, key):
             return self.verifier.verify(self.macaroon, key)
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
             raise InvalidMacaroon("invalid macaroon signature")
+        
+        time = self.macaroon.created
+        if time + timedelta(minutes = 30) < datetime.now():
+            raise InvalidMacaroon("time has expired")

From cd4e8a258706a4db195e57f6b73cea2a6ed089b6 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 5 Sep 2019 14:45:09 -0400
Subject: [PATCH 03/96] Added tests for expiration time.

---
 tests/unit/macaroons/test_caveats.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 50eedbb4c8c0..108e679c8980 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -19,7 +19,7 @@
 
 from warehouse.macaroons.caveats import Caveat, InvalidMacaroon, V1Caveat, Verifier
 
-from ...common.db.packaging import ProjectFactory
+from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
 
 class TestCaveat:
@@ -93,7 +93,18 @@ def test_verify_project(self, db_request):
 
         predicate = {"version": 1, "permissions": {"projects": ["foobar"]}}
         assert caveat(json.dumps(predicate)) is True
+    
+    #added
+    def test_verify_project_version(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        release = ReleaseFactory.create(project=project, version="1.0")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
 
+        predicate = {"version": "1.0", "permissions": {"projects": ["foobar"]}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+            
 
 class TestVerifier:
     def test_creation(self):

From 03ea2ce8b5a9a11375ed2456b12176b641d35f42 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 5 Sep 2019 14:45:54 -0400
Subject: [PATCH 04/96] Updated caveats for expiration time and release.

---
 warehouse/macaroons/caveats.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 4046a375c098..08d8b3761dca 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -14,7 +14,7 @@
 
 import pymacaroons
 
-from warehouse.packaging.models import Project
+from warehouse.packaging.models import Project, Release
 
 from datetime import datetime
 
@@ -47,9 +47,9 @@ def verify_projects(self, projects):
         project = self.verifier.context
         if project.normalized_name not in projects:
             raise InvalidMacaroon("project-scoped token matches no projects")
-        
-        #project version -- need to test
-        if project.version in projects:
+
+        #added
+        if project.latest_version in project.all_versions:
             raise InvalidMacaroon("project version already exists")
         
         return True
@@ -94,6 +94,7 @@ def verify(self, key):
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
             raise InvalidMacaroon("invalid macaroon signature")
         
-        time = self.macaroon.created
-        if time + timedelta(minutes = 30) < datetime.now():
+        #added
+        expiration = self.macaroon.expiration
+        if expiration > datetime.now():
             raise InvalidMacaroon("time has expired")

From 1447ed7868179de133761f0644f7272c2d5d6152 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 5 Sep 2019 14:49:13 -0400
Subject: [PATCH 05/96] Added macaroon fields for expiration time and release.

---
 warehouse/manage/forms.py | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 64dcf92ee79e..9d78703c28a8 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -26,6 +26,9 @@
     WebAuthnCredentialMixin,
 )
 
+from datetime import datetime
+from datetime import timedelta
+
 
 class RoleNameMixin:
 
@@ -185,14 +188,16 @@ def validate_label(self, field):
             raise wtforms.validators.ValidationError(f"Label '{label}' already in use")
 
 
+#modified
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope"]
+    __params__ = ["description", "token_scope", "release", "expiration",]
 
-    def __init__(self, *args, user_id, macaroon_service, project_names, **kwargs):
+    def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
         self.user_id = user_id
         self.macaroon_service = macaroon_service
         self.project_names = project_names
+        self.all_projects = all_projects
 
     description = wtforms.StringField(
         validators=[
@@ -207,6 +212,18 @@ def __init__(self, *args, user_id, macaroon_service, project_names, **kwargs):
         validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
     )
 
+    release = wtforms.StringField(
+        validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
+    )
+
+    #expiration = days + ':' + hours + ':' + minutes
+    #cannot be less than 1 min cannot be longer than 1 year
+    expiration = wtforms.DateTimeField(
+        validators=[
+            wtforms.validators.DataRequired(message="Specify an expiration time"),
+        ]
+    )
+
     def validate_description(self, field):
         description = field.data
 
@@ -245,6 +262,18 @@ def validate_token_scope(self, field):
 
         self.validated_scope = {"projects": [scope_value]}
 
+    def validate_release(self, field):
+        release = field.data
+        #valid release
+        #release exists
+
+    def validate_expiration(self, field):
+        expiration = field.data
+        expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
+
+        if expiration > datetime.now() + timedelta(days=365):
+            raise wtforms.ValidationError("Expiration cannot be greater than one year")
+
 
 class DeleteMacaroonForm(forms.Form):
     __params__ = ["macaroon_id"]

From 0d2733d3925cf2bc72c4f7bb00c158eea148b4c9 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 5 Sep 2019 14:58:52 -0400
Subject: [PATCH 06/96] Added expiration field to macaroon.

---
 warehouse/manage/views.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 720c76a5dd36..1c89d1e95558 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -621,6 +621,11 @@ def __init__(self, request):
     def project_names(self):
         return sorted(project.normalized_name for project in self.request.user.projects)
 
+    # @property
+    # def project_releases(self, project):
+    #     releases = (p for p in self.request.user.projects if p.normalized_name == project)
+    #     return sorted(version for version in releases.all_versions)
+
     @property
     def default_response(self):
         return {
@@ -629,6 +634,7 @@ def default_response(self):
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
                 project_names=self.project_names,
+                all_projects=self.request.user.projects
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
                 macaroon_service=self.macaroon_service
@@ -652,6 +658,7 @@ def create_macaroon(self):
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
             project_names=self.project_names,
+            all_projects=self.request.user.projects
         )
 
         response = {**self.default_response}
@@ -661,6 +668,7 @@ def create_macaroon(self):
                 location=self.request.domain,
                 user_id=self.request.user.id,
                 description=form.description.data,
+                expiration=form.expiration.data,
                 caveats=macaroon_caveats,
             )
             self.user_service.record_event(

From a89a25e3bd17bd8d8c77e4330a620e7834c7ff4d Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 5 Sep 2019 14:59:44 -0400
Subject: [PATCH 07/96] Added form fields for expiration and release.

---
 warehouse/templates/manage/token.html | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 1a3c98f997e8..65c97769013c 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -114,6 +114,44 @@ <h2>Add another token</h2>
         <h3 class="callout-block__heading">Proceed with caution!</h3>
         <p>An API token scoped to your entire account will have upload permissions for all of your projects.</p>
       </div>
+
+      {% if option.selected = project_value %}
+      <div class="form-group">
+        <label for="token_scope" class="form-group__label">
+          Release
+          {% if create_macaroon_form.release.flags.required %}
+          <span class="form-group__required">(required)</span>
+          {% endif %}
+        </label>
+        <select name="release" id="release" class="form-group__input" aria-describedby="scope-errors">
+          <option disabled {{ "" if create_macaroon_form.token_scope.data else "selected" }} value="scope:unspecified">Select release...</option>
+          {% for project in all_projects %}
+            {% if project.normalized_name == selected_proj %}
+              {% for r in project.all_versions %}
+                <option value="{{ r }}" {{ "selected" if r == create_macaroon_form.release.data else "" }}>{{ r }}</option>
+              {% endfor %}
+            {% endif %}
+          {% endfor %}
+        </select>
+        <div id="scope-errors">
+          {{ field_errors(create_macaroon_form.release) }}
+        </div>
+      </div>
+      {% endif %}
+
+      <div class="form-group">
+        <label for="expiration" class="form-group__label">
+          Expiration
+          {% if create_macaroon_form.expiration.flags.required %}
+          <span class="form-group__required">(required)</span>
+          {% endif %}
+        </label>
+        <input type="datetime-local" name="expiration" id="expiration" class="form-group__input" aria-describedby="token-name-errors expiration-help-text" value="{{ create_macaroon_form.expiration.data or ""}}">
+        <div id="token-name-errors">
+          {{ field_errors(create_macaroon_form.expiration) }}
+        </div>
+      </div>
+
       <div>
         <input value="Add token" class="button button--primary" type="submit">
       </div>

From 8826d3943c30b8312ce52110b1e0edd08a225b7a Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 6 Sep 2019 16:09:10 -0400
Subject: [PATCH 08/96] Moved release caveat.

---
 warehouse/macaroons/caveats.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 08d8b3761dca..e0bbb04193cc 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -47,10 +47,6 @@ def verify_projects(self, projects):
         project = self.verifier.context
         if project.normalized_name not in projects:
             raise InvalidMacaroon("project-scoped token matches no projects")
-
-        #added
-        if project.latest_version in project.all_versions:
-            raise InvalidMacaroon("project version already exists")
         
         return True
 
@@ -98,3 +94,7 @@ def verify(self, key):
         expiration = self.macaroon.expiration
         if expiration > datetime.now():
             raise InvalidMacaroon("time has expired")
+
+        release = self.macaroon.release
+        if release in self.macaroon.project.all_versions:
+            raise InvalidMacaroon("invalid release")

From d3cb1955c7aa3b35dcbd2650ecc64e0512e9bbfb Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 6 Sep 2019 16:09:47 -0400
Subject: [PATCH 09/96] Added potential new Macaroon fields.

---
 warehouse/macaroons/models.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/warehouse/macaroons/models.py b/warehouse/macaroons/models.py
index 33373b7aa9e0..1c8490c6d63a 100644
--- a/warehouse/macaroons/models.py
+++ b/warehouse/macaroons/models.py
@@ -47,6 +47,9 @@ class Macaroon(db.Model):
     # Store some information about the Macaroon to give users some mechanism
     # to differentiate between them.
     description = Column(String(100), nullable=False)
+    # scope = Column(String(100), nullable=False)
+    # release = Column(String(100), nullable=False)
+    # expiration = Column(DateTime, nullable=False)
     created = Column(DateTime, nullable=False, server_default=sql.func.now())
     last_used = Column(DateTime, nullable=True)
 

From 71f7c1b0aa24c06ff8f853f028efafd16cdfadc7 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 6 Sep 2019 16:11:28 -0400
Subject: [PATCH 10/96] Added scope, release, and expiration fields to Macaroon
 object.

---
 warehouse/macaroons/services.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index 0fff949ade55..b97b8fd3b6c2 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -115,7 +115,7 @@ def verify(self, raw_macaroon, context, principals, permission):
 
         raise InvalidMacaroon("invalid macaroon")
 
-    def create_macaroon(self, location, user_id, description, caveats):
+    def create_macaroon(self, location, user_id, description, scope, release, expiration, caveats):
         """
         Returns a tuple of a new raw (serialized) macaroon and its DB model.
         The description provided is not embedded into the macaroon, only stored
@@ -123,7 +123,8 @@ def create_macaroon(self, location, user_id, description, caveats):
         """
         user = self.db.query(User).filter(User.id == user_id).one()
 
-        dm = Macaroon(user=user, description=description, caveats=caveats)
+        dm = Macaroon(user=user, description=description, scope=scope, release=release, 
+            expiration=expiration, caveats=caveats)
         self.db.add(dm)
         self.db.flush()
 
@@ -167,4 +168,4 @@ def get_macaroon_by_description(self, user_id, description):
 
 
 def database_macaroon_factory(context, request):
-    return DatabaseMacaroonService(request.db)
+    return DatabaseMacaroonService(request.db)
\ No newline at end of file

From 2e62cfca55a0b417c14198a87e3620bbe318e8e0 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 6 Sep 2019 16:12:05 -0400
Subject: [PATCH 11/96] Added scope, release, and expiration fields to
 create_macaroon.

---
 warehouse/manage/views.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 1c89d1e95558..36732d738a69 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -621,20 +621,23 @@ def __init__(self, request):
     def project_names(self):
         return sorted(project.normalized_name for project in self.request.user.projects)
 
-    # @property
-    # def project_releases(self, project):
-    #     releases = (p for p in self.request.user.projects if p.normalized_name == project)
-    #     return sorted(version for version in releases.all_versions)
+    @property
+    def project_releases(self):
+        releases = {}
+        for project in self.request.user.projects:
+            releases.update({project.normalized_name : project.all_versions})
+        return releases
 
     @property
     def default_response(self):
         return {
             "project_names": self.project_names,
+            "releases": self.project_releases,
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
                 project_names=self.project_names,
-                all_projects=self.request.user.projects
+                releases=self.project_releases
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
                 macaroon_service=self.macaroon_service
@@ -658,7 +661,7 @@ def create_macaroon(self):
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
             project_names=self.project_names,
-            all_projects=self.request.user.projects
+            releases=self.project_releases,
         )
 
         response = {**self.default_response}
@@ -668,6 +671,8 @@ def create_macaroon(self):
                 location=self.request.domain,
                 user_id=self.request.user.id,
                 description=form.description.data,
+                scope=form.token_scope,
+                release=form.release,
                 expiration=form.expiration.data,
                 caveats=macaroon_caveats,
             )

From 29dcb8cd190693c83d8c4ca6c27713bce367a9f3 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 6 Sep 2019 16:12:54 -0400
Subject: [PATCH 12/96] Changed release to be a text input.

---
 warehouse/templates/manage/token.html | 28 +++++++++++++--------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 65c97769013c..4ebdd1e28a27 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -91,6 +91,7 @@ <h2>Add another token</h2>
         <span class="form-group__label">Permissions</span>
         <p class="form-group__text">Upload packages</p>
       </div>
+
       <div class="form-group">
         <label for="token_scope" class="form-group__label">
           Scope
@@ -103,7 +104,15 @@ <h2>Add another token</h2>
           <option value="scope:user">Entire account (all projects)</option>
         {% for project in project_names %}
           {% set project_value = 'scope:project:' + project %}
-          <option value="{{ project_value }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}>Project: {{ project }}</option>
+          <option value="{{ project_value }}" label="Project: {{ project }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}></option>
+          <!-- <optgroup>
+            <option disabled {{ "" if create_macaroon_form.release.data else "selected" }} value="scope:unspecified">Select release...</option>
+            {% for release in releases[project] %}
+               {% for r in release %}
+                  <option value="{{ r }}" {{ "selected" if r == create_macaroon_form.release.data else "" }}>{{ r }}</option>
+               {% endfor %}
+             {% endfor %}
+          </optgroup> -->
         {% endfor %}
         </select>
         <div id="scope-errors">
@@ -115,29 +124,18 @@ <h3 class="callout-block__heading">Proceed with caution!</h3>
         <p>An API token scoped to your entire account will have upload permissions for all of your projects.</p>
       </div>
 
-      {% if option.selected = project_value %}
       <div class="form-group">
-        <label for="token_scope" class="form-group__label">
+        <label for="release" class="form-group__label">
           Release
           {% if create_macaroon_form.release.flags.required %}
           <span class="form-group__required">(required)</span>
           {% endif %}
         </label>
-        <select name="release" id="release" class="form-group__input" aria-describedby="scope-errors">
-          <option disabled {{ "" if create_macaroon_form.token_scope.data else "selected" }} value="scope:unspecified">Select release...</option>
-          {% for project in all_projects %}
-            {% if project.normalized_name == selected_proj %}
-              {% for r in project.all_versions %}
-                <option value="{{ r }}" {{ "selected" if r == create_macaroon_form.release.data else "" }}>{{ r }}</option>
-              {% endfor %}
-            {% endif %}
-          {% endfor %}
-        </select>
-        <div id="scope-errors">
+        <input type="text" name="release" id="release" class="form-group__input" aria-describedby="token-name-errors description-help-text" value="{{ create_macaroon_form.release.data or ""}}">
+        <div id="token-name-errors">
           {{ field_errors(create_macaroon_form.release) }}
         </div>
       </div>
-      {% endif %}
 
       <div class="form-group">
         <label for="expiration" class="form-group__label">

From 0de8289bc942b2fd05c654b21c0c8b20c606195a Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 6 Sep 2019 16:13:11 -0400
Subject: [PATCH 13/96] Updated validate_release.

---
 warehouse/manage/forms.py | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 9d78703c28a8..66051ab79bcc 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -192,12 +192,11 @@ def validate_label(self, field):
 class CreateMacaroonForm(forms.Form):
     __params__ = ["description", "token_scope", "release", "expiration",]
 
-    def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
+    def __init__(self, *args, user_id, macaroon_service, project_names, releases, **kwargs):
         super().__init__(*args, **kwargs)
         self.user_id = user_id
         self.macaroon_service = macaroon_service
         self.project_names = project_names
-        self.all_projects = all_projects
 
     description = wtforms.StringField(
         validators=[
@@ -213,11 +212,9 @@ def __init__(self, *args, user_id, macaroon_service, project_names, all_projects
     )
 
     release = wtforms.StringField(
-        validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
+        validators=[wtforms.validators.DataRequired(message="Specify the release")]
     )
 
-    #expiration = days + ':' + hours + ':' + minutes
-    #cannot be less than 1 min cannot be longer than 1 year
     expiration = wtforms.DateTimeField(
         validators=[
             wtforms.validators.DataRequired(message="Specify an expiration time"),
@@ -262,10 +259,9 @@ def validate_token_scope(self, field):
 
         self.validated_scope = {"projects": [scope_value]}
 
-    def validate_release(self, field):
+    def validate_release(self,field):
         release = field.data
-        #valid release
-        #release exists
+        #how would you validate a release? 1 1.0 1.0.0 format?
 
     def validate_expiration(self, field):
         expiration = field.data

From e96b1b069e296cf23e56bd908944d2241e5c0028 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 9 Sep 2019 11:23:03 -0400
Subject: [PATCH 14/96] Added verification for release.

---
 warehouse/manage/forms.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 66051ab79bcc..42bfec0b2cc6 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -261,7 +261,12 @@ def validate_token_scope(self, field):
 
     def validate_release(self,field):
         release = field.data
-        #how would you validate a release? 1 1.0 1.0.0 format?
+        try:
+            releases = release.split(".")
+            for val in releases:
+                int(val)
+        except ValueError:
+            raise wtforms.ValidationError("Invalid release")
 
     def validate_expiration(self, field):
         expiration = field.data
@@ -269,6 +274,8 @@ def validate_expiration(self, field):
 
         if expiration > datetime.now() + timedelta(days=365):
             raise wtforms.ValidationError("Expiration cannot be greater than one year")
+        if expiration < datetime.now():
+            raise wtforms.ValidationError("Expiration must be after the current time")
 
 
 class DeleteMacaroonForm(forms.Form):

From 5cbadb0d05c5f48a8e303b88860a42ac74520506 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 9 Sep 2019 14:45:48 -0400
Subject: [PATCH 15/96] Updated timezone info to GMT for POC.

---
 warehouse/macaroons/caveats.py |  6 +++++-
 warehouse/manage/forms.py      | 14 +++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index e0bbb04193cc..395a9f43822b 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -20,6 +20,7 @@
 
 from datetime import timedelta
 
+import pytz
 
 class InvalidMacaroon(Exception):
     ...
@@ -92,7 +93,10 @@ def verify(self, key):
         
         #added
         expiration = self.macaroon.expiration
-        if expiration > datetime.now():
+        d = datetime.now()
+        tz = pytz.timezone('GMT') #GMT for POC
+        tz_aware = tz.localize(d)
+        if expiration > tz_aware:
             raise InvalidMacaroon("time has expired")
 
         release = self.macaroon.release
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 42bfec0b2cc6..ced12f6636d0 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -28,6 +28,7 @@
 
 from datetime import datetime
 from datetime import timedelta
+import pytz
 
 
 class RoleNameMixin:
@@ -257,7 +258,7 @@ def validate_token_scope(self, field):
                 f"Unknown or invalid project name: {scope_value}"
             )
 
-        self.validated_scope = {"projects": [scope_value]}
+        self.validated_scope.update({"projects": [scope_value]})
 
     def validate_release(self,field):
         release = field.data
@@ -267,15 +268,22 @@ def validate_release(self,field):
                 int(val)
         except ValueError:
             raise wtforms.ValidationError("Invalid release")
+        
+        self.validated_scope.update({"release": release})
 
     def validate_expiration(self, field):
         expiration = field.data
         expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
+        d = datetime.now()
+        tz = pytz.timezone('GMT') #GMT for POC
+        tz_aware = tz.localize(d)
 
-        if expiration > datetime.now() + timedelta(days=365):
+        if expiration > tz_aware + timedelta(days=365):
             raise wtforms.ValidationError("Expiration cannot be greater than one year")
-        if expiration < datetime.now():
+        if expiration < tz_aware:
             raise wtforms.ValidationError("Expiration must be after the current time")
+        
+        self.validated_scope.update({"expiration": expiration})
 
 
 class DeleteMacaroonForm(forms.Form):

From 1913b2895c9d46f5a8e4bc2bfed1ccfca7d46850 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 9 Sep 2019 14:46:03 -0400
Subject: [PATCH 16/96] Removed macaroon db fields for scope, release, and
 expiration. Added these in as caveat permissions instead.

---
 warehouse/macaroons/models.py   | 3 ---
 warehouse/macaroons/services.py | 5 ++---
 warehouse/manage/views.py       | 3 ---
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/warehouse/macaroons/models.py b/warehouse/macaroons/models.py
index 1c8490c6d63a..33373b7aa9e0 100644
--- a/warehouse/macaroons/models.py
+++ b/warehouse/macaroons/models.py
@@ -47,9 +47,6 @@ class Macaroon(db.Model):
     # Store some information about the Macaroon to give users some mechanism
     # to differentiate between them.
     description = Column(String(100), nullable=False)
-    # scope = Column(String(100), nullable=False)
-    # release = Column(String(100), nullable=False)
-    # expiration = Column(DateTime, nullable=False)
     created = Column(DateTime, nullable=False, server_default=sql.func.now())
     last_used = Column(DateTime, nullable=True)
 
diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index b97b8fd3b6c2..f95c831695f4 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -115,7 +115,7 @@ def verify(self, raw_macaroon, context, principals, permission):
 
         raise InvalidMacaroon("invalid macaroon")
 
-    def create_macaroon(self, location, user_id, description, scope, release, expiration, caveats):
+    def create_macaroon(self, location, user_id, description, caveats):
         """
         Returns a tuple of a new raw (serialized) macaroon and its DB model.
         The description provided is not embedded into the macaroon, only stored
@@ -123,8 +123,7 @@ def create_macaroon(self, location, user_id, description, scope, release, expira
         """
         user = self.db.query(User).filter(User.id == user_id).one()
 
-        dm = Macaroon(user=user, description=description, scope=scope, release=release, 
-            expiration=expiration, caveats=caveats)
+        dm = Macaroon(user=user, description=description, caveats=caveats)
         self.db.add(dm)
         self.db.flush()
 
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 36732d738a69..006170d9320a 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -671,9 +671,6 @@ def create_macaroon(self):
                 location=self.request.domain,
                 user_id=self.request.user.id,
                 description=form.description.data,
-                scope=form.token_scope,
-                release=form.release,
-                expiration=form.expiration.data,
                 caveats=macaroon_caveats,
             )
             self.user_service.record_event(

From b5bb8cebdb4621b6da7eda99e8f0d3ec2b733d52 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 10 Sep 2019 14:50:17 -0400
Subject: [PATCH 17/96] Updated functionality for release caveat.

---
 warehouse/macaroons/caveats.py | 54 +++++++++++++++++++++++++---------
 1 file changed, 40 insertions(+), 14 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 395a9f43822b..961d5be1f872 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -50,6 +50,30 @@ def verify_projects(self, projects):
             raise InvalidMacaroon("project-scoped token matches no projects")
         
         return True
+    
+    def verify_releases(self, release):
+        project = self.verifier.context
+
+        for version in project.all_versions:
+            if release == version[0]:
+                raise InvalidMacaroon("release already exists")
+
+        return True
+    
+    def verify_expiration(self, expiration):
+        try:
+            expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
+        except ValueError:
+            raise InvalidMacaroon("invalid expiration")
+
+        d = datetime.now()
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration_aware = tz.localize(expiration)
+        if expiration_aware > tz_aware:
+            raise InvalidMacaroon("time has expired")
+
+        return True
 
     def verify(self, predicate):
         try:
@@ -71,8 +95,22 @@ def verify(self, predicate):
         projects = permissions.get("projects")
         if projects is None:
             raise InvalidMacaroon("invalid projects in predicate")
+        else:
+            self.verify_projects(projects)
+
+        release = permissions.get("release")
+        if release is None and projects is not None:
+            raise InvalidMacaroon("invalid release in predicate")
+        else:
+            self.verify_releases(release)
 
-        return self.verify_projects(projects)
+        expiration = permissions.get("expiration")
+        if expiration is None:
+            raise InvalidMacaroon("invalid expiration in predicate")
+        else:
+            self.verify_expiration(expiration)
+
+        return True
 
 
 class Verifier:
@@ -89,16 +127,4 @@ def verify(self, key):
         try:
             return self.verifier.verify(self.macaroon, key)
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
-            raise InvalidMacaroon("invalid macaroon signature")
-        
-        #added
-        expiration = self.macaroon.expiration
-        d = datetime.now()
-        tz = pytz.timezone('GMT') #GMT for POC
-        tz_aware = tz.localize(d)
-        if expiration > tz_aware:
-            raise InvalidMacaroon("time has expired")
-
-        release = self.macaroon.release
-        if release in self.macaroon.project.all_versions:
-            raise InvalidMacaroon("invalid release")
+            raise InvalidMacaroon("invalid macaroon signature")
\ No newline at end of file

From 63cfeeec579a534575e5b629ffe89eaef057ebba Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 10 Sep 2019 14:50:57 -0400
Subject: [PATCH 18/96] Added validation for releases.

---
 warehouse/manage/forms.py | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index ced12f6636d0..d21d72b93db9 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -193,11 +193,13 @@ def validate_label(self, field):
 class CreateMacaroonForm(forms.Form):
     __params__ = ["description", "token_scope", "release", "expiration",]
 
-    def __init__(self, *args, user_id, macaroon_service, project_names, releases, **kwargs):
+    def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
         self.user_id = user_id
         self.macaroon_service = macaroon_service
         self.project_names = project_names
+        self.all_projects = all_projects
+        self.validated_scope = {}
 
     description = wtforms.StringField(
         validators=[
@@ -258,8 +260,6 @@ def validate_token_scope(self, field):
                 f"Unknown or invalid project name: {scope_value}"
             )
 
-        self.validated_scope.update({"projects": [scope_value]})
-
     def validate_release(self,field):
         release = field.data
         try:
@@ -267,23 +267,35 @@ def validate_release(self,field):
             for val in releases:
                 int(val)
         except ValueError:
-            raise wtforms.ValidationError("Invalid release")
-        
-        self.validated_scope.update({"release": release})
+            raise wtforms.validators.ValidationError("Invalid release")
 
+        for project in self.all_projects:
+            if project.normalized_name == self.validate_token_scope(self.token_scope):
+                for version in project.all_versions:
+                    if version[0] == release:
+                        raise wtforms.validators.ValidationError("Invalid release")
+        
     def validate_expiration(self, field):
         expiration = field.data
         expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
         d = datetime.now()
-        tz = pytz.timezone('GMT') #GMT for POC
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
+        expiration_aware = tz.localize(expiration)
+
+        if expiration_aware > tz_aware + timedelta(days=365):
+            raise wtforms.validators.ValidationError("Expiration cannot be greater than one year")
+        if expiration_aware < tz_aware:
+            raise wtforms.validators.ValidationError("Expiration must be after the current time")
+        
+        expiration = datetime.strftime(expiration, "%Y-%m-%dT%H:%M")
 
-        if expiration > tz_aware + timedelta(days=365):
-            raise wtforms.ValidationError("Expiration cannot be greater than one year")
-        if expiration < tz_aware:
-            raise wtforms.ValidationError("Expiration must be after the current time")
+    def validate(self):
+        res = super().validate()
+        self.validated_scope.update({"expiration": self.expiration.data, 
+            "release": self.release.data, "projects": [self.token_scope.data]})     
+        return res
         
-        self.validated_scope.update({"expiration": expiration})
 
 
 class DeleteMacaroonForm(forms.Form):

From 77e80b0a2f071069d7e85ad28526252cde911c67 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 10 Sep 2019 14:53:19 -0400
Subject: [PATCH 19/96] Added property to macaroon views to get all of a user's
 projects.

---
 warehouse/manage/views.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 006170d9320a..da980fbbe6d5 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -620,6 +620,10 @@ def __init__(self, request):
     @property
     def project_names(self):
         return sorted(project.normalized_name for project in self.request.user.projects)
+    
+    @property
+    def all_projects(self):
+        return [project for project in self.request.user.projects]
 
     @property
     def project_releases(self):
@@ -632,12 +636,11 @@ def project_releases(self):
     def default_response(self):
         return {
             "project_names": self.project_names,
-            "releases": self.project_releases,
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
                 project_names=self.project_names,
-                releases=self.project_releases
+                all_projects=self.all_projects
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
                 macaroon_service=self.macaroon_service
@@ -661,7 +664,7 @@ def create_macaroon(self):
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
             project_names=self.project_names,
-            releases=self.project_releases,
+            all_projects=self.all_projects
         )
 
         response = {**self.default_response}

From ece4724e8811fb2489487c6234c13872099f4954 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 10 Sep 2019 15:09:37 -0400
Subject: [PATCH 20/96] Removed testing lines.

---
 warehouse/templates/manage/token.html | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 4ebdd1e28a27..8df76a393fbf 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -105,14 +105,6 @@ <h2>Add another token</h2>
         {% for project in project_names %}
           {% set project_value = 'scope:project:' + project %}
           <option value="{{ project_value }}" label="Project: {{ project }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}></option>
-          <!-- <optgroup>
-            <option disabled {{ "" if create_macaroon_form.release.data else "selected" }} value="scope:unspecified">Select release...</option>
-            {% for release in releases[project] %}
-               {% for r in release %}
-                  <option value="{{ r }}" {{ "selected" if r == create_macaroon_form.release.data else "" }}>{{ r }}</option>
-               {% endfor %}
-             {% endfor %}
-          </optgroup> -->
         {% endfor %}
         </select>
         <div id="scope-errors">

From c9feca435f51fbdf788e0cba277994b0616188df Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 10 Sep 2019 15:26:45 -0400
Subject: [PATCH 21/96] Removed note.

---
 warehouse/manage/forms.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index d21d72b93db9..9a44811324ee 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -189,7 +189,6 @@ def validate_label(self, field):
             raise wtforms.validators.ValidationError(f"Label '{label}' already in use")
 
 
-#modified
 class CreateMacaroonForm(forms.Form):
     __params__ = ["description", "token_scope", "release", "expiration",]
 

From b63290a60768042a0a7e6b772058fbd53747bd0e Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 11 Sep 2019 17:54:43 -0400
Subject: [PATCH 22/96] Started adding tests for release and expiration
 caveats.

---
 tests/unit/macaroons/test_caveats.py | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 108e679c8980..70663cf9ea67 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -91,20 +91,30 @@ def test_verify_project(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": {"projects": ["foobar"]}}
+        predicate = {"version": 1, "permissions": {"projects": ["foobar"], 
+            "releases": "1.0", "expiration": "2020-01-01T00:00"}}
         assert caveat(json.dumps(predicate)) is True
     
     #added
-    def test_verify_project_version(self, db_request):
+    def test_verify_release(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project, version="1.0")
+        # release = ReleaseFactory.create(project=project, version="1.0")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": "1.0", "permissions": {"projects": ["foobar"]}}
+        predicate = {"version": "1.0", "permissions": {"projects": ["foobar"], "releases": "1.0"}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-            
+    
+    def test_expiration(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+
+        predicate = {"version": "1.0", "permissions": {"projects": ["foobar"], "releases": "1.0", 
+            "expiration": "2019-09-01T06:00"}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))    
 
 class TestVerifier:
     def test_creation(self):

From 8ffb416e0b2bbecb79c9aa2d9a0cdc86feba364f Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 11 Sep 2019 17:55:50 -0400
Subject: [PATCH 23/96] Started adding tests for release and expiration
 additions to the CreateMacaroonForm.

---
 tests/unit/manage/test_forms.py | 53 ++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 5c09dd5362fd..5c7205f20426 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -332,6 +332,7 @@ def test_creation(self):
             user_id=user_id,
             macaroon_service=macaroon_service,
             project_names=project_names,
+            all_projects=pretend.stub()
         )
 
         assert form.user_id is user_id
@@ -344,6 +345,7 @@ def test_validate_description_missing(self):
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(),
             project_names=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -357,6 +359,7 @@ def test_validate_description_in_use(self):
                 get_macaroon_by_description=lambda *a: pretend.stub()
             ),
             project_names=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -368,6 +371,7 @@ def test_validate_token_scope_missing(self):
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -379,6 +383,7 @@ def test_validate_token_scope_unspecified(self):
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -393,6 +398,7 @@ def test_validate_token_scope_invalid_format(self, scope):
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -404,27 +410,72 @@ def test_validate_token_scope_invalid_project(self):
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=["bar"],
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
+    
+    def test_validate_token_scope_invalid_release(self):
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "AA.BB.CC", "expiration": "2020-09-01T06:00"},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            project_names=["foo"],
+            all_projects=pretend.stub()
+        )
+
+        assert not form.validate()
+        assert form.token_scope.errors.pop() == "Invalid release"
+    
+    def test_validate_expiration_missing(self):
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0"},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            project_names=pretend.stub(),
+            all_projects=pretend.stub()
+        )
 
+        assert not form.validate()
+        assert form.token_scope.errors.pop() == "Specify the expiration"
+
+    #will have to add a test for greater than 1 year
+    def test_validate_token_scope_invalid_expiration(self):
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0", "expiration": "2019-09-01T06:00"},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            project_names=["foo"],
+            all_projects=pretend.stub()
+        )
+
+        assert not form.validate()
+        assert form.token_scope.errors.pop() == "Expiration must be after the current time"
+
+    #once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:user"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert form.validate()
 
     def test_validate_token_scope_valid_project(self):
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo"},
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0", "expiration": "2019-09-01T06:00"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=["foo"],
+            all_projects=pretend.stub()
         )
 
         assert form.validate()

From 683448b1f23856361abc0abf08dfaa4776c95663 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 11 Sep 2019 17:58:50 -0400
Subject: [PATCH 24/96] Changed wording on error messages added check to see if
 scope is user.

---
 warehouse/manage/forms.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 9a44811324ee..3de5fe1ee397 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -219,7 +219,7 @@ def __init__(self, *args, user_id, macaroon_service, project_names, all_projects
 
     expiration = wtforms.DateTimeField(
         validators=[
-            wtforms.validators.DataRequired(message="Specify an expiration time"),
+            wtforms.validators.DataRequired(message="Specify the expiration"),
         ]
     )
 
@@ -291,8 +291,9 @@ def validate_expiration(self, field):
 
     def validate(self):
         res = super().validate()
-        self.validated_scope.update({"expiration": self.expiration.data, 
-            "release": self.release.data, "projects": [self.token_scope.data]})     
+        if not isinstance(self.validated_scope, str):
+            self.validated_scope.update({"expiration": self.expiration.data, 
+                "releases": self.release.data, "projects": [self.token_scope.data]})     
         return res
         
 

From b140178dcc79000d1390aff8ebd2df30d1151587 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 11 Sep 2019 17:59:48 -0400
Subject: [PATCH 25/96] Fixed logic error and typo.

---
 warehouse/macaroons/caveats.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 961d5be1f872..53b2a67267f9 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -70,7 +70,7 @@ def verify_expiration(self, expiration):
         tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
-        if expiration_aware > tz_aware:
+        if expiration_aware < tz_aware:
             raise InvalidMacaroon("time has expired")
 
         return True
@@ -98,7 +98,7 @@ def verify(self, predicate):
         else:
             self.verify_projects(projects)
 
-        release = permissions.get("release")
+        release = permissions.get("releases")
         if release is None and projects is not None:
             raise InvalidMacaroon("invalid release in predicate")
         else:

From 7b3bd1e9d974faa08826d67fbaeb30b6238ca791 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 12:45:03 -0400
Subject: [PATCH 26/96] Changed release to releases.

---
 warehouse/templates/manage/token.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 8df76a393fbf..893ef1bf2c6f 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -119,13 +119,13 @@ <h3 class="callout-block__heading">Proceed with caution!</h3>
       <div class="form-group">
         <label for="release" class="form-group__label">
           Release
-          {% if create_macaroon_form.release.flags.required %}
+          {% if create_macaroon_form.releases.flags.required %}
           <span class="form-group__required">(required)</span>
           {% endif %}
         </label>
-        <input type="text" name="release" id="release" class="form-group__input" aria-describedby="token-name-errors description-help-text" value="{{ create_macaroon_form.release.data or ""}}">
+        <input type="text" name="releases" id="releases" class="form-group__input" aria-describedby="token-name-errors description-help-text" value="{{ create_macaroon_form.releases.data or ""}}">
         <div id="token-name-errors">
-          {{ field_errors(create_macaroon_form.release) }}
+          {{ field_errors(create_macaroon_form.releases) }}
         </div>
       </div>
 

From ad8f16cc8d3848a5af40514a2db5f3aa61ffe27f Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 12:46:15 -0400
Subject: [PATCH 27/96] Fixed errors in existing tests.

---
 tests/unit/manage/test_forms.py | 27 +++++++++++++++------------
 tests/unit/manage/test_views.py | 13 +++++++++++++
 2 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 5c7205f20426..45a10bb52633 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -328,16 +328,18 @@ def test_creation(self):
         user_id = pretend.stub()
         macaroon_service = pretend.stub()
         project_names = pretend.stub()
+        all_projects = pretend.stub()
         form = forms.CreateMacaroonForm(
             user_id=user_id,
             macaroon_service=macaroon_service,
             project_names=project_names,
-            all_projects=pretend.stub()
+            all_projects=all_projects
         )
 
         assert form.user_id is user_id
         assert form.macaroon_service is macaroon_service
         assert form.project_names is project_names
+        assert form.all_projects is all_projects
 
     def test_validate_description_missing(self):
         form = forms.CreateMacaroonForm(
@@ -427,7 +429,7 @@ def test_validate_token_scope_invalid_release(self):
         )
 
         assert not form.validate()
-        assert form.token_scope.errors.pop() == "Invalid release"
+        assert form.releases.errors.pop() == "Invalid release"
     
     def test_validate_expiration_missing(self):
         form = forms.CreateMacaroonForm(
@@ -435,12 +437,12 @@ def test_validate_expiration_missing(self):
                 "releases": "1.0"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=pretend.stub(),
-            all_projects=pretend.stub()
+            project_names=["foo"],
+            all_projects=[]
         )
 
         assert not form.validate()
-        assert form.token_scope.errors.pop() == "Specify the expiration"
+        assert form.expiration.errors.pop() == "Specify the expiration"
 
     #will have to add a test for greater than 1 year
     def test_validate_token_scope_invalid_expiration(self):
@@ -450,20 +452,21 @@ def test_validate_token_scope_invalid_expiration(self):
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=["foo"],
-            all_projects=pretend.stub()
+            all_projects=[]
         )
 
         assert not form.validate()
-        assert form.token_scope.errors.pop() == "Expiration must be after the current time"
+        assert form.expiration.errors.pop() == "Expiration must be after the current time"
 
     #once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:user"},
+            data={"description": "dummy", "token_scope": "scope:user",
+            "releases": "1.0", "expiration": "2020-09-01T06:00"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=pretend.stub(),
-            all_projects=pretend.stub()
+            project_names=[],
+            all_projects=[]
         )
 
         assert form.validate()
@@ -471,11 +474,11 @@ def test_validate_token_scope_valid_user(self):
     def test_validate_token_scope_valid_project(self):
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": "2019-09-01T06:00"},
+                "releases": "1.0", "expiration": "2020-09-01T06:00"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             project_names=["foo"],
-            all_projects=pretend.stub()
+            all_projects=[]
         )
 
         assert form.validate()
diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
index abe717be5cd9..505d84d65fde 100644
--- a/tests/unit/manage/test_views.py
+++ b/tests/unit/manage/test_views.py
@@ -1464,9 +1464,13 @@ def test_default_response(self, monkeypatch):
         monkeypatch.setattr(views, "DeleteMacaroonForm", delete_macaroon_cls)
 
         project_names = [pretend.stub()]
+        all_projects = [pretend.stub()]
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "project_names", project_names
         )
+        monkeypatch.setattr(
+            views.ProvisionMacaroonViews, "all_projects", all_projects
+        )
 
         request = pretend.stub(
             user=pretend.stub(id=pretend.stub()),
@@ -1480,6 +1484,7 @@ def test_default_response(self, monkeypatch):
 
         assert view.default_response == {
             "project_names": project_names,
+            "all_projects": all_projects,
             "create_macaroon_form": create_macaroon_obj,
             "delete_macaroon_form": delete_macaroon_obj,
         }
@@ -1569,9 +1574,13 @@ def test_create_macaroon_invalid_form(self, monkeypatch):
         monkeypatch.setattr(views, "CreateMacaroonForm", create_macaroon_cls)
 
         project_names = [pretend.stub()]
+        all_projects = [pretend.stub()]
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "project_names", project_names
         )
+        monkeypatch.setattr(
+            views.ProvisionMacaroonViews, "all_projects", all_projects
+        )
 
         default_response = {"default": "response"}
         monkeypatch.setattr(
@@ -1619,9 +1628,13 @@ def test_create_macaroon(self, monkeypatch):
         monkeypatch.setattr(views, "CreateMacaroonForm", create_macaroon_cls)
 
         project_names = [pretend.stub()]
+        all_projects = [pretend.stub()]
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "project_names", project_names
         )
+        monkeypatch.setattr(
+            views.ProvisionMacaroonViews, "all_projects", all_projects
+        )
 
         default_response = {"default": "response"}
         monkeypatch.setattr(

From 77183f70db757d301573dfcaec9f2749930a31df Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 12:47:34 -0400
Subject: [PATCH 28/96] Added all_projects attribute to default_response.

---
 warehouse/manage/forms.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 3de5fe1ee397..8fe63c246140 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -190,7 +190,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "release", "expiration",]
+    __params__ = ["description", "token_scope", "releases", "expiration",]
 
     def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
@@ -213,7 +213,7 @@ def __init__(self, *args, user_id, macaroon_service, project_names, all_projects
         validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
     )
 
-    release = wtforms.StringField(
+    releases = wtforms.StringField(
         validators=[wtforms.validators.DataRequired(message="Specify the release")]
     )
 
@@ -259,7 +259,7 @@ def validate_token_scope(self, field):
                 f"Unknown or invalid project name: {scope_value}"
             )
 
-    def validate_release(self,field):
+    def validate_releases(self,field):
         release = field.data
         try:
             releases = release.split(".")
@@ -293,11 +293,10 @@ def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
             self.validated_scope.update({"expiration": self.expiration.data, 
-                "releases": self.release.data, "projects": [self.token_scope.data]})     
+                "releases": self.releases.data, "projects": [self.token_scope.data]})     
         return res
         
 
-
 class DeleteMacaroonForm(forms.Form):
     __params__ = ["macaroon_id"]
 

From f9d2fb58f610c28f205bf92e688961a08e589174 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 12:49:10 -0400
Subject: [PATCH 29/96] Revert "Added all_projects attribute to
 default_response."

This reverts commit 77183f70db757d301573dfcaec9f2749930a31df.
---
 warehouse/manage/forms.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 8fe63c246140..3de5fe1ee397 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -190,7 +190,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "releases", "expiration",]
+    __params__ = ["description", "token_scope", "release", "expiration",]
 
     def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
@@ -213,7 +213,7 @@ def __init__(self, *args, user_id, macaroon_service, project_names, all_projects
         validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
     )
 
-    releases = wtforms.StringField(
+    release = wtforms.StringField(
         validators=[wtforms.validators.DataRequired(message="Specify the release")]
     )
 
@@ -259,7 +259,7 @@ def validate_token_scope(self, field):
                 f"Unknown or invalid project name: {scope_value}"
             )
 
-    def validate_releases(self,field):
+    def validate_release(self,field):
         release = field.data
         try:
             releases = release.split(".")
@@ -293,10 +293,11 @@ def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
             self.validated_scope.update({"expiration": self.expiration.data, 
-                "releases": self.releases.data, "projects": [self.token_scope.data]})     
+                "releases": self.release.data, "projects": [self.token_scope.data]})     
         return res
         
 
+
 class DeleteMacaroonForm(forms.Form):
     __params__ = ["macaroon_id"]
 

From 503d0038d99932a55ebf9f490ef5a1332003f776 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 12:53:16 -0400
Subject: [PATCH 30/96] Added all_projects attribute to default_response.

---
 warehouse/manage/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index da980fbbe6d5..5291a2175e8e 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -636,6 +636,7 @@ def project_releases(self):
     def default_response(self):
         return {
             "project_names": self.project_names,
+            "all_projects": self.all_projects,
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,

From 7fe87bd7f27c77a3d77fbce7d1b7f78d3e3da4b3 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 13:06:21 -0400
Subject: [PATCH 31/96] Changed release to releases.

---
 warehouse/manage/forms.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 3de5fe1ee397..824c18688d16 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -190,7 +190,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "release", "expiration",]
+    __params__ = ["description", "token_scope", "releases", "expiration",]
 
     def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
@@ -213,7 +213,7 @@ def __init__(self, *args, user_id, macaroon_service, project_names, all_projects
         validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
     )
 
-    release = wtforms.StringField(
+    releases = wtforms.StringField(
         validators=[wtforms.validators.DataRequired(message="Specify the release")]
     )
 
@@ -259,7 +259,7 @@ def validate_token_scope(self, field):
                 f"Unknown or invalid project name: {scope_value}"
             )
 
-    def validate_release(self,field):
+    def validate_releases(self,field):
         release = field.data
         try:
             releases = release.split(".")
@@ -293,7 +293,7 @@ def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
             self.validated_scope.update({"expiration": self.expiration.data, 
-                "releases": self.release.data, "projects": [self.token_scope.data]})     
+                "releases": self.releases.data, "projects": [self.token_scope.data]})     
         return res
         
 

From 4b4e45e71d2d975a5aa0bd7882294e7784cfef19 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 13:56:04 -0400
Subject: [PATCH 32/96] Removed unused function.

---
 warehouse/manage/views.py | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 5291a2175e8e..a3ed6ceaccaa 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -625,13 +625,6 @@ def project_names(self):
     def all_projects(self):
         return [project for project in self.request.user.projects]
 
-    @property
-    def project_releases(self):
-        releases = {}
-        for project in self.request.user.projects:
-            releases.update({project.normalized_name : project.all_versions})
-        return releases
-
     @property
     def default_response(self):
         return {

From 879600e5ad28d320482499e21fb509d46d50b265 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 12 Sep 2019 15:15:55 -0400
Subject: [PATCH 33/96] Removed project_names.

---
 tests/unit/manage/test_forms.py | 49 +++++++++++++++++++--------------
 warehouse/manage/forms.py       | 19 +++++++------
 warehouse/manage/views.py       | 10 +++----
 3 files changed, 43 insertions(+), 35 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 45a10bb52633..f1ad50198b03 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -21,6 +21,12 @@
 
 from warehouse.manage import forms
 
+from datetime import datetime
+from datetime import timedelta
+import pytz
+
+from ...common.db.packaging import ProjectFactory
+
 
 class TestCreateRoleForm:
     def test_creation(self):
@@ -327,18 +333,15 @@ class TestCreateMacaroonForm:
     def test_creation(self):
         user_id = pretend.stub()
         macaroon_service = pretend.stub()
-        project_names = pretend.stub()
         all_projects = pretend.stub()
         form = forms.CreateMacaroonForm(
             user_id=user_id,
             macaroon_service=macaroon_service,
-            project_names=project_names,
             all_projects=all_projects
         )
 
         assert form.user_id is user_id
         assert form.macaroon_service is macaroon_service
-        assert form.project_names is project_names
         assert form.all_projects is all_projects
 
     def test_validate_description_missing(self):
@@ -346,7 +349,6 @@ def test_validate_description_missing(self):
             data={"token_scope": "scope:user"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(),
-            project_names=pretend.stub(),
             all_projects=pretend.stub()
         )
 
@@ -360,7 +362,6 @@ def test_validate_description_in_use(self):
             macaroon_service=pretend.stub(
                 get_macaroon_by_description=lambda *a: pretend.stub()
             ),
-            project_names=pretend.stub(),
             all_projects=pretend.stub()
         )
 
@@ -372,7 +373,6 @@ def test_validate_token_scope_missing(self):
             data={"description": "dummy"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=pretend.stub(),
             all_projects=pretend.stub()
         )
 
@@ -384,7 +384,6 @@ def test_validate_token_scope_unspecified(self):
             data={"description": "dummy", "token_scope": "scope:unspecified"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=pretend.stub(),
             all_projects=pretend.stub()
         )
 
@@ -399,7 +398,6 @@ def test_validate_token_scope_invalid_format(self, scope):
             data={"description": "dummy", "token_scope": scope},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=pretend.stub(),
             all_projects=pretend.stub()
         )
 
@@ -411,21 +409,23 @@ def test_validate_token_scope_invalid_project(self):
             data={"description": "dummy", "token_scope": "scope:project:foo"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=["bar"],
-            all_projects=pretend.stub()
+            all_projects=[]
         )
 
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
     
     def test_validate_token_scope_invalid_release(self):
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "AA.BB.CC", "expiration": "2020-09-01T06:00"},
+                "releases": "AA.BB.CC", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=["foo"],
-            all_projects=pretend.stub()
+            all_projects=[]
         )
 
         assert not form.validate()
@@ -437,7 +437,6 @@ def test_validate_expiration_missing(self):
                 "releases": "1.0"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=["foo"],
             all_projects=[]
         )
 
@@ -446,12 +445,15 @@ def test_validate_expiration_missing(self):
 
     #will have to add a test for greater than 1 year
     def test_validate_token_scope_invalid_expiration(self):
+        d = datetime.now() - timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": "2019-09-01T06:00"},
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=["foo"],
             all_projects=[]
         )
 
@@ -460,24 +462,31 @@ def test_validate_token_scope_invalid_expiration(self):
 
     #once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:user",
-            "releases": "1.0", "expiration": "2020-09-01T06:00"},
+            "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=[],
             all_projects=[]
         )
 
         assert form.validate()
 
+    #need to fix -> add foo project to all_projects
     def test_validate_token_scope_valid_project(self):
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": "2020-09-01T06:00"},
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            project_names=["foo"],
             all_projects=[]
         )
 
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 824c18688d16..693d8bd960e0 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -192,13 +192,12 @@ def validate_label(self, field):
 class CreateMacaroonForm(forms.Form):
     __params__ = ["description", "token_scope", "releases", "expiration",]
 
-    def __init__(self, *args, user_id, macaroon_service, project_names, all_projects, **kwargs):
+    def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
         self.user_id = user_id
         self.macaroon_service = macaroon_service
-        self.project_names = project_names
         self.all_projects = all_projects
-        self.validated_scope = {}
+        self.validated_scope = None
 
     description = wtforms.StringField(
         validators=[
@@ -254,10 +253,12 @@ def validate_token_scope(self, field):
 
         if scope_kind != "project":
             raise wtforms.ValidationError(f"Unknown token scope: {scope}")
-        if scope_value not in self.project_names:
-            raise wtforms.ValidationError(
-                f"Unknown or invalid project name: {scope_value}"
-            )
+        for project in self.all_projects:
+            if scope_value == project.normalized_name:
+                return
+        raise wtforms.ValidationError(
+            f"Unknown or invalid project name: {scope_value}"
+        )
 
     def validate_releases(self,field):
         release = field.data
@@ -292,8 +293,8 @@ def validate_expiration(self, field):
     def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
-            self.validated_scope.update({"expiration": self.expiration.data, 
-                "releases": self.releases.data, "projects": [self.token_scope.data]})     
+            self.validated_scope = {"expiration": self.expiration.data, 
+                "releases": self.releases.data, "projects": [self.token_scope.data]}   
         return res
         
 
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index a3ed6ceaccaa..c05e5ba9266f 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -616,11 +616,11 @@ def __init__(self, request):
         self.request = request
         self.user_service = request.find_service(IUserService, context=None)
         self.macaroon_service = request.find_service(IMacaroonService, context=None)
-
+    
     @property
     def project_names(self):
-        return sorted(project.normalized_name for project in self.request.user.projects)
-    
+        return [project.normalized_name for project in self.request.user.projects]
+
     @property
     def all_projects(self):
         return [project for project in self.request.user.projects]
@@ -628,12 +628,11 @@ def all_projects(self):
     @property
     def default_response(self):
         return {
-            "project_names": self.project_names,
             "all_projects": self.all_projects,
+            "project_names": self.project_names,
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
-                project_names=self.project_names,
                 all_projects=self.all_projects
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
@@ -657,7 +656,6 @@ def create_macaroon(self):
             **self.request.POST,
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
-            project_names=self.project_names,
             all_projects=self.all_projects
         )
 

From 1fb7db29fcc5f6d73543465f9fd903501769f2c5 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 13 Sep 2019 15:00:42 -0400
Subject: [PATCH 34/96] Added tests for full coverage.

---
 tests/unit/manage/test_forms.py | 73 ++++++++++++++++++++++++---------
 1 file changed, 53 insertions(+), 20 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index f1ad50198b03..dea7e3dace5d 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -25,7 +25,7 @@
 from datetime import timedelta
 import pytz
 
-from ...common.db.packaging import ProjectFactory
+from warehouse.packaging.models import Project
 
 
 class TestCreateRoleForm:
@@ -415,14 +415,23 @@ def test_validate_token_scope_invalid_project(self):
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
     
+    '''
+    def test_validate_token_scope_valid_project(self):
+        project = Project(name="foo")
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:project:foo"},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=[]
+        )
+
+        assert form.validate()
+    '''
+
     def test_validate_token_scope_invalid_release(self):
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "AA.BB.CC", "expiration": expiration},
+                "releases": "AA.BB.CC"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             all_projects=[]
@@ -431,6 +440,21 @@ def test_validate_token_scope_invalid_release(self):
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
     
+    '''
+    def test_validate_token_scope_release_in_use(self):
+        project = Project(name="foo", releases="1.0")
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0"},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=[]
+        )
+
+        assert not form.validate()
+        assert form.releases.errors.pop() == "Invalid release"
+    '''
+
     def test_validate_expiration_missing(self):
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
@@ -443,8 +467,7 @@ def test_validate_expiration_missing(self):
         assert not form.validate()
         assert form.expiration.errors.pop() == "Specify the expiration"
 
-    #will have to add a test for greater than 1 year
-    def test_validate_token_scope_invalid_expiration(self):
+    def test_validate_invalid_expiration(self):
         d = datetime.now() - timedelta(days=1)
         tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
@@ -459,16 +482,27 @@ def test_validate_token_scope_invalid_expiration(self):
 
         assert not form.validate()
         assert form.expiration.errors.pop() == "Expiration must be after the current time"
-
-    #once js is figured out would have to disable releases
-    def test_validate_token_scope_valid_user(self):
-        d = datetime.now() + timedelta(days=1)
+    
+    def test_validate_long_expiration(self):
+        d = datetime.now() + timedelta(days=366)
         tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:user",
-            "releases": "1.0", "expiration": expiration},
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0", "expiration": expiration},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=[]
+        )
+
+        assert not form.validate()
+        assert form.expiration.errors.pop() == "Expiration cannot be greater than one year"
+
+    #once js is figured out would have to disable releases
+    def test_validate_token_scope_valid_user(self):
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:user"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             all_projects=[]
@@ -477,20 +511,19 @@ def test_validate_token_scope_valid_user(self):
         assert form.validate()
 
     #need to fix -> add foo project to all_projects
+    '''
     def test_validate_token_scope_valid_project(self):
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+        project = Project(name="foo")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": expiration},
+                },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[project]
         )
 
         assert form.validate()
+    '''
 
 
 class TestDeleteMacaroonForm:

From dd3ef4bf9614b071edd30eb7bcac49122778025d Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 13 Sep 2019 15:08:50 -0400
Subject: [PATCH 35/96] Changed format of validated_scope.

---
 warehouse/manage/forms.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 693d8bd960e0..7e9f33d0ac39 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -294,7 +294,7 @@ def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
             self.validated_scope = {"expiration": self.expiration.data, 
-                "releases": self.releases.data, "projects": [self.token_scope.data]}   
+            "projects": [{"project-name": self.token_scope.data, "version": self.releases.data}]}   
         return res
         
 

From 9357cd43bc647e51421c79f59eb37c9c3b4b45aa Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Fri, 13 Sep 2019 16:01:22 -0400
Subject: [PATCH 36/96] Updated to match new format.

---
 tests/unit/macaroons/test_caveats.py | 98 ++++++++++++++++++++++++----
 1 file changed, 86 insertions(+), 12 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 70663cf9ea67..a7e044f6c989 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -21,6 +21,10 @@
 
 from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
+from datetime import datetime
+from datetime import timedelta
+import pytz
+
 
 class TestCaveat:
     def test_creation(self):
@@ -61,7 +65,8 @@ def test_verify_project_invalid_context(self):
         verifier = pretend.stub(context=pretend.stub())
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": {"projects": ["notfoobar"]}}
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "notfoobar"}]}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -70,7 +75,8 @@ def test_verify_project_invalid_project_name(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": {"projects": ["notfoobar"]}}
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "notfoobar"}]}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -91,30 +97,98 @@ def test_verify_project(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": {"projects": ["foobar"], 
-            "releases": "1.0", "expiration": "2020-01-01T00:00"}}
+        predicate = {"version": 1, "permissions": {"projects": [{"project-name": "foobar"}],}}
         assert caveat(json.dumps(predicate)) is True
     
-    #added
-    def test_verify_release(self, db_request):
+    def test_verify_releases(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project_name": "foobar", "version": "1.0"}]}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+    
+    def test_verify_expiration(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
+            "expiration": expiration}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+
+    def test_verify_release_exists(self, db_request):
+        project = ProjectFactory.create(name="foobar", release="1.0")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}],
+            "expiration": expiration}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+
+    def test_verify_invalid_expiration(self, db_request):
+        project = ProjectFactory.create(name="foobar", release="1.0")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project-name":"foobar", "version": "1.0"}], 
+            "expiration": "AA.BB.CC"}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+    
+    def test_verify_expired(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+        d = datetime.now() - timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
+            "expiration": expiration}}
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+    
+    def test_verify_release_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        # release = ReleaseFactory.create(project=project, version="1.0")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": "1.0", "permissions": {"projects": ["foobar"], "releases": "1.0"}}
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project-name": "foobar"}], "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
     
-    def test_expiration(self, db_request):
+    def test_verify_expiration_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": "1.0", "permissions": {"projects": ["foobar"], "releases": "1.0", 
-            "expiration": "2019-09-01T06:00"}}
+        predicate = {"version": "1.0", "permissions": 
+            {"projects": [{"project-name": "foobar", "releases": "1.0"}]}}
         with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))    
+            caveat(json.dumps(predicate))
 
 class TestVerifier:
     def test_creation(self):

From 117a3afd75f6c06563788dc2c3103203a35cba06 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 11:35:05 -0400
Subject: [PATCH 37/96] Added expiration to user scope.

---
 warehouse/manage/forms.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 7e9f33d0ac39..a01704aa7ba1 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -270,10 +270,9 @@ def validate_releases(self,field):
             raise wtforms.validators.ValidationError("Invalid release")
 
         for project in self.all_projects:
-            if project.normalized_name == self.validate_token_scope(self.token_scope):
-                for version in project.all_versions:
-                    if version[0] == release:
-                        raise wtforms.validators.ValidationError("Invalid release")
+            for version in project.all_versions:
+                if version[0] == release:
+                    raise wtforms.validators.ValidationError("Invalid release")
         
     def validate_expiration(self, field):
         expiration = field.data
@@ -294,7 +293,9 @@ def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
             self.validated_scope = {"expiration": self.expiration.data, 
-            "projects": [{"project-name": self.token_scope.data, "version": self.releases.data}]}   
+            "projects": [{"project-name": self.token_scope.data, "version": self.releases.data}]}
+        else:
+            self.validated_scope = {"scope": "user", "expiration": self.expiration.data}
         return res
         
 

From 0d09209af9a2a86d725bb9d85af6cc962efa3bb1 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 11:36:10 -0400
Subject: [PATCH 38/96] Added tests for full coverage.

---
 tests/unit/manage/test_forms.py | 75 ++++++++++++++++++++-------------
 1 file changed, 45 insertions(+), 30 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index dea7e3dace5d..b9c7b5b939cc 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -21,6 +21,8 @@
 
 from warehouse.manage import forms
 
+from ...common.db.packaging import ProjectFactory, ReleaseFactory
+
 from datetime import datetime
 from datetime import timedelta
 import pytz
@@ -415,18 +417,37 @@ def test_validate_token_scope_invalid_project(self):
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
     
-    '''
-    def test_validate_token_scope_valid_project(self):
-        project = Project(name="foo")
+    def test_validate_token_scope_valid_project(self, db_request):
+        project = ProjectFactory(name="foo")
+        release = ReleaseFactory(project=project)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo"},
+            data={"description": "dummy", "token_scope": "scope:project:foo", 
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[project]
         )
-
         assert form.validate()
-    '''
+    
+    def test_validate_token_scope_not_in_projects(self, db_request):
+        project = ProjectFactory(name="foo")
+        release = ReleaseFactory(project=project)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:project:foobar", 
+                "releases": "1.0", "expiration": expiration},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=[project]
+        )
+        assert not form.validate()
 
     def test_validate_token_scope_invalid_release(self):
         form = forms.CreateMacaroonForm(
@@ -440,20 +461,25 @@ def test_validate_token_scope_invalid_release(self):
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
     
-    '''
-    def test_validate_token_scope_release_in_use(self):
-        project = Project(name="foo", releases="1.0")
+
+    def test_validate_token_scope_release_in_use(self, db_request):
+        project = Project(name="foo")
+        release = ReleaseFactory(project=project)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0"},
+                "releases": project.latest_version[0], "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[project]
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
-    '''
+
 
     def test_validate_expiration_missing(self):
         form = forms.CreateMacaroonForm(
@@ -501,8 +527,13 @@ def test_validate_long_expiration(self):
 
     #once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:user"},
+            data={"description": "dummy", "token_scope": "scope:user",
+                "releases": "0.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             all_projects=[]
@@ -510,22 +541,6 @@ def test_validate_token_scope_valid_user(self):
 
         assert form.validate()
 
-    #need to fix -> add foo project to all_projects
-    '''
-    def test_validate_token_scope_valid_project(self):
-        project = Project(name="foo")
-        form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                },
-            user_id=pretend.stub(),
-            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
-        )
-
-        assert form.validate()
-    '''
-
-
 class TestDeleteMacaroonForm:
     def test_creation(self):
         macaroon_service = pretend.stub()

From 1dfe5940656b852ae4706f96e453a7be43e996bb Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 12:26:00 -0400
Subject: [PATCH 39/96] Grammar / formatting fixes.

---
 warehouse/macaroons/caveats.py | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 53b2a67267f9..d20e8dfced0a 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -46,10 +46,11 @@ def verify_projects(self, projects):
             )
 
         project = self.verifier.context
-        if project.normalized_name not in projects:
-            raise InvalidMacaroon("project-scoped token matches no projects")
-        
-        return True
+
+        for user_proj in projects:
+            if project.normalized_name == user_proj.get("project-name"):
+                return True
+        raise InvalidMacaroon("project-scoped token matches no projects")
     
     def verify_releases(self, release):
         project = self.verifier.context
@@ -57,7 +58,6 @@ def verify_releases(self, release):
         for version in project.all_versions:
             if release == version[0]:
                 raise InvalidMacaroon("release already exists")
-
         return True
     
     def verify_expiration(self, expiration):
@@ -79,17 +79,20 @@ def verify(self, predicate):
         try:
             data = json.loads(predicate)
         except ValueError:
-            raise InvalidMacaroon("malformatted predicate")
+            raise InvalidMacaroon(f"malformatted predicate {predicate}")
 
         if data.get("version") != 1:
-            raise InvalidMacaroon("invalidate version in predicate")
+            raise InvalidMacaroon("invalid version in predicate")
 
         permissions = data.get("permissions")
         if permissions is None:
             raise InvalidMacaroon("invalid permissions in predicate")
 
-        if permissions == "user":
-            # User-scoped tokens behave exactly like a user's normal credentials.
+        if permissions.get("scope") == "user":
+            if permissions.get("expiration") is None:
+                raise InvalidMacaroon("invalid expiration in predicate")
+            else:
+                self.verify_expiration(permissions.get("expiration"))
             return True
 
         projects = permissions.get("projects")
@@ -98,11 +101,13 @@ def verify(self, predicate):
         else:
             self.verify_projects(projects)
 
-        release = permissions.get("releases")
-        if release is None and projects is not None:
-            raise InvalidMacaroon("invalid release in predicate")
-        else:
-            self.verify_releases(release)
+        # done
+        for project in projects:
+            release = project.get("version")
+            if release is None:
+                raise InvalidMacaroon("invalid release in predicate")
+            else:
+                self.verify_releases(release)
 
         expiration = permissions.get("expiration")
         if expiration is None:

From b3723449b8626939aa353b99466333e000ce0913 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 12:26:52 -0400
Subject: [PATCH 40/96] Added/modified tests for full coverage.

---
 tests/unit/macaroons/test_caveats.py | 88 ++++++++++++++++++----------
 1 file changed, 56 insertions(+), 32 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index a7e044f6c989..da362dad1c44 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -57,9 +57,21 @@ def test_verify_invalid_predicates(self, predicate, result):
     def test_verify_valid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
-        predicate = '{"permissions": "user", "version": 1}'
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+        predicate = {"permissions": {"scope": "user", "expiration": expiration}, "version": 1}
 
-        assert caveat(predicate) is True
+        assert caveat(json.dumps(predicate)) is True
+    
+    def test_verify_user_invalid_predicate(self):
+        verifier = pretend.stub()
+        caveat = V1Caveat(verifier)
+        predicate = {"permissions": {"scope": "user"}, "version": 1}
+
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
 
     def test_verify_project_invalid_context(self):
         verifier = pretend.stub(context=pretend.stub())
@@ -94,24 +106,35 @@ def test_verify_project_no_projects_object(self, db_request):
 
     def test_verify_project(self, db_request):
         project = ProjectFactory.create(name="foobar")
+        release = ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": {"projects": [{"project-name": "foobar"}],}}
+        predicate = {"version": 1, "permissions": 
+            {"expiration": expiration, "projects": [{"project-name": "foobar", "version": "1.0"}]}}
         assert caveat(json.dumps(predicate)) is True
     
     def test_verify_releases(self, db_request):
         project = ProjectFactory.create(name="foobar")
+        release = ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": "1.0", "permissions": 
-            {"projects": [{"project_name": "foobar", "version": "1.0"}]}}
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-    
-    def test_verify_expiration(self, db_request):
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], "expiration": expiration}}
+        assert caveat(json.dumps(predicate)) is True
+
+    def test_verify_release_exists(self, db_request):
         project = ProjectFactory.create(name="foobar")
+        release = ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -119,14 +142,14 @@ def test_verify_expiration(self, db_request):
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": "1.0", "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": project.latest_version[0]}],
             "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-
-    def test_verify_release_exists(self, db_request):
-        project = ProjectFactory.create(name="foobar", release="1.0")
+    
+    def test_verify_release_missing(self, db_request):
+        project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -134,49 +157,50 @@ def test_verify_release_exists(self, db_request):
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": "1.0", "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}],
-            "expiration": expiration}}
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar"}], "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
     def test_verify_invalid_expiration(self, db_request):
-        project = ProjectFactory.create(name="foobar", release="1.0")
+        project = ProjectFactory.create(name="foobar")
+        release = ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": "1.0", "permissions": 
+        predicate = {"version": 1, "permissions": 
             {"projects": [{"project-name":"foobar", "version": "1.0"}], 
-            "expiration": "AA.BB.CC"}}
+            "expiration": "notanexpiration"}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
     
-    def test_verify_expired(self, db_request):
+    def test_verify_expiration(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
-        d = datetime.now() - timedelta(days=1)
+        d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": "1.0", "permissions": 
+        predicate = {"version": 1, "permissions": 
             {"projects": [{"project-name": "foobar", "version": "1.0"}], 
             "expiration": expiration}}
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-    
-    def test_verify_release_missing(self, db_request):
+        assert caveat(json.dumps(predicate)) is True
+
+    def test_verify_expired(self, db_request):
         project = ProjectFactory.create(name="foobar")
+        release = ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
+        d = datetime.now() - timedelta(days=1)
         tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": "1.0", "permissions": 
-            {"projects": [{"project-name": "foobar"}], "expiration": expiration}}
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
+            "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
     
@@ -185,8 +209,8 @@ def test_verify_expiration_missing(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": "1.0", "permissions": 
-            {"projects": [{"project-name": "foobar", "releases": "1.0"}]}}
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}]}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 

From dbf9054c79da1040a7c0c6b9685a12a1155da59d Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 12:31:10 -0400
Subject: [PATCH 41/96] Removed notes.

---
 warehouse/macaroons/caveats.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index d20e8dfced0a..520ef91162e7 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -101,7 +101,6 @@ def verify(self, predicate):
         else:
             self.verify_projects(projects)
 
-        # done
         for project in projects:
             release = project.get("version")
             if release is None:

From 2355ff705351745fa7c5801ff8417d00763988d2 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 14:25:12 -0400
Subject: [PATCH 42/96] Updated to match new format.

---
 warehouse/templates/manage/token.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 893ef1bf2c6f..d39846ea0480 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -35,7 +35,7 @@ <h2>Token for "{{ macaroon.description }}"</h2>
       {% if macaroon.caveats.permissions == "user" %}
       <strong>Scope:</strong> Entire account (all projects)
       {% else %}
-      <strong>Scope:</strong> Project "{{ macaroon.caveats.permissions.projects[0] }}"
+      <strong>Scope:</strong> Project "{{ macaroon.caveats.permissions.projects[0]["project-name"].split(":")[-1] }}"
       {% endif %}
     </p>
     <p>For instructions on how to use this token, <a href="/help#apitoken">visit the PyPI help page</a>.</p>
@@ -104,7 +104,7 @@ <h2>Add another token</h2>
           <option value="scope:user">Entire account (all projects)</option>
         {% for project in project_names %}
           {% set project_value = 'scope:project:' + project %}
-          <option value="{{ project_value }}" label="Project: {{ project }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}></option>
+          <option value="{{ project_value }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}>{% trans %}Project:{% endtrans %} {{ project }}</option>
         {% endfor %}
         </select>
         <div id="scope-errors">

From 94740152511324f5cb215dfe22ca1a28769a57e6 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 14:38:31 -0400
Subject: [PATCH 43/96] Translation

---
 warehouse/templates/manage/token.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index d39846ea0480..44dc3cac55e6 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -35,7 +35,7 @@ <h2>Token for "{{ macaroon.description }}"</h2>
       {% if macaroon.caveats.permissions == "user" %}
       <strong>Scope:</strong> Entire account (all projects)
       {% else %}
-      <strong>Scope:</strong> Project "{{ macaroon.caveats.permissions.projects[0]["project-name"].split(":")[-1] }}"
+      <strong>{% trans %}Scope:{% endtrans %}</strong> {% trans project=macaroon.caveats.permissions.projects[0]["project-name"].split(":")[-1] %}Project "{{ project }}"{% endtrans %}
       {% endif %}
     </p>
     <p>For instructions on how to use this token, <a href="/help#apitoken">visit the PyPI help page</a>.</p>

From 6b2b0807c34bd5aa5147c4226c47aad30f86394a Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 17 Sep 2019 16:29:35 -0400
Subject: [PATCH 44/96] Hid release field when user scope selected.

---
 warehouse/static/js/warehouse/index.js | 6 +++++-
 warehouse/templates/manage/token.html  | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/warehouse/static/js/warehouse/index.js b/warehouse/static/js/warehouse/index.js
index 0c005806bc53..d975319b7214 100644
--- a/warehouse/static/js/warehouse/index.js
+++ b/warehouse/static/js/warehouse/index.js
@@ -218,12 +218,16 @@ docReady(() => {
 
   tokenSelect.addEventListener("change", () => {
     const tokenScopeWarning = document.getElementById("api-token-scope-warning");
+    const releaseHidden = document.getElementById("release-group");
     if (tokenScopeWarning === null) {
       return;
     }
-
+    if (releaseHidden === null) {
+      return;
+    }
     const tokenScope = tokenSelect.options[tokenSelect.selectedIndex].value;
     tokenScopeWarning.hidden = (tokenScope !== "scope:user");
+    releaseHidden.hidden = (tokenScope === "scope:user");
   });
 });
 
diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 44dc3cac55e6..0d675840c0bc 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -116,7 +116,7 @@ <h3 class="callout-block__heading">Proceed with caution!</h3>
         <p>An API token scoped to your entire account will have upload permissions for all of your projects.</p>
       </div>
 
-      <div class="form-group">
+      <div class="form-group" id="release-group">
         <label for="release" class="form-group__label">
           Release
           {% if create_macaroon_form.releases.flags.required %}

From 9a46d0e7d940a302a8f8ad74b4ad3e6911f63b26 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 14:44:28 -0400
Subject: [PATCH 45/96] Black reformatting.

---
 dev/notdatadog.py                    |  11 +--
 dev/smtp.py                          |  10 +--
 docs/conf.py                         |   8 +-
 tests/unit/macaroons/test_caveats.py | 117 +++++++++++++++++--------
 tests/unit/manage/test_forms.py      | 123 +++++++++++++++++----------
 tests/unit/manage/test_views.py      |  12 +--
 warehouse/macaroons/caveats.py       |  10 ++-
 warehouse/macaroons/services.py      |   2 +-
 warehouse/manage/forms.py            |  38 +++++----
 warehouse/manage/views.py            |   6 +-
 10 files changed, 203 insertions(+), 134 deletions(-)

diff --git a/dev/notdatadog.py b/dev/notdatadog.py
index c8901c543217..3b5acfe7a700 100644
--- a/dev/notdatadog.py
+++ b/dev/notdatadog.py
@@ -16,11 +16,10 @@
 
 
 class AsyncoreSocketUDP(asyncore.dispatcher):
-
-    def __init__(self, host='127.0.0.1', port=8125):
+    def __init__(self, host="127.0.0.1", port=8125):
         asyncore.dispatcher.__init__(self)
         self.create_socket(socket.AF_INET, socket.SOCK_DGRAM)
-        print(f'Listening on udp {host}:{port}')
+        print(f"Listening on udp {host}:{port}")
         self.bind((host, port))
 
     def handle_connect(self):
@@ -37,9 +36,7 @@ def writable(self):
         return False
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     options = smtpd.parseargs()
-    AsyncoreSocketUDP(
-        options.localhost, options.localport,
-    )
+    AsyncoreSocketUDP(options.localhost, options.localport)
     asyncore.loop()
diff --git a/dev/smtp.py b/dev/smtp.py
index bfdcf4670ca2..685546700c94 100644
--- a/dev/smtp.py
+++ b/dev/smtp.py
@@ -16,17 +16,15 @@
 
 
 class DebuggingServer(smtpd.SMTPServer):
-
     def process_message(self, peer, mailfrom, rcpttos, data, **kwargs):
-        print('---------- MESSAGE FOLLOWS ----------')
+        print("---------- MESSAGE FOLLOWS ----------")
         print(quopri.decodestring(data).decode())
-        print('------------ END MESSAGE ------------')
+        print("------------ END MESSAGE ------------")
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     options = smtpd.parseargs()
     DebuggingServer(
-        (options.localhost, options.localport),
-        (options.remotehost, options.remoteport),
+        (options.localhost, options.localport), (options.remotehost, options.remoteport)
     )
     asyncore.loop()
diff --git a/docs/conf.py b/docs/conf.py
index 0927cff07ec1..279819b171df 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -28,11 +28,7 @@
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
-extensions = [
-    "sphinx.ext.doctest",
-    "sphinx.ext.todo",
-    "sphinxcontrib.httpdomain",
-]
+extensions = ["sphinx.ext.doctest", "sphinx.ext.todo", "sphinxcontrib.httpdomain"]
 
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ["_templates"]
@@ -66,7 +62,7 @@
     html_theme = "default"
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = 'Warehousedoc'
+htmlhelp_basename = "Warehousedoc"
 
 # Enable display of todos
 todo_include_todos = True
diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index da362dad1c44..bbdc1364146e 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -58,13 +58,16 @@ def test_verify_valid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        predicate = {"permissions": {"scope": "user", "expiration": expiration}, "version": 1}
+        predicate = {
+            "permissions": {"scope": "user", "expiration": expiration},
+            "version": 1,
+        }
 
         assert caveat(json.dumps(predicate)) is True
-    
+
     def test_verify_user_invalid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
@@ -77,8 +80,10 @@ def test_verify_project_invalid_context(self):
         verifier = pretend.stub(context=pretend.stub())
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "notfoobar"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {"projects": [{"project-name": "notfoobar"}]},
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -87,8 +92,10 @@ def test_verify_project_invalid_project_name(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "notfoobar"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {"projects": [{"project-name": "notfoobar"}]},
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -110,26 +117,36 @@ def test_verify_project(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"expiration": expiration, "projects": [{"project-name": "foobar", "version": "1.0"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "expiration": expiration,
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+            },
+        }
         assert caveat(json.dumps(predicate)) is True
-    
+
     def test_verify_releases(self, db_request):
         project = ProjectFactory.create(name="foobar")
         release = ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": expiration,
+            },
+        }
         assert caveat(json.dumps(predicate)) is True
 
     def test_verify_release_exists(self, db_request):
@@ -138,27 +155,38 @@ def test_verify_release_exists(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": project.latest_version[0]}],
-            "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [
+                    {"project-name": "foobar", "version": project.latest_version[0]}
+                ],
+                "expiration": expiration,
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_release_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar"}], "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar"}],
+                "expiration": expiration,
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -168,24 +196,32 @@ def test_verify_invalid_expiration(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name":"foobar", "version": "1.0"}], 
-            "expiration": "notanexpiration"}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": "notanexpiration",
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_expiration(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
-            "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": expiration,
+            },
+        }
         assert caveat(json.dumps(predicate)) is True
 
     def test_verify_expired(self, db_request):
@@ -194,26 +230,33 @@ def test_verify_expired(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
-            "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": expiration,
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_expiration_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {"projects": [{"project-name": "foobar", "version": "1.0"}]},
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
+
 class TestVerifier:
     def test_creation(self):
         macaroon = pretend.stub()
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index b9c7b5b939cc..3d5df7719332 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -339,7 +339,7 @@ def test_creation(self):
         form = forms.CreateMacaroonForm(
             user_id=user_id,
             macaroon_service=macaroon_service,
-            all_projects=all_projects
+            all_projects=all_projects,
         )
 
         assert form.user_id is user_id
@@ -351,7 +351,7 @@ def test_validate_description_missing(self):
             data={"token_scope": "scope:user"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -364,7 +364,7 @@ def test_validate_description_in_use(self):
             macaroon_service=pretend.stub(
                 get_macaroon_by_description=lambda *a: pretend.stub()
             ),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -375,7 +375,7 @@ def test_validate_token_scope_missing(self):
             data={"description": "dummy"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -386,7 +386,7 @@ def test_validate_token_scope_unspecified(self):
             data={"description": "dummy", "token_scope": "scope:unspecified"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -400,7 +400,7 @@ def test_validate_token_scope_invalid_format(self, scope):
             data={"description": "dummy", "token_scope": scope},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -411,83 +411,99 @@ def test_validate_token_scope_invalid_project(self):
             data={"description": "dummy", "token_scope": "scope:project:foo"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
-    
+
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
         release = ReleaseFactory(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo", 
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
+            all_projects=[project],
         )
         assert form.validate()
-    
+
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
         release = ReleaseFactory(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foobar", 
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foobar",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
+            all_projects=[project],
         )
         assert not form.validate()
 
     def test_validate_token_scope_invalid_release(self):
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "AA.BB.CC"},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "AA.BB.CC",
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
-    
 
     def test_validate_token_scope_release_in_use(self, db_request):
         project = Project(name="foo")
         release = ReleaseFactory(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": project.latest_version[0], "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": project.latest_version[0],
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
+            all_projects=[project],
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
 
-
     def test_validate_expiration_missing(self):
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0"},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
@@ -495,52 +511,69 @@ def test_validate_expiration_missing(self):
 
     def test_validate_invalid_expiration(self):
         d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
-        assert form.expiration.errors.pop() == "Expiration must be after the current time"
-    
+        assert (
+            form.expiration.errors.pop() == "Expiration must be after the current time"
+        )
+
     def test_validate_long_expiration(self):
         d = datetime.now() + timedelta(days=366)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
-        assert form.expiration.errors.pop() == "Expiration cannot be greater than one year"
+        assert (
+            form.expiration.errors.pop() == "Expiration cannot be greater than one year"
+        )
 
-    #once js is figured out would have to disable releases
+    # once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:user",
-                "releases": "0.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:user",
+                "releases": "0.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert form.validate()
 
+
 class TestDeleteMacaroonForm:
     def test_creation(self):
         macaroon_service = pretend.stub()
diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
index 505d84d65fde..de6220ff47c9 100644
--- a/tests/unit/manage/test_views.py
+++ b/tests/unit/manage/test_views.py
@@ -1468,9 +1468,7 @@ def test_default_response(self, monkeypatch):
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "project_names", project_names
         )
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "all_projects", all_projects
-        )
+        monkeypatch.setattr(views.ProvisionMacaroonViews, "all_projects", all_projects)
 
         request = pretend.stub(
             user=pretend.stub(id=pretend.stub()),
@@ -1578,9 +1576,7 @@ def test_create_macaroon_invalid_form(self, monkeypatch):
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "project_names", project_names
         )
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "all_projects", all_projects
-        )
+        monkeypatch.setattr(views.ProvisionMacaroonViews, "all_projects", all_projects)
 
         default_response = {"default": "response"}
         monkeypatch.setattr(
@@ -1632,9 +1628,7 @@ def test_create_macaroon(self, monkeypatch):
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "project_names", project_names
         )
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "all_projects", all_projects
-        )
+        monkeypatch.setattr(views.ProvisionMacaroonViews, "all_projects", all_projects)
 
         default_response = {"default": "response"}
         monkeypatch.setattr(
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 520ef91162e7..5779e475f4c5 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -22,6 +22,7 @@
 
 import pytz
 
+
 class InvalidMacaroon(Exception):
     ...
 
@@ -36,6 +37,7 @@ def verify(self, predicate):
     def __call__(self, predicate):
         return self.verify(predicate)
 
+
 class V1Caveat(Caveat):
     def verify_projects(self, projects):
         # First, ensure that we're actually operating in
@@ -51,7 +53,7 @@ def verify_projects(self, projects):
             if project.normalized_name == user_proj.get("project-name"):
                 return True
         raise InvalidMacaroon("project-scoped token matches no projects")
-    
+
     def verify_releases(self, release):
         project = self.verifier.context
 
@@ -59,7 +61,7 @@ def verify_releases(self, release):
             if release == version[0]:
                 raise InvalidMacaroon("release already exists")
         return True
-    
+
     def verify_expiration(self, expiration):
         try:
             expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
@@ -67,7 +69,7 @@ def verify_expiration(self, expiration):
             raise InvalidMacaroon("invalid expiration")
 
         d = datetime.now()
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
         if expiration_aware < tz_aware:
@@ -131,4 +133,4 @@ def verify(self, key):
         try:
             return self.verifier.verify(self.macaroon, key)
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
-            raise InvalidMacaroon("invalid macaroon signature")
\ No newline at end of file
+            raise InvalidMacaroon("invalid macaroon signature")
diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index f95c831695f4..0fff949ade55 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -167,4 +167,4 @@ def get_macaroon_by_description(self, user_id, description):
 
 
 def database_macaroon_factory(context, request):
-    return DatabaseMacaroonService(request.db)
\ No newline at end of file
+    return DatabaseMacaroonService(request.db)
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index a01704aa7ba1..29756801d8cd 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -190,7 +190,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "releases", "expiration",]
+    __params__ = ["description", "token_scope", "releases", "expiration"]
 
     def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
@@ -217,9 +217,7 @@ def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
     )
 
     expiration = wtforms.DateTimeField(
-        validators=[
-            wtforms.validators.DataRequired(message="Specify the expiration"),
-        ]
+        validators=[wtforms.validators.DataRequired(message="Specify the expiration")]
     )
 
     def validate_description(self, field):
@@ -256,11 +254,9 @@ def validate_token_scope(self, field):
         for project in self.all_projects:
             if scope_value == project.normalized_name:
                 return
-        raise wtforms.ValidationError(
-            f"Unknown or invalid project name: {scope_value}"
-        )
+        raise wtforms.ValidationError(f"Unknown or invalid project name: {scope_value}")
 
-    def validate_releases(self,field):
+    def validate_releases(self, field):
         release = field.data
         try:
             releases = release.split(".")
@@ -273,31 +269,41 @@ def validate_releases(self,field):
             for version in project.all_versions:
                 if version[0] == release:
                     raise wtforms.validators.ValidationError("Invalid release")
-        
+
     def validate_expiration(self, field):
         expiration = field.data
         expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
         d = datetime.now()
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
 
         if expiration_aware > tz_aware + timedelta(days=365):
-            raise wtforms.validators.ValidationError("Expiration cannot be greater than one year")
+            raise wtforms.validators.ValidationError(
+                "Expiration cannot be greater than one year"
+            )
         if expiration_aware < tz_aware:
-            raise wtforms.validators.ValidationError("Expiration must be after the current time")
-        
+            raise wtforms.validators.ValidationError(
+                "Expiration must be after the current time"
+            )
+
         expiration = datetime.strftime(expiration, "%Y-%m-%dT%H:%M")
 
     def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
-            self.validated_scope = {"expiration": self.expiration.data, 
-            "projects": [{"project-name": self.token_scope.data, "version": self.releases.data}]}
+            self.validated_scope = {
+                "expiration": self.expiration.data,
+                "projects": [
+                    {
+                        "project-name": self.token_scope.data,
+                        "version": self.releases.data,
+                    }
+                ],
+            }
         else:
             self.validated_scope = {"scope": "user", "expiration": self.expiration.data}
         return res
-        
 
 
 class DeleteMacaroonForm(forms.Form):
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index c05e5ba9266f..5839220737a5 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -616,7 +616,7 @@ def __init__(self, request):
         self.request = request
         self.user_service = request.find_service(IUserService, context=None)
         self.macaroon_service = request.find_service(IMacaroonService, context=None)
-    
+
     @property
     def project_names(self):
         return [project.normalized_name for project in self.request.user.projects]
@@ -633,7 +633,7 @@ def default_response(self):
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
-                all_projects=self.all_projects
+                all_projects=self.all_projects,
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
                 macaroon_service=self.macaroon_service
@@ -656,7 +656,7 @@ def create_macaroon(self):
             **self.request.POST,
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
-            all_projects=self.all_projects
+            all_projects=self.all_projects,
         )
 
         response = {**self.default_response}

From b5d6f578493616fb2704b4120a44af65b53e022a Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 16:56:38 -0400
Subject: [PATCH 46/96] Removed project_names / changed project_names test to
 all_projects.

---
 tests/unit/manage/test_views.py | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
index 4c0323279b88..dd5841942900 100644
--- a/tests/unit/manage/test_views.py
+++ b/tests/unit/manage/test_views.py
@@ -1464,11 +1464,7 @@ def test_default_response(self, monkeypatch):
         )
         monkeypatch.setattr(views, "DeleteMacaroonForm", delete_macaroon_cls)
 
-        project_names = [pretend.stub()]
         all_projects = [pretend.stub()]
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "project_names", project_names
-        )
         monkeypatch.setattr(views.ProvisionMacaroonViews, "all_projects", all_projects)
 
         request = pretend.stub(
@@ -1482,13 +1478,12 @@ def test_default_response(self, monkeypatch):
         view = views.ProvisionMacaroonViews(request)
 
         assert view.default_response == {
-            "project_names": project_names,
             "all_projects": all_projects,
             "create_macaroon_form": create_macaroon_obj,
             "delete_macaroon_form": delete_macaroon_obj,
         }
 
-    def test_project_names(self, db_request):
+    def test_projects(self, db_request):
         user = UserFactory.create()
         another_user = UserFactory.create()
 
@@ -1521,7 +1516,7 @@ def test_project_names(self, db_request):
         )
 
         view = views.ProvisionMacaroonViews(db_request)
-        assert set(view.project_names) == {"foo", "bar", "baz"}
+        assert set(view.all_projects) == {with_sole_owner, with_multiple_owners, not_an_owner}
 
     def test_manage_macaroons(self, monkeypatch):
         request = pretend.stub(find_service=lambda *a, **kw: pretend.stub())
@@ -1572,11 +1567,7 @@ def test_create_macaroon_invalid_form(self, monkeypatch):
         )
         monkeypatch.setattr(views, "CreateMacaroonForm", create_macaroon_cls)
 
-        project_names = [pretend.stub()]
         all_projects = [pretend.stub()]
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "project_names", project_names
-        )
         monkeypatch.setattr(views.ProvisionMacaroonViews, "all_projects", all_projects)
 
         default_response = {"default": "response"}
@@ -1624,11 +1615,7 @@ def test_create_macaroon(self, monkeypatch):
         )
         monkeypatch.setattr(views, "CreateMacaroonForm", create_macaroon_cls)
 
-        project_names = [pretend.stub()]
         all_projects = [pretend.stub()]
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "project_names", project_names
-        )
         monkeypatch.setattr(views.ProvisionMacaroonViews, "all_projects", all_projects)
 
         default_response = {"default": "response"}
@@ -1709,11 +1696,6 @@ def test_create_macaroon_records_events_for_each_project(self, monkeypatch):
         )
         monkeypatch.setattr(views, "CreateMacaroonForm", create_macaroon_cls)
 
-        project_names = [pretend.stub()]
-        monkeypatch.setattr(
-            views.ProvisionMacaroonViews, "project_names", project_names
-        )
-
         default_response = {"default": "response"}
         monkeypatch.setattr(
             views.ProvisionMacaroonViews, "default_response", default_response

From 8fd501a6ad7a7246c77bb8b1e15615274c340f4e Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 16:59:24 -0400
Subject: [PATCH 47/96] Parsed token_scope to just grab name of project for
 project-name field.

---
 warehouse/manage/forms.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 29756801d8cd..7b86ba628858 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -292,11 +292,12 @@ def validate_expiration(self, field):
     def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
+            name = self.token_scope.data.split(":")[-1] if self.token_scope.data is not None else ''
             self.validated_scope = {
                 "expiration": self.expiration.data,
                 "projects": [
                     {
-                        "project-name": self.token_scope.data,
+                        "project-name": name,
                         "version": self.releases.data,
                     }
                 ],

From 88d19bcd9c7a7f007032df736cf54963e78009d4 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 17:02:38 -0400
Subject: [PATCH 48/96] Removed project_names.

---
 warehouse/manage/views.py | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index d4d54fe9f109..3845d2efe296 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -618,10 +618,6 @@ def __init__(self, request):
         self.user_service = request.find_service(IUserService, context=None)
         self.macaroon_service = request.find_service(IMacaroonService, context=None)
 
-    @property
-    def project_names(self):
-        return [project.normalized_name for project in self.request.user.projects]
-
     @property
     def all_projects(self):
         return [project for project in self.request.user.projects]
@@ -630,7 +626,6 @@ def all_projects(self):
     def default_response(self):
         return {
             "all_projects": self.all_projects,
-            "project_names": self.project_names,
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,

From 98cf8e65d58f74219eaa78cdadcfccef3cff6fea Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 17:05:00 -0400
Subject: [PATCH 49/96] Updated to use all_projects instead of project_names.

---
 warehouse/templates/manage/token.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index e1c13414c335..9368f400dafb 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -101,9 +101,9 @@ <h2>{% trans %}Add another token{% endtrans %}</h2>
         <select name="token_scope" id="token_scope" class="form-group__input" aria-describedby="scope-errors" autocomplete="off">
           <option disabled {{ "" if create_macaroon_form.token_scope.data else "selected" }} value="scope:unspecified">{% trans %}Select scope...{% endtrans %}</option>
           <option value="scope:user">{% trans %}Entire account (all projects){% endtrans %}</option>
-        {% for project in project_names %}
-          {% set project_value = 'scope:project:' + project %}
-          <option value="{{ project_value }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}>{% trans %}Project:{% endtrans %} {{ project }}</option>
+        {% for project in all_projects %}
+          {% set project_value = 'scope:project:' + project.normalized_name %}
+          <option value="{{ project_value }}" {{ "selected" if project_value == create_macaroon_form.token_scope.data else "" }}>{% trans %}Project:{% endtrans %} {{ project.normalized_name }}</option>
         {% endfor %}
         </select>
         <div id="scope-errors">

From a79693888c42a902c7219af092a4e9aca0001d02 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 17:24:47 -0400
Subject: [PATCH 50/96] Removed unused variables / packages.

---
 tests/unit/manage/test_forms.py | 6 +++---
 warehouse/macaroons/caveats.py  | 7 +++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 3d5df7719332..5be8d83da5ed 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -419,7 +419,7 @@ def test_validate_token_scope_invalid_project(self):
 
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
-        release = ReleaseFactory(project=project)
+        ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
@@ -439,7 +439,7 @@ def test_validate_token_scope_valid_project(self, db_request):
 
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
-        release = ReleaseFactory(project=project)
+        ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
@@ -474,7 +474,7 @@ def test_validate_token_scope_invalid_release(self):
 
     def test_validate_token_scope_release_in_use(self, db_request):
         project = Project(name="foo")
-        release = ReleaseFactory(project=project)
+        ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 5779e475f4c5..4311a8b482c8 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -14,12 +14,10 @@
 
 import pymacaroons
 
-from warehouse.packaging.models import Project, Release
+from warehouse.packaging.models import Project
 
 from datetime import datetime
 
-from datetime import timedelta
-
 import pytz
 
 
@@ -50,7 +48,8 @@ def verify_projects(self, projects):
         project = self.verifier.context
 
         for user_proj in projects:
-            if project.normalized_name == user_proj.get("project-name"):
+            if isinstance(user_proj, str): ...
+            if isinstance(user_proj, dict) and project.normalized_name == user_proj.get("project-name"):
                 return True
         raise InvalidMacaroon("project-scoped token matches no projects")
 

From 3b1bc04717aea5bd15950c0bc647a868e2859102 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Wed, 18 Sep 2019 17:46:23 -0400
Subject: [PATCH 51/96] Formatting fixes.

---
 tests/unit/macaroons/test_caveats.py | 10 +++++-----
 tests/unit/manage/test_views.py      |  6 +++++-
 warehouse/macaroons/caveats.py       |  6 ++++--
 warehouse/manage/forms.py            | 13 ++++++-------
 4 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index bbdc1364146e..d6affbee64cf 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -113,7 +113,7 @@ def test_verify_project_no_projects_object(self, db_request):
 
     def test_verify_project(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -132,7 +132,7 @@ def test_verify_project(self, db_request):
 
     def test_verify_releases(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -151,7 +151,7 @@ def test_verify_releases(self, db_request):
 
     def test_verify_release_exists(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -192,7 +192,7 @@ def test_verify_release_missing(self, db_request):
 
     def test_verify_invalid_expiration(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
@@ -226,7 +226,7 @@ def test_verify_expiration(self, db_request):
 
     def test_verify_expired(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() - timedelta(days=1)
diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
index dd5841942900..adc296611e58 100644
--- a/tests/unit/manage/test_views.py
+++ b/tests/unit/manage/test_views.py
@@ -1516,7 +1516,11 @@ def test_projects(self, db_request):
         )
 
         view = views.ProvisionMacaroonViews(db_request)
-        assert set(view.all_projects) == {with_sole_owner, with_multiple_owners, not_an_owner}
+        assert set(view.all_projects) == {
+            with_sole_owner,
+            with_multiple_owners,
+            not_an_owner,
+        }
 
     def test_manage_macaroons(self, monkeypatch):
         request = pretend.stub(find_service=lambda *a, **kw: pretend.stub())
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 4311a8b482c8..73ede60e32de 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -48,8 +48,10 @@ def verify_projects(self, projects):
         project = self.verifier.context
 
         for user_proj in projects:
-            if isinstance(user_proj, str): ...
-            if isinstance(user_proj, dict) and project.normalized_name == user_proj.get("project-name"):
+            # if isinstance(user_proj, str): ...
+            if isinstance(user_proj, dict) and project.normalized_name == user_proj.get(
+                "project-name"
+            ):
                 return True
         raise InvalidMacaroon("project-scoped token matches no projects")
 
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 7b86ba628858..b0aa6b28b372 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -292,15 +292,14 @@ def validate_expiration(self, field):
     def validate(self):
         res = super().validate()
         if not isinstance(self.validated_scope, str):
-            name = self.token_scope.data.split(":")[-1] if self.token_scope.data is not None else ''
+            name = (
+                self.token_scope.data.split(":")[-1]
+                if self.token_scope.data is not None
+                else ""
+            )
             self.validated_scope = {
                 "expiration": self.expiration.data,
-                "projects": [
-                    {
-                        "project-name": name,
-                        "version": self.releases.data,
-                    }
-                ],
+                "projects": [{"project-name": name, "version": self.releases.data}],
             }
         else:
             self.validated_scope = {"scope": "user", "expiration": self.expiration.data}

From e8aeeafe8676bd622666298b4ae5c37da1dc287b Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 19 Sep 2019 11:02:30 -0400
Subject: [PATCH 52/96] Formatting fixes.

---
 tests/unit/macaroons/test_caveats.py | 17 ++++++++---------
 tests/unit/manage/test_forms.py      | 16 +++++++---------
 warehouse/macaroons/caveats.py       |  9 +++------
 warehouse/manage/forms.py            |  7 +++----
 4 files changed, 21 insertions(+), 28 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index bbdc1364146e..f92fb7ae1420 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -12,8 +12,11 @@
 
 import json
 
+from datetime import datetime, timedelta
+
 import pretend
 import pytest
+import pytz
 
 from pymacaroons.exceptions import MacaroonInvalidSignatureException
 
@@ -21,10 +24,6 @@
 
 from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
-from datetime import datetime
-from datetime import timedelta
-import pytz
-
 
 class TestCaveat:
     def test_creation(self):
@@ -113,7 +112,7 @@ def test_verify_project_no_projects_object(self, db_request):
 
     def test_verify_project(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -132,7 +131,7 @@ def test_verify_project(self, db_request):
 
     def test_verify_releases(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -151,7 +150,7 @@ def test_verify_releases(self, db_request):
 
     def test_verify_release_exists(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
@@ -192,7 +191,7 @@ def test_verify_release_missing(self, db_request):
 
     def test_verify_invalid_expiration(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
@@ -226,7 +225,7 @@ def test_verify_expiration(self, db_request):
 
     def test_verify_expired(self, db_request):
         project = ProjectFactory.create(name="foobar")
-        release = ReleaseFactory.create(project=project)
+        ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() - timedelta(days=1)
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 3d5df7719332..ee35737ebdf8 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -10,8 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from datetime import datetime, timedelta
+
 import pretend
 import pytest
+import pytz
 import wtforms
 
 from webob.multidict import MultiDict
@@ -20,15 +23,10 @@
 import warehouse.utils.webauthn as webauthn
 
 from warehouse.manage import forms
+from warehouse.packaging.models import Project
 
 from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
-from datetime import datetime
-from datetime import timedelta
-import pytz
-
-from warehouse.packaging.models import Project
-
 
 class TestCreateRoleForm:
     def test_creation(self):
@@ -419,7 +417,7 @@ def test_validate_token_scope_invalid_project(self):
 
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
-        release = ReleaseFactory(project=project)
+        ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
@@ -439,7 +437,7 @@ def test_validate_token_scope_valid_project(self, db_request):
 
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
-        release = ReleaseFactory(project=project)
+        ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
@@ -474,7 +472,7 @@ def test_validate_token_scope_invalid_release(self):
 
     def test_validate_token_scope_release_in_use(self, db_request):
         project = Project(name="foo")
-        release = ReleaseFactory(project=project)
+        ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
         tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 5779e475f4c5..39d5a096f097 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -12,16 +12,13 @@
 
 import json
 
-import pymacaroons
-
-from warehouse.packaging.models import Project, Release
-
 from datetime import datetime
 
-from datetime import timedelta
-
+import pymacaroons
 import pytz
 
+from warehouse.packaging.models import Project
+
 
 class InvalidMacaroon(Exception):
     ...
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 29756801d8cd..696f222a6f4f 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -12,6 +12,9 @@
 
 import json
 
+from datetime import datetime, timedelta
+
+import pytz
 import wtforms
 
 import warehouse.utils.otp as otp
@@ -26,10 +29,6 @@
     WebAuthnCredentialMixin,
 )
 
-from datetime import datetime
-from datetime import timedelta
-import pytz
-
 
 class RoleNameMixin:
 

From 5a82f8f6af3765aa95d8dfd61a88fa1acb77e148 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 19 Sep 2019 12:01:57 -0400
Subject: [PATCH 53/96] Updated to handle previously created API token.

---
 tests/unit/macaroons/test_caveats.py | 39 ++++++++++++++++++++++++++++
 warehouse/macaroons/caveats.py       | 22 +++++++++-------
 2 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index f92fb7ae1420..4e309150eba3 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -85,6 +85,45 @@ def test_verify_project_invalid_context(self):
         }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
+    
+    def test_verify_invalid_string_project(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        ReleaseFactory.create(project=project)
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "expiration": expiration,
+                "projects": "notfoobar",
+            },
+        }
+        with pytest.raises(InvalidMacaroon):
+            caveat(json.dumps(predicate))
+
+    def test_verify_valid_string_project(self, db_request):
+        project = ProjectFactory.create(name="foobar")
+        ReleaseFactory.create(project=project)
+        verifier = pretend.stub(context=project)
+        caveat = V1Caveat(verifier)
+        d = datetime.now() + timedelta(days=1)
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz_aware = tz.localize(d)
+        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "expiration": expiration,
+                "projects": "foobar",
+            },
+        }
+        assert caveat(json.dumps(predicate)) is True
 
     def test_verify_project_invalid_project_name(self, db_request):
         project = ProjectFactory.create(name="foobar")
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 39d5a096f097..5642a162a8cf 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -46,9 +46,12 @@ def verify_projects(self, projects):
 
         project = self.verifier.context
 
-        for user_proj in projects:
-            if project.normalized_name == user_proj.get("project-name"):
+        if isinstance(projects, str) and project.normalized_name == projects:
                 return True
+        else:
+            for user_proj in projects:
+                if isinstance(user_proj, dict) and project.normalized_name == user_proj.get("project-name"):
+                    return True
         raise InvalidMacaroon("project-scoped token matches no projects")
 
     def verify_releases(self, release):
@@ -99,13 +102,14 @@ def verify(self, predicate):
             raise InvalidMacaroon("invalid projects in predicate")
         else:
             self.verify_projects(projects)
-
-        for project in projects:
-            release = project.get("version")
-            if release is None:
-                raise InvalidMacaroon("invalid release in predicate")
-            else:
-                self.verify_releases(release)
+            
+        if not isinstance(projects, str):
+            for project in projects:
+                release = project.get("version")
+                if release is None:
+                    raise InvalidMacaroon("invalid release in predicate")
+                else:
+                    self.verify_releases(release)
 
         expiration = permissions.get("expiration")
         if expiration is None:

From fd5a5308a66bf5e68a857b3264bf5babbee18a7b Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 19 Sep 2019 12:06:40 -0400
Subject: [PATCH 54/96] Resolved merge conflict.

---
 warehouse/macaroons/caveats.py | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 4db52647a694..5642a162a8cf 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -12,18 +12,9 @@
 
 import json
 
-<<<<<<< HEAD
-import pymacaroons
-
-from warehouse.packaging.models import Project
-
-from datetime import datetime
-
-=======
 from datetime import datetime
 
 import pymacaroons
->>>>>>> tob-6255
 import pytz
 
 from warehouse.packaging.models import Project

From e24510218b692bb8030c79c44d209de42be7d8c1 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 19 Sep 2019 15:07:30 -0400
Subject: [PATCH 55/96] Formatting fixes.

---
 tests/unit/macaroons/test_caveats.py | 12 +++---------
 warehouse/macaroons/caveats.py       |  8 +++++---
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 4e309150eba3..965765552a29 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -85,7 +85,7 @@ def test_verify_project_invalid_context(self):
         }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_invalid_string_project(self, db_request):
         project = ProjectFactory.create(name="foobar")
         ReleaseFactory.create(project=project)
@@ -98,10 +98,7 @@ def test_verify_invalid_string_project(self, db_request):
 
         predicate = {
             "version": 1,
-            "permissions": {
-                "expiration": expiration,
-                "projects": "notfoobar",
-            },
+            "permissions": {"expiration": expiration, "projects": "notfoobar"},
         }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
@@ -118,10 +115,7 @@ def test_verify_valid_string_project(self, db_request):
 
         predicate = {
             "version": 1,
-            "permissions": {
-                "expiration": expiration,
-                "projects": "foobar",
-            },
+            "permissions": {"expiration": expiration, "projects": "foobar"},
         }
         assert caveat(json.dumps(predicate)) is True
 
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 5642a162a8cf..a8a10d328ebb 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -47,10 +47,12 @@ def verify_projects(self, projects):
         project = self.verifier.context
 
         if isinstance(projects, str) and project.normalized_name == projects:
-                return True
+            return True
         else:
             for user_proj in projects:
-                if isinstance(user_proj, dict) and project.normalized_name == user_proj.get("project-name"):
+                if isinstance(
+                    user_proj, dict
+                ) and project.normalized_name == user_proj.get("project-name"):
                     return True
         raise InvalidMacaroon("project-scoped token matches no projects")
 
@@ -102,7 +104,7 @@ def verify(self, predicate):
             raise InvalidMacaroon("invalid projects in predicate")
         else:
             self.verify_projects(projects)
-            
+
         if not isinstance(projects, str):
             for project in projects:
                 release = project.get("version")

From 8d2e44aab15f2bd8029ff92c8c38713f4ccc6004 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 19 Sep 2019 15:11:54 -0400
Subject: [PATCH 56/96] Revert "Black reformatting."

This reverts commit 9a46d0e7d940a302a8f8ad74b4ad3e6911f63b26.
---
 dev/notdatadog.py                    |  11 ++-
 dev/smtp.py                          |  10 ++-
 docs/conf.py                         |   8 +-
 tests/unit/macaroons/test_caveats.py | 117 ++++++++-----------------
 tests/unit/manage/test_forms.py      | 123 ++++++++++-----------------
 warehouse/macaroons/caveats.py       |   9 +-
 warehouse/macaroons/services.py      |   2 +-
 warehouse/manage/forms.py            |  27 +++---
 warehouse/manage/views.py            |   6 +-
 9 files changed, 123 insertions(+), 190 deletions(-)

diff --git a/dev/notdatadog.py b/dev/notdatadog.py
index 3b5acfe7a700..c8901c543217 100644
--- a/dev/notdatadog.py
+++ b/dev/notdatadog.py
@@ -16,10 +16,11 @@
 
 
 class AsyncoreSocketUDP(asyncore.dispatcher):
-    def __init__(self, host="127.0.0.1", port=8125):
+
+    def __init__(self, host='127.0.0.1', port=8125):
         asyncore.dispatcher.__init__(self)
         self.create_socket(socket.AF_INET, socket.SOCK_DGRAM)
-        print(f"Listening on udp {host}:{port}")
+        print(f'Listening on udp {host}:{port}')
         self.bind((host, port))
 
     def handle_connect(self):
@@ -36,7 +37,9 @@ def writable(self):
         return False
 
 
-if __name__ == "__main__":
+if __name__ == '__main__':
     options = smtpd.parseargs()
-    AsyncoreSocketUDP(options.localhost, options.localport)
+    AsyncoreSocketUDP(
+        options.localhost, options.localport,
+    )
     asyncore.loop()
diff --git a/dev/smtp.py b/dev/smtp.py
index 685546700c94..bfdcf4670ca2 100644
--- a/dev/smtp.py
+++ b/dev/smtp.py
@@ -16,15 +16,17 @@
 
 
 class DebuggingServer(smtpd.SMTPServer):
+
     def process_message(self, peer, mailfrom, rcpttos, data, **kwargs):
-        print("---------- MESSAGE FOLLOWS ----------")
+        print('---------- MESSAGE FOLLOWS ----------')
         print(quopri.decodestring(data).decode())
-        print("------------ END MESSAGE ------------")
+        print('------------ END MESSAGE ------------')
 
 
-if __name__ == "__main__":
+if __name__ == '__main__':
     options = smtpd.parseargs()
     DebuggingServer(
-        (options.localhost, options.localport), (options.remotehost, options.remoteport)
+        (options.localhost, options.localport),
+        (options.remotehost, options.remoteport),
     )
     asyncore.loop()
diff --git a/docs/conf.py b/docs/conf.py
index 279819b171df..0927cff07ec1 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -28,7 +28,11 @@
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
-extensions = ["sphinx.ext.doctest", "sphinx.ext.todo", "sphinxcontrib.httpdomain"]
+extensions = [
+    "sphinx.ext.doctest",
+    "sphinx.ext.todo",
+    "sphinxcontrib.httpdomain",
+]
 
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ["_templates"]
@@ -62,7 +66,7 @@
     html_theme = "default"
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = "Warehousedoc"
+htmlhelp_basename = 'Warehousedoc'
 
 # Enable display of todos
 todo_include_todos = True
diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 965765552a29..c4c3d19316a3 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -57,16 +57,13 @@ def test_verify_valid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        predicate = {
-            "permissions": {"scope": "user", "expiration": expiration},
-            "version": 1,
-        }
+        predicate = {"permissions": {"scope": "user", "expiration": expiration}, "version": 1}
 
         assert caveat(json.dumps(predicate)) is True
-
+    
     def test_verify_user_invalid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
@@ -79,10 +76,8 @@ def test_verify_project_invalid_context(self):
         verifier = pretend.stub(context=pretend.stub())
         caveat = V1Caveat(verifier)
 
-        predicate = {
-            "version": 1,
-            "permissions": {"projects": [{"project-name": "notfoobar"}]},
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "notfoobar"}]}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -124,10 +119,8 @@ def test_verify_project_invalid_project_name(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {
-            "version": 1,
-            "permissions": {"projects": [{"project-name": "notfoobar"}]},
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "notfoobar"}]}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -149,36 +142,26 @@ def test_verify_project(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "expiration": expiration,
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"expiration": expiration, "projects": [{"project-name": "foobar", "version": "1.0"}]}}
         assert caveat(json.dumps(predicate)) is True
-
+    
     def test_verify_releases(self, db_request):
         project = ProjectFactory.create(name="foobar")
         ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": expiration,
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], "expiration": expiration}}
         assert caveat(json.dumps(predicate)) is True
 
     def test_verify_release_exists(self, db_request):
@@ -187,38 +170,27 @@ def test_verify_release_exists(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [
-                    {"project-name": "foobar", "version": project.latest_version[0]}
-                ],
-                "expiration": expiration,
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": project.latest_version[0]}],
+            "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-
+    
     def test_verify_release_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar"}],
-                "expiration": expiration,
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar"}], "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -228,32 +200,24 @@ def test_verify_invalid_expiration(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": "notanexpiration",
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name":"foobar", "version": "1.0"}], 
+            "expiration": "notanexpiration"}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-
+    
     def test_verify_expiration(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": expiration,
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
+            "expiration": expiration}}
         assert caveat(json.dumps(predicate)) is True
 
     def test_verify_expired(self, db_request):
@@ -262,33 +226,26 @@ def test_verify_expired(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": expiration,
-            },
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
+            "expiration": expiration}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-
+    
     def test_verify_expiration_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {
-            "version": 1,
-            "permissions": {"projects": [{"project-name": "foobar", "version": "1.0"}]},
-        }
+        predicate = {"version": 1, "permissions": 
+            {"projects": [{"project-name": "foobar", "version": "1.0"}]}}
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
-
 class TestVerifier:
     def test_creation(self):
         macaroon = pretend.stub()
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index ee35737ebdf8..657ed36aff5a 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -337,7 +337,7 @@ def test_creation(self):
         form = forms.CreateMacaroonForm(
             user_id=user_id,
             macaroon_service=macaroon_service,
-            all_projects=all_projects,
+            all_projects=all_projects
         )
 
         assert form.user_id is user_id
@@ -349,7 +349,7 @@ def test_validate_description_missing(self):
             data={"token_scope": "scope:user"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(),
-            all_projects=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -362,7 +362,7 @@ def test_validate_description_in_use(self):
             macaroon_service=pretend.stub(
                 get_macaroon_by_description=lambda *a: pretend.stub()
             ),
-            all_projects=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -373,7 +373,7 @@ def test_validate_token_scope_missing(self):
             data={"description": "dummy"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -384,7 +384,7 @@ def test_validate_token_scope_unspecified(self):
             data={"description": "dummy", "token_scope": "scope:unspecified"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -398,7 +398,7 @@ def test_validate_token_scope_invalid_format(self, scope):
             data={"description": "dummy", "token_scope": scope},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub(),
+            all_projects=pretend.stub()
         )
 
         assert not form.validate()
@@ -409,99 +409,83 @@ def test_validate_token_scope_invalid_project(self):
             data={"description": "dummy", "token_scope": "scope:project:foo"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
+            all_projects=[]
         )
 
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
-
+    
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
         ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo", 
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project],
+            all_projects=[project]
         )
         assert form.validate()
-
+    
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
         ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foobar",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foobar", 
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project],
+            all_projects=[project]
         )
         assert not form.validate()
 
     def test_validate_token_scope_invalid_release(self):
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "AA.BB.CC",
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "AA.BB.CC"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
+            all_projects=[]
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
+    
 
     def test_validate_token_scope_release_in_use(self, db_request):
         project = Project(name="foo")
         ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": project.latest_version[0],
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": project.latest_version[0], "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project],
+            all_projects=[project]
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
 
+
     def test_validate_expiration_missing(self):
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
+            all_projects=[]
         )
 
         assert not form.validate()
@@ -509,69 +493,52 @@ def test_validate_expiration_missing(self):
 
     def test_validate_invalid_expiration(self):
         d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
+            all_projects=[]
         )
 
         assert not form.validate()
-        assert (
-            form.expiration.errors.pop() == "Expiration must be after the current time"
-        )
-
+        assert form.expiration.errors.pop() == "Expiration must be after the current time"
+    
     def test_validate_long_expiration(self):
         d = datetime.now() + timedelta(days=366)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo",
+                "releases": "1.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
+            all_projects=[]
         )
 
         assert not form.validate()
-        assert (
-            form.expiration.errors.pop() == "Expiration cannot be greater than one year"
-        )
+        assert form.expiration.errors.pop() == "Expiration cannot be greater than one year"
 
-    # once js is figured out would have to disable releases
+    #once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:user",
-                "releases": "0.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:user",
+                "releases": "0.0", "expiration": expiration},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
+            all_projects=[]
         )
 
         assert form.validate()
 
-
 class TestDeleteMacaroonForm:
     def test_creation(self):
         macaroon_service = pretend.stub()
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index a8a10d328ebb..130103886f83 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -34,7 +34,6 @@ def verify(self, predicate):
     def __call__(self, predicate):
         return self.verify(predicate)
 
-
 class V1Caveat(Caveat):
     def verify_projects(self, projects):
         # First, ensure that we're actually operating in
@@ -55,7 +54,7 @@ def verify_projects(self, projects):
                 ) and project.normalized_name == user_proj.get("project-name"):
                     return True
         raise InvalidMacaroon("project-scoped token matches no projects")
-
+    
     def verify_releases(self, release):
         project = self.verifier.context
 
@@ -63,7 +62,7 @@ def verify_releases(self, release):
             if release == version[0]:
                 raise InvalidMacaroon("release already exists")
         return True
-
+    
     def verify_expiration(self, expiration):
         try:
             expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
@@ -71,7 +70,7 @@ def verify_expiration(self, expiration):
             raise InvalidMacaroon("invalid expiration")
 
         d = datetime.now()
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
         if expiration_aware < tz_aware:
@@ -136,4 +135,4 @@ def verify(self, key):
         try:
             return self.verifier.verify(self.macaroon, key)
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
-            raise InvalidMacaroon("invalid macaroon signature")
+            raise InvalidMacaroon("invalid macaroon signature")
\ No newline at end of file
diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index 0fff949ade55..f95c831695f4 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -167,4 +167,4 @@ def get_macaroon_by_description(self, user_id, description):
 
 
 def database_macaroon_factory(context, request):
-    return DatabaseMacaroonService(request.db)
+    return DatabaseMacaroonService(request.db)
\ No newline at end of file
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 632247abf97d..4457ce8ca384 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -189,7 +189,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "releases", "expiration"]
+    __params__ = ["description", "token_scope", "releases", "expiration",]
 
     def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
@@ -216,7 +216,9 @@ def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
     )
 
     expiration = wtforms.DateTimeField(
-        validators=[wtforms.validators.DataRequired(message="Specify the expiration")]
+        validators=[
+            wtforms.validators.DataRequired(message="Specify the expiration"),
+        ]
     )
 
     def validate_description(self, field):
@@ -253,9 +255,11 @@ def validate_token_scope(self, field):
         for project in self.all_projects:
             if scope_value == project.normalized_name:
                 return
-        raise wtforms.ValidationError(f"Unknown or invalid project name: {scope_value}")
+        raise wtforms.ValidationError(
+            f"Unknown or invalid project name: {scope_value}"
+        )
 
-    def validate_releases(self, field):
+    def validate_releases(self,field):
         release = field.data
         try:
             releases = release.split(".")
@@ -268,24 +272,20 @@ def validate_releases(self, field):
             for version in project.all_versions:
                 if version[0] == release:
                     raise wtforms.validators.ValidationError("Invalid release")
-
+        
     def validate_expiration(self, field):
         expiration = field.data
         expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
         d = datetime.now()
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
 
         if expiration_aware > tz_aware + timedelta(days=365):
-            raise wtforms.validators.ValidationError(
-                "Expiration cannot be greater than one year"
-            )
+            raise wtforms.validators.ValidationError("Expiration cannot be greater than one year")
         if expiration_aware < tz_aware:
-            raise wtforms.validators.ValidationError(
-                "Expiration must be after the current time"
-            )
-
+            raise wtforms.validators.ValidationError("Expiration must be after the current time")
+        
         expiration = datetime.strftime(expiration, "%Y-%m-%dT%H:%M")
 
     def validate(self):
@@ -303,6 +303,7 @@ def validate(self):
         else:
             self.validated_scope = {"scope": "user", "expiration": self.expiration.data}
         return res
+        
 
 
 class DeleteMacaroonForm(forms.Form):
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 3845d2efe296..6e8e94addbc8 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -617,7 +617,7 @@ def __init__(self, request):
         self.request = request
         self.user_service = request.find_service(IUserService, context=None)
         self.macaroon_service = request.find_service(IMacaroonService, context=None)
-
+    
     @property
     def all_projects(self):
         return [project for project in self.request.user.projects]
@@ -629,7 +629,7 @@ def default_response(self):
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
-                all_projects=self.all_projects,
+                all_projects=self.all_projects
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
                 macaroon_service=self.macaroon_service
@@ -652,7 +652,7 @@ def create_macaroon(self):
             **self.request.POST,
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
-            all_projects=self.all_projects,
+            all_projects=self.all_projects
         )
 
         response = {**self.default_response}

From 92e51cf63babcd9c36b7eaf4f7f7fba3dc549f78 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 19 Sep 2019 15:20:19 -0400
Subject: [PATCH 57/96] Refixed formatting.

---
 tests/unit/macaroons/test_caveats.py | 117 +++++++++++++++++--------
 tests/unit/manage/test_forms.py      | 123 +++++++++++++++++----------
 warehouse/macaroons/caveats.py       |   9 +-
 warehouse/macaroons/services.py      |   2 +-
 warehouse/manage/forms.py            |  27 +++---
 warehouse/manage/views.py            |   6 +-
 6 files changed, 180 insertions(+), 104 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index c4c3d19316a3..965765552a29 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -57,13 +57,16 @@ def test_verify_valid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        predicate = {"permissions": {"scope": "user", "expiration": expiration}, "version": 1}
+        predicate = {
+            "permissions": {"scope": "user", "expiration": expiration},
+            "version": 1,
+        }
 
         assert caveat(json.dumps(predicate)) is True
-    
+
     def test_verify_user_invalid_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
@@ -76,8 +79,10 @@ def test_verify_project_invalid_context(self):
         verifier = pretend.stub(context=pretend.stub())
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "notfoobar"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {"projects": [{"project-name": "notfoobar"}]},
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -119,8 +124,10 @@ def test_verify_project_invalid_project_name(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "notfoobar"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {"projects": [{"project-name": "notfoobar"}]},
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -142,26 +149,36 @@ def test_verify_project(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"expiration": expiration, "projects": [{"project-name": "foobar", "version": "1.0"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "expiration": expiration,
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+            },
+        }
         assert caveat(json.dumps(predicate)) is True
-    
+
     def test_verify_releases(self, db_request):
         project = ProjectFactory.create(name="foobar")
         ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": expiration,
+            },
+        }
         assert caveat(json.dumps(predicate)) is True
 
     def test_verify_release_exists(self, db_request):
@@ -170,27 +187,38 @@ def test_verify_release_exists(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": project.latest_version[0]}],
-            "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [
+                    {"project-name": "foobar", "version": project.latest_version[0]}
+                ],
+                "expiration": expiration,
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_release_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar"}], "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar"}],
+                "expiration": expiration,
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
@@ -200,24 +228,32 @@ def test_verify_invalid_expiration(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name":"foobar", "version": "1.0"}], 
-            "expiration": "notanexpiration"}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": "notanexpiration",
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_expiration(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
-            "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": expiration,
+            },
+        }
         assert caveat(json.dumps(predicate)) is True
 
     def test_verify_expired(self, db_request):
@@ -226,26 +262,33 @@ def test_verify_expired(self, db_request):
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
         d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}], 
-            "expiration": expiration}}
+        predicate = {
+            "version": 1,
+            "permissions": {
+                "projects": [{"project-name": "foobar", "version": "1.0"}],
+                "expiration": expiration,
+            },
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
-    
+
     def test_verify_expiration_missing(self, db_request):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
 
-        predicate = {"version": 1, "permissions": 
-            {"projects": [{"project-name": "foobar", "version": "1.0"}]}}
+        predicate = {
+            "version": 1,
+            "permissions": {"projects": [{"project-name": "foobar", "version": "1.0"}]},
+        }
         with pytest.raises(InvalidMacaroon):
             caveat(json.dumps(predicate))
 
+
 class TestVerifier:
     def test_creation(self):
         macaroon = pretend.stub()
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 657ed36aff5a..ee35737ebdf8 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -337,7 +337,7 @@ def test_creation(self):
         form = forms.CreateMacaroonForm(
             user_id=user_id,
             macaroon_service=macaroon_service,
-            all_projects=all_projects
+            all_projects=all_projects,
         )
 
         assert form.user_id is user_id
@@ -349,7 +349,7 @@ def test_validate_description_missing(self):
             data={"token_scope": "scope:user"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -362,7 +362,7 @@ def test_validate_description_in_use(self):
             macaroon_service=pretend.stub(
                 get_macaroon_by_description=lambda *a: pretend.stub()
             ),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -373,7 +373,7 @@ def test_validate_token_scope_missing(self):
             data={"description": "dummy"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -384,7 +384,7 @@ def test_validate_token_scope_unspecified(self):
             data={"description": "dummy", "token_scope": "scope:unspecified"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -398,7 +398,7 @@ def test_validate_token_scope_invalid_format(self, scope):
             data={"description": "dummy", "token_scope": scope},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=pretend.stub()
+            all_projects=pretend.stub(),
         )
 
         assert not form.validate()
@@ -409,83 +409,99 @@ def test_validate_token_scope_invalid_project(self):
             data={"description": "dummy", "token_scope": "scope:project:foo"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
-    
+
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
         ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo", 
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
+            all_projects=[project],
         )
         assert form.validate()
-    
+
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
         ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foobar", 
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foobar",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
+            all_projects=[project],
         )
         assert not form.validate()
 
     def test_validate_token_scope_invalid_release(self):
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "AA.BB.CC"},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "AA.BB.CC",
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
-    
 
     def test_validate_token_scope_release_in_use(self, db_request):
         project = Project(name="foo")
         ReleaseFactory.create(project=project)
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": project.latest_version[0], "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": project.latest_version[0],
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[project]
+            all_projects=[project],
         )
 
         assert not form.validate()
         assert form.releases.errors.pop() == "Invalid release"
 
-
     def test_validate_expiration_missing(self):
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0"},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
@@ -493,52 +509,69 @@ def test_validate_expiration_missing(self):
 
     def test_validate_invalid_expiration(self):
         d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
-        assert form.expiration.errors.pop() == "Expiration must be after the current time"
-    
+        assert (
+            form.expiration.errors.pop() == "Expiration must be after the current time"
+        )
+
     def test_validate_long_expiration(self):
         d = datetime.now() + timedelta(days=366)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:project:foo",
-                "releases": "1.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "releases": "1.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert not form.validate()
-        assert form.expiration.errors.pop() == "Expiration cannot be greater than one year"
+        assert (
+            form.expiration.errors.pop() == "Expiration cannot be greater than one year"
+        )
 
-    #once js is figured out would have to disable releases
+    # once js is figured out would have to disable releases
     def test_validate_token_scope_valid_user(self):
         d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={"description": "dummy", "token_scope": "scope:user",
-                "releases": "0.0", "expiration": expiration},
+            data={
+                "description": "dummy",
+                "token_scope": "scope:user",
+                "releases": "0.0",
+                "expiration": expiration,
+            },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[]
+            all_projects=[],
         )
 
         assert form.validate()
 
+
 class TestDeleteMacaroonForm:
     def test_creation(self):
         macaroon_service = pretend.stub()
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 130103886f83..a8a10d328ebb 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -34,6 +34,7 @@ def verify(self, predicate):
     def __call__(self, predicate):
         return self.verify(predicate)
 
+
 class V1Caveat(Caveat):
     def verify_projects(self, projects):
         # First, ensure that we're actually operating in
@@ -54,7 +55,7 @@ def verify_projects(self, projects):
                 ) and project.normalized_name == user_proj.get("project-name"):
                     return True
         raise InvalidMacaroon("project-scoped token matches no projects")
-    
+
     def verify_releases(self, release):
         project = self.verifier.context
 
@@ -62,7 +63,7 @@ def verify_releases(self, release):
             if release == version[0]:
                 raise InvalidMacaroon("release already exists")
         return True
-    
+
     def verify_expiration(self, expiration):
         try:
             expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
@@ -70,7 +71,7 @@ def verify_expiration(self, expiration):
             raise InvalidMacaroon("invalid expiration")
 
         d = datetime.now()
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
         if expiration_aware < tz_aware:
@@ -135,4 +136,4 @@ def verify(self, key):
         try:
             return self.verifier.verify(self.macaroon, key)
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
-            raise InvalidMacaroon("invalid macaroon signature")
\ No newline at end of file
+            raise InvalidMacaroon("invalid macaroon signature")
diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index f95c831695f4..0fff949ade55 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -167,4 +167,4 @@ def get_macaroon_by_description(self, user_id, description):
 
 
 def database_macaroon_factory(context, request):
-    return DatabaseMacaroonService(request.db)
\ No newline at end of file
+    return DatabaseMacaroonService(request.db)
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 4457ce8ca384..632247abf97d 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -189,7 +189,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "releases", "expiration",]
+    __params__ = ["description", "token_scope", "releases", "expiration"]
 
     def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
@@ -216,9 +216,7 @@ def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
     )
 
     expiration = wtforms.DateTimeField(
-        validators=[
-            wtforms.validators.DataRequired(message="Specify the expiration"),
-        ]
+        validators=[wtforms.validators.DataRequired(message="Specify the expiration")]
     )
 
     def validate_description(self, field):
@@ -255,11 +253,9 @@ def validate_token_scope(self, field):
         for project in self.all_projects:
             if scope_value == project.normalized_name:
                 return
-        raise wtforms.ValidationError(
-            f"Unknown or invalid project name: {scope_value}"
-        )
+        raise wtforms.ValidationError(f"Unknown or invalid project name: {scope_value}")
 
-    def validate_releases(self,field):
+    def validate_releases(self, field):
         release = field.data
         try:
             releases = release.split(".")
@@ -272,20 +268,24 @@ def validate_releases(self,field):
             for version in project.all_versions:
                 if version[0] == release:
                     raise wtforms.validators.ValidationError("Invalid release")
-        
+
     def validate_expiration(self, field):
         expiration = field.data
         expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
         d = datetime.now()
-        tz = pytz.timezone('GMT') # GMT for POC, ideally would be user's local timezone
+        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
         tz_aware = tz.localize(d)
         expiration_aware = tz.localize(expiration)
 
         if expiration_aware > tz_aware + timedelta(days=365):
-            raise wtforms.validators.ValidationError("Expiration cannot be greater than one year")
+            raise wtforms.validators.ValidationError(
+                "Expiration cannot be greater than one year"
+            )
         if expiration_aware < tz_aware:
-            raise wtforms.validators.ValidationError("Expiration must be after the current time")
-        
+            raise wtforms.validators.ValidationError(
+                "Expiration must be after the current time"
+            )
+
         expiration = datetime.strftime(expiration, "%Y-%m-%dT%H:%M")
 
     def validate(self):
@@ -303,7 +303,6 @@ def validate(self):
         else:
             self.validated_scope = {"scope": "user", "expiration": self.expiration.data}
         return res
-        
 
 
 class DeleteMacaroonForm(forms.Form):
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index 6e8e94addbc8..3845d2efe296 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -617,7 +617,7 @@ def __init__(self, request):
         self.request = request
         self.user_service = request.find_service(IUserService, context=None)
         self.macaroon_service = request.find_service(IMacaroonService, context=None)
-    
+
     @property
     def all_projects(self):
         return [project for project in self.request.user.projects]
@@ -629,7 +629,7 @@ def default_response(self):
             "create_macaroon_form": CreateMacaroonForm(
                 user_id=self.request.user.id,
                 macaroon_service=self.macaroon_service,
-                all_projects=self.all_projects
+                all_projects=self.all_projects,
             ),
             "delete_macaroon_form": DeleteMacaroonForm(
                 macaroon_service=self.macaroon_service
@@ -652,7 +652,7 @@ def create_macaroon(self):
             **self.request.POST,
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
-            all_projects=self.all_projects
+            all_projects=self.all_projects,
         )
 
         response = {**self.default_response}

From 989a1db4712aa3478a2603fd3779fc26f438a394 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Fri, 20 Sep 2019 17:30:28 -0400
Subject: [PATCH 58/96] warehouse: Refactor new caveats into a V2 format

---
 warehouse/macaroons/caveats.py          | 121 ++++++++++++++----------
 warehouse/manage/forms.py               | 101 ++++++++++----------
 warehouse/manage/views.py               |   5 +-
 warehouse/static/js/warehouse/index.js  |   9 +-
 warehouse/templates/manage/account.html |   3 +-
 warehouse/templates/manage/token.html   |  11 ++-
 6 files changed, 136 insertions(+), 114 deletions(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index a8a10d328ebb..3dfbdd5280d5 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -12,10 +12,9 @@
 
 import json
 
-from datetime import datetime
+from datetime import datetime, timezone
 
 import pymacaroons
-import pytz
 
 from warehouse.packaging.models import Project
 
@@ -45,18 +44,38 @@ def verify_projects(self, projects):
             )
 
         project = self.verifier.context
+        if project.normalized_name in projects:
+            return True
+
+        raise InvalidMacaroon("project-scoped token matches no projects")
+
+    def verify(self, predicate):
+        permissions = predicate.get("permissions")
+        if permissions is None:
+            raise InvalidMacaroon("invalid permissions in predicate")
 
-        if isinstance(projects, str) and project.normalized_name == projects:
+        if permissions == "user":
+            # User-scoped tokens behave exactly like a user's normal credentials.
             return True
+
+        projects = permissions.get("projects")
+        if projects is None:
+            raise InvalidMacaroon("invalid projects in predicate")
         else:
-            for user_proj in projects:
-                if isinstance(
-                    user_proj, dict
-                ) and project.normalized_name == user_proj.get("project-name"):
-                    return True
-        raise InvalidMacaroon("project-scoped token matches no projects")
+            self.verify_projects(projects)
 
-    def verify_releases(self, release):
+        return True
+
+
+class V2Caveat(Caveat):
+    def verify_expiration(self, expiration):
+        now = int(datetime.now(tz=timezone.utc))
+        if expiration < now:
+            raise InvalidMacaroon("token has expired")
+
+        return True
+
+    def verify_release(self, release):
         project = self.verifier.context
 
         for version in project.all_versions:
@@ -64,39 +83,36 @@ def verify_releases(self, release):
                 raise InvalidMacaroon("release already exists")
         return True
 
-    def verify_expiration(self, expiration):
-        try:
-            expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
-        except ValueError:
-            raise InvalidMacaroon("invalid expiration")
+    def verify_projects(self, projects):
+        # First, ensure that we're actually operating in
+        # the context of a package.
+        if not isinstance(self.verifier.context, Project):
+            raise InvalidMacaroon(
+                "project-scoped token used outside of a project context"
+            )
 
-        d = datetime.now()
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration_aware = tz.localize(expiration)
-        if expiration_aware < tz_aware:
-            raise InvalidMacaroon("time has expired")
+        project = self.verifier.context
 
-        return True
+        for proj in projects:
+            if proj["name"] == project.normalized_name:
+                release = proj.get("release")
+                if release is not None:
+                    self.verify_release(release)
+                return True
 
-    def verify(self, predicate):
-        try:
-            data = json.loads(predicate)
-        except ValueError:
-            raise InvalidMacaroon(f"malformatted predicate {predicate}")
+        raise InvalidMacaroon("project-scoped token matches no projects")
 
-        if data.get("version") != 1:
-            raise InvalidMacaroon("invalid version in predicate")
+    def verify(self, predicate):
+        expiration = predicate.get("expiration")
+        if expiration is not None:
+            self.verify_expiration(expiration)
 
-        permissions = data.get("permissions")
+        permissions = predicate.get("permissions")
         if permissions is None:
             raise InvalidMacaroon("invalid permissions in predicate")
 
-        if permissions.get("scope") == "user":
-            if permissions.get("expiration") is None:
-                raise InvalidMacaroon("invalid expiration in predicate")
-            else:
-                self.verify_expiration(permissions.get("expiration"))
+        if permissions == "user":
+            # User-scoped tokens behave exactly like a user's normal credentials.
             return True
 
         projects = permissions.get("projects")
@@ -105,21 +121,28 @@ def verify(self, predicate):
         else:
             self.verify_projects(projects)
 
-        if not isinstance(projects, str):
-            for project in projects:
-                release = project.get("version")
-                if release is None:
-                    raise InvalidMacaroon("invalid release in predicate")
-                else:
-                    self.verify_releases(release)
-
-        expiration = permissions.get("expiration")
-        if expiration is None:
-            raise InvalidMacaroon("invalid expiration in predicate")
+        return True
+
+
+class TopLevelCaveat(Caveat):
+    def verify(self, predicate):
+        try:
+            data = json.loads(predicate)
+        except ValueError:
+            raise InvalidMacaroon("malformed predicate")
+
+        version = data.get("version")
+        if version is None:
+            raise InvalidMacaroon("malformed version")
+
+        if version == 1:
+            caveat_verifier = V1Caveat(self.verifier)
+        elif version == 2:
+            caveat_verifier = V2Caveat(self.verifier)
         else:
-            self.verify_expiration(expiration)
+            raise InvalidMacaroon("invalid version")
 
-        return True
+        caveat_verifier.verify(data)
 
 
 class Verifier:
@@ -131,7 +154,7 @@ def __init__(self, macaroon, context, principals, permission):
         self.verifier = pymacaroons.Verifier()
 
     def verify(self, key):
-        self.verifier.satisfy_general(V1Caveat(self))
+        self.verifier.satisfy_general(TopLevelCaveat(self))
 
         try:
             return self.verifier.verify(self.macaroon, key)
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 632247abf97d..7cab9b4f29b9 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -12,9 +12,9 @@
 
 import json
 
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 
-import pytz
+import packaging
 import wtforms
 
 import warehouse.utils.otp as otp
@@ -189,14 +189,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "releases", "expiration"]
-
-    def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.user_id = user_id
-        self.macaroon_service = macaroon_service
-        self.all_projects = all_projects
-        self.validated_scope = None
+    __params__ = ["description", "token_scope", "expiration"]
 
     description = wtforms.StringField(
         validators=[
@@ -207,17 +200,23 @@ def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
         ]
     )
 
+    project_version = wtforms.StringField()
+
     token_scope = wtforms.StringField(
         validators=[wtforms.validators.DataRequired(message="Specify the token scope")]
     )
 
-    releases = wtforms.StringField(
-        validators=[wtforms.validators.DataRequired(message="Specify the release")]
-    )
+    expiration = wtforms.DateTimeField()
 
-    expiration = wtforms.DateTimeField(
-        validators=[wtforms.validators.DataRequired(message="Specify the expiration")]
-    )
+    def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.user_id = user_id
+        self.macaroon_service = macaroon_service
+        self.all_projects = all_projects
+        self.validated_expiration = None
+        self.validated_project_version = None
+        self.validated_scope = None
+        self.validated_caveats = None
 
     def validate_description(self, field):
         description = field.data
@@ -228,6 +227,15 @@ def validate_description(self, field):
         ):
             raise wtforms.validators.ValidationError("API token name already in use")
 
+    def validate_project_version(self, field):
+        if not field.data:
+            return
+
+        version = packaging.version.parse(field.data)
+        if not isinstance(version, packaging.version.Version):
+            raise wtforms.validators.ValidationError("Invalid version format")
+        self.validated_project_version = str(version)
+
     def validate_token_scope(self, field):
         scope = field.data
 
@@ -250,58 +258,51 @@ def validate_token_scope(self, field):
 
         if scope_kind != "project":
             raise wtforms.ValidationError(f"Unknown token scope: {scope}")
+
+        self.validated_scope = {"projects": []}
         for project in self.all_projects:
             if scope_value == project.normalized_name:
+                project_scope = {"name": scope_value}
+                all_versions = [version[0] for version in project.all_versions]
+                if self.validated_project_version:
+                    if self.validated_project_version in all_versions:
+                        raise wtforms.validators.ValidationError(
+                            "Release already exists"
+                        )
+                    project_scope["version"] = self.validated_project_version
+                self.validated_scope["projects"].append(project_scope)
                 return
+
         raise wtforms.ValidationError(f"Unknown or invalid project name: {scope_value}")
 
-    def validate_releases(self, field):
-        release = field.data
+    def validate_expiration(self, field):
+        if not field.data:
+            return
+
         try:
-            releases = release.split(".")
-            for val in releases:
-                int(val)
+            expiration = datetime.strptime(field.data, "%Y-%m-%dT%H:%M")
         except ValueError:
-            raise wtforms.validators.ValidationError("Invalid release")
-
-        for project in self.all_projects:
-            for version in project.all_versions:
-                if version[0] == release:
-                    raise wtforms.validators.ValidationError("Invalid release")
+            raise wtforms.validators.ValidationError("Malformatted date")
 
-    def validate_expiration(self, field):
-        expiration = field.data
-        expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
-        d = datetime.now()
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration_aware = tz.localize(expiration)
-
-        if expiration_aware > tz_aware + timedelta(days=365):
+        expiration = expiration.astimezone(timezone.utc)
+        now = datetime.now(tz=timezone.utc)
+        if expiration > now + timedelta(days=365):
             raise wtforms.validators.ValidationError(
                 "Expiration cannot be greater than one year"
             )
-        if expiration_aware < tz_aware:
+        if expiration < now:
             raise wtforms.validators.ValidationError(
                 "Expiration must be after the current time"
             )
 
-        expiration = datetime.strftime(expiration, "%Y-%m-%dT%H:%M")
+        self.validated_expiration = int(expiration.timestamp())
 
     def validate(self):
         res = super().validate()
-        if not isinstance(self.validated_scope, str):
-            name = (
-                self.token_scope.data.split(":")[-1]
-                if self.token_scope.data is not None
-                else ""
-            )
-            self.validated_scope = {
-                "expiration": self.expiration.data,
-                "projects": [{"project-name": name, "version": self.releases.data}],
-            }
-        else:
-            self.validated_scope = {"scope": "user", "expiration": self.expiration.data}
+
+        self.validated_caveats = {"version": 2, "permissions": self.validated_scope}
+        if self.validated_expiration is not None:
+            self.validated_caveats["expiration"] = self.validated_expiration
         return res
 
 
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index f52bbab71546..cc8ba4d30cd6 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -661,12 +661,11 @@ def create_macaroon(self):
 
         response = {**self.default_response}
         if form.validate():
-            macaroon_caveats = {"permissions": form.validated_scope, "version": 1}
             serialized_macaroon, macaroon = self.macaroon_service.create_macaroon(
                 location=self.request.domain,
                 user_id=self.request.user.id,
                 description=form.description.data,
-                caveats=macaroon_caveats,
+                caveats=form.validated_caveats,
             )
             self.user_service.record_event(
                 self.request.user.id,
@@ -674,7 +673,7 @@ def create_macaroon(self):
                 ip_address=self.request.remote_addr,
                 additional={
                     "description": form.description.data,
-                    "caveats": macaroon_caveats,
+                    "caveats": form.validated_caveats,
                 },
             )
             if "projects" in form.validated_scope:
diff --git a/warehouse/static/js/warehouse/index.js b/warehouse/static/js/warehouse/index.js
index a518d1cc08e5..492f67249047 100644
--- a/warehouse/static/js/warehouse/index.js
+++ b/warehouse/static/js/warehouse/index.js
@@ -240,16 +240,13 @@ docReady(() => {
 
   tokenSelect.addEventListener("change", () => {
     const tokenScopeWarning = document.getElementById("api-token-scope-warning");
-    const releaseHidden = document.getElementById("release-group");
-    if (tokenScopeWarning === null) {
-      return;
-    }
-    if (releaseHidden === null) {
+    const releaseHidden = document.getElementById("project-release");
+    if (tokenScopeWarning === null || releaseHidden === null) {
       return;
     }
     const tokenScope = tokenSelect.options[tokenSelect.selectedIndex].value;
     tokenScopeWarning.hidden = (tokenScope !== "scope:user");
-    releaseHidden.hidden = (tokenScope === "scope:user");
+    releaseHidden.hidden = !(tokenScope.startsWith("scope:project"));
   });
 });
 
diff --git a/warehouse/templates/manage/account.html b/warehouse/templates/manage/account.html
index 177eaed6fa9e..2d7a2ca27745 100644
--- a/warehouse/templates/manage/account.html
+++ b/warehouse/templates/manage/account.html
@@ -166,7 +166,8 @@
       {% trans %}All projects{% endtrans %}
       {% else %}
         {% for project in macaroon.caveats.get("permissions")['projects'] %}
-        <a href="{{ request.route_path('packaging.project', name=project) }}">{{ project }}</a>
+        {% set project_name = project["name"] if project is mapping else project %}
+        <a href="{{ request.route_path('packaging.project', name=project_name) }}">{{ project_name }}</a>
         {% endfor %}
       {% endif %}
     </td>
diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 9368f400dafb..052c626c42a8 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -34,7 +34,7 @@ <h2>{% trans macaroon_description=macaroon.description %}Token for "{{ macaroon_
       {% if macaroon.caveats.permissions == "user" %}
       <strong>{% trans %}Scope:{% endtrans %}</strong> {% trans %}Entire account (all projects){% endtrans %}
       {% else %}
-      <strong>{% trans %}Scope:{% endtrans %}</strong> {% trans project=macaroon.caveats.permissions.projects[0]["project-name"].split(":")[-1] %}Project "{{ project }}"{% endtrans %}
+      <strong>{% trans %}Scope:{% endtrans %}</strong> {% trans project=macaroon.caveats.permissions.projects[0]["name"] %}Project "{{ project }}"{% endtrans %}
       {% endif %}
     </p>
     <p>{% trans href='/help#apitoken' %}For instructions on how to use this token, <a href="{{ href }}">visit the PyPI help page</a>.{% endtrans %}</p>
@@ -115,16 +115,17 @@ <h3 class="callout-block__heading">{% trans %}Proceed with caution!{% endtrans %
         <p>{% trans %}An API token scoped to your entire account will have upload permissions for all of your projects.{% endtrans %}</p>
       </div>
 
-      <div class="form-group" id="release-group">
+      {% set token_scope = create_macaroon_form.token_scope.data %}
+      <div class="form-group" id="project-release" {{ "" if token_scope and token_scope.startswith("scope:project") else "hidden" }}>
         <label for="release" class="form-group__label">
           Release
-          {% if create_macaroon_form.releases.flags.required %}
+          {% if create_macaroon_form.project_version.flags.required %}
           <span class="form-group__required">(required)</span>
           {% endif %}
         </label>
-        <input type="text" name="releases" id="releases" class="form-group__input" aria-describedby="token-name-errors description-help-text" value="{{ create_macaroon_form.releases.data or ""}}">
+        <input type="text" name="project_version" id="project_version" class="form-group__input" aria-describedby="token-name-errors description-help-text" value="{{ create_macaroon_form.project_version.data or ""}}">
         <div id="token-name-errors">
-          {{ field_errors(create_macaroon_form.releases) }}
+          {{ field_errors(create_macaroon_form.project_version) }}
         </div>
       </div>
 

From 94a3ac380ef6bca08da67b1360b55b1d73eb327e Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 10:13:32 -0400
Subject: [PATCH 59/96] tests: Began updating caveats tests

---
 tests/unit/macaroons/test_caveats.py | 437 ++++++++++++++-------------
 1 file changed, 230 insertions(+), 207 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 965765552a29..18c4410dc848 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -20,7 +20,14 @@
 
 from pymacaroons.exceptions import MacaroonInvalidSignatureException
 
-from warehouse.macaroons.caveats import Caveat, InvalidMacaroon, V1Caveat, Verifier
+from warehouse.macaroons.caveats import (
+    Caveat,
+    InvalidMacaroon,
+    TopLevelCaveat,
+    V1Caveat,
+    V2Caveat,
+    Verifier,
+)
 
 from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
@@ -39,97 +46,113 @@ def test_creation(self):
 
 class TestV1Caveat:
     @pytest.mark.parametrize(
-        ["predicate", "result"],
+        ["predicate", "verifies"],
         [
             ("invalid json", False),
+            ("", False),
+            ("{}", False),
+            ('{"version": 1, "permissions": "user"}', True),
+            ('{"version": 1}', False),
+            ('{"version": 2, "permissions": "user"}', True),
             ('{"version": 2}', False),
-            ('{"permissions": null, "version": 1}', False),
+            ('{"version": 3}', False),
         ],
     )
-    def test_verify_invalid_predicates(self, predicate, result):
+    def test_verify_toplevel_caveat(self, monkeypatch, predicate, verifies):
         verifier = pretend.stub()
-        caveat = V1Caveat(verifier)
+        caveat = TopLevelCaveat(verifier)
 
-        with pytest.raises(InvalidMacaroon):
-            caveat(predicate)
+        if not verifies:
+            with pytest.raises(InvalidMacaroon):
+                caveat(predicate)
 
-    def test_verify_valid_predicate(self):
+    @pytest.mark.parametrize(
+        "predicate",
+        [{}, {"permissions": None}, {"permissions": {"projects": None}}],
+    )
+    def test_verify_invalid_v1_predicates(self, predicate):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        predicate = {
-            "permissions": {"scope": "user", "expiration": expiration},
-            "version": 1,
-        }
 
-        assert caveat(json.dumps(predicate)) is True
+        with pytest.raises(InvalidMacaroon):
+            caveat(predicate)
 
-    def test_verify_user_invalid_predicate(self):
+    def test_verify_valid_v1_predicate(self):
         verifier = pretend.stub()
         caveat = V1Caveat(verifier)
-        predicate = {"permissions": {"scope": "user"}, "version": 1}
+        predicate = {"permissions": "user", "version": 1}
 
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
+        caveat(predicate)
 
-    def test_verify_project_invalid_context(self):
+    @pytest.mark.parametrize(
+        "predicate",
+        [
+            {"version": 1, "permissions": {"projects": ["notfoobar"]}},
+            {"version": 2, "permissions": {"projects": [{"name": "notfoobar"}]}},
+        ],
+    )
+    def test_verify_project_invalid_context(self, predicate):
         verifier = pretend.stub(context=pretend.stub())
-        caveat = V1Caveat(verifier)
 
-        predicate = {
-            "version": 1,
-            "permissions": {"projects": [{"project-name": "notfoobar"}]},
-        }
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
+        if predicate["version"] == 1:
+            caveat = V1Caveat(verifier)
+        else:
+            caveat = V2Caveat(verifier)
 
-    def test_verify_invalid_string_project(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        ReleaseFactory.create(project=project)
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {"expiration": expiration, "projects": "notfoobar"},
-        }
         with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-
-    def test_verify_valid_string_project(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        ReleaseFactory.create(project=project)
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+            caveat(predicate)
 
-        predicate = {
-            "version": 1,
-            "permissions": {"expiration": expiration, "projects": "foobar"},
-        }
-        assert caveat(json.dumps(predicate)) is True
+    # def test_verify_invalid_string_project(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     ReleaseFactory.create(project=project)
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() + timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {"expiration": expiration, "projects": "notfoobar"},
+    #     }
+    #     with pytest.raises(InvalidMacaroon):
+    #         caveat(json.dumps(predicate))
+
+    # def test_verify_valid_string_project(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     ReleaseFactory.create(project=project)
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() + timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {"expiration": expiration, "projects": "foobar"},
+    #     }
+    #     assert caveat(json.dumps(predicate)) is True
 
-    def test_verify_project_invalid_project_name(self, db_request):
+    @pytest.mark.parametrize(
+        "predicate",
+        [
+            {"version": 1, "permissions": {"projects": ["notfoobar"]}},
+            {"version": 2, "permissions": {"projects": [{"name": "notfoobar"}]}},
+        ],
+    )
+    def test_verify_project_invalid_project_name(self, db_request, predicate):
         project = ProjectFactory.create(name="foobar")
         verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
 
-        predicate = {
-            "version": 1,
-            "permissions": {"projects": [{"project-name": "notfoobar"}]},
-        }
+        if predicate["version"] == 1:
+            caveat = V1Caveat(verifier)
+        else:
+            caveat = V2Caveat(verifier)
+
         with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
+            caveat(predicate)
 
     def test_verify_project_no_projects_object(self, db_request):
         project = ProjectFactory.create(name="foobar")
@@ -141,152 +164,152 @@ def test_verify_project_no_projects_object(self, db_request):
             "permissions": {"somethingthatisntprojects": ["blah"]},
         }
         with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-
-    def test_verify_project(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        ReleaseFactory.create(project=project)
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "expiration": expiration,
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-            },
-        }
-        assert caveat(json.dumps(predicate)) is True
-
-    def test_verify_releases(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        ReleaseFactory.create(project=project)
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": expiration,
-            },
-        }
-        assert caveat(json.dumps(predicate)) is True
-
-    def test_verify_release_exists(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        ReleaseFactory.create(project=project)
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [
-                    {"project-name": "foobar", "version": project.latest_version[0]}
-                ],
-                "expiration": expiration,
-            },
-        }
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-
-    def test_verify_release_missing(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar"}],
-                "expiration": expiration,
-            },
-        }
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-
-    def test_verify_invalid_expiration(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        ReleaseFactory.create(project=project)
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": "notanexpiration",
-            },
-        }
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
-
-    def test_verify_expiration(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": expiration,
-            },
-        }
-        assert caveat(json.dumps(predicate)) is True
+            caveat(predicate)
 
-    def test_verify_expired(self, db_request):
+    @pytest.mark.parametrize(
+        "predicate",
+        [
+            {"version": 1, "permissions": {"projects": ["foobar"]}},
+            {"version": 2, "permissions": {"projects": [{"name": "foobar"}]}},
+        ],
+    )
+    def test_verify_project(self, db_request, predicate):
         project = ProjectFactory.create(name="foobar")
         ReleaseFactory.create(project=project)
         verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-        d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-        predicate = {
-            "version": 1,
-            "permissions": {
-                "projects": [{"project-name": "foobar", "version": "1.0"}],
-                "expiration": expiration,
-            },
-        }
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
 
-    def test_verify_expiration_missing(self, db_request):
-        project = ProjectFactory.create(name="foobar")
-        verifier = pretend.stub(context=project)
-        caveat = V1Caveat(verifier)
-
-        predicate = {
-            "version": 1,
-            "permissions": {"projects": [{"project-name": "foobar", "version": "1.0"}]},
-        }
-        with pytest.raises(InvalidMacaroon):
-            caveat(json.dumps(predicate))
+        if predicate["version"] == 1:
+            caveat = V1Caveat(verifier)
+        else:
+            caveat = V2Caveat(verifier)
+
+        assert caveat(predicate) is True
+
+    # def test_verify_releases(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     ReleaseFactory.create(project=project)
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() + timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {
+    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
+    #             "expiration": expiration,
+    #         },
+    #     }
+    #     assert caveat(json.dumps(predicate)) is True
+
+    # def test_verify_release_exists(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     ReleaseFactory.create(project=project)
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() + timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {
+    #             "projects": [
+    #                 {"project-name": "foobar", "version": project.latest_version[0]}
+    #             ],
+    #             "expiration": expiration,
+    #         },
+    #     }
+    #     with pytest.raises(InvalidMacaroon):
+    #         caveat(json.dumps(predicate))
+
+    # def test_verify_release_missing(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() + timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {
+    #             "projects": [{"project-name": "foobar"}],
+    #             "expiration": expiration,
+    #         },
+    #     }
+    #     with pytest.raises(InvalidMacaroon):
+    #         caveat(json.dumps(predicate))
+
+    # def test_verify_invalid_expiration(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     ReleaseFactory.create(project=project)
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {
+    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
+    #             "expiration": "notanexpiration",
+    #         },
+    #     }
+    #     with pytest.raises(InvalidMacaroon):
+    #         caveat(json.dumps(predicate))
+
+    # def test_verify_expiration(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() + timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {
+    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
+    #             "expiration": expiration,
+    #         },
+    #     }
+    #     assert caveat(json.dumps(predicate)) is True
+
+    # def test_verify_expired(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     ReleaseFactory.create(project=project)
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+    #     d = datetime.now() - timedelta(days=1)
+    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
+    #     tz_aware = tz.localize(d)
+    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {
+    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
+    #             "expiration": expiration,
+    #         },
+    #     }
+    #     with pytest.raises(InvalidMacaroon):
+    #         caveat(json.dumps(predicate))
+
+    # def test_verify_expiration_missing(self, db_request):
+    #     project = ProjectFactory.create(name="foobar")
+    #     verifier = pretend.stub(context=project)
+    #     caveat = V1Caveat(verifier)
+
+    #     predicate = {
+    #         "version": 1,
+    #         "permissions": {"projects": [{"project-name": "foobar", "version": "1.0"}]},
+    #     }
+    #     with pytest.raises(InvalidMacaroon):
+    #         caveat(json.dumps(predicate))
 
 
 class TestVerifier:

From 40773f6a5880dfe2bc6d4eaf63bca2a811b7eb2a Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 11:48:00 -0400
Subject: [PATCH 60/96] tests: Update manage/forms

---
 tests/unit/manage/test_forms.py | 118 +++-----------------------------
 1 file changed, 9 insertions(+), 109 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index c8530b69f077..2d6a8c9954a4 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -418,17 +418,8 @@ def test_validate_token_scope_invalid_project(self):
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
         ReleaseFactory.create(project=project)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foo"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             all_projects=[project],
@@ -437,30 +428,23 @@ def test_validate_token_scope_valid_project(self, db_request):
 
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
-        ReleaseFactory.create(project=project)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foobar",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
+            data={"description": "dummy", "token_scope": "scope:project:foobar"},
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
             all_projects=[project],
         )
         assert not form.validate()
+        assert (
+            form.token_scope.errors.pop() == "Unknown or invalid project name: foobar"
+        )
 
     def test_validate_token_scope_invalid_release(self):
         form = forms.CreateMacaroonForm(
             data={
                 "description": "dummy",
                 "token_scope": "scope:project:foo",
-                "releases": "AA.BB.CC",
+                "project_version": "AA.BB.CC",
             },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
@@ -468,21 +452,16 @@ def test_validate_token_scope_invalid_release(self):
         )
 
         assert not form.validate()
-        assert form.releases.errors.pop() == "Invalid release"
+        assert form.project_version.errors.pop() == "Invalid version format"
 
     def test_validate_token_scope_release_in_use(self, db_request):
         project = Project(name="foo")
         ReleaseFactory.create(project=project)
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
         form = forms.CreateMacaroonForm(
             data={
                 "description": "dummy",
                 "token_scope": "scope:project:foo",
-                "releases": project.latest_version[0],
-                "expiration": expiration,
+                "project_version": project.latest_version[0],
             },
             user_id=pretend.stub(),
             macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
@@ -490,86 +469,7 @@ def test_validate_token_scope_release_in_use(self, db_request):
         )
 
         assert not form.validate()
-        assert form.releases.errors.pop() == "Invalid release"
-
-    def test_validate_expiration_missing(self):
-        form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-            },
-            user_id=pretend.stub(),
-            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
-        )
-
-        assert not form.validate()
-        assert form.expiration.errors.pop() == "Specify the expiration"
-
-    def test_validate_invalid_expiration(self):
-        d = datetime.now() - timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
-            user_id=pretend.stub(),
-            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
-        )
-
-        assert not form.validate()
-        assert (
-            form.expiration.errors.pop() == "Expiration must be after the current time"
-        )
-
-    def test_validate_long_expiration(self):
-        d = datetime.now() + timedelta(days=366)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:project:foo",
-                "releases": "1.0",
-                "expiration": expiration,
-            },
-            user_id=pretend.stub(),
-            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
-        )
-
-        assert not form.validate()
-        assert (
-            form.expiration.errors.pop() == "Expiration cannot be greater than one year"
-        )
-
-    # once js is figured out would have to disable releases
-    def test_validate_token_scope_valid_user(self):
-        d = datetime.now() + timedelta(days=1)
-        tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-        tz_aware = tz.localize(d)
-        expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-        form = forms.CreateMacaroonForm(
-            data={
-                "description": "dummy",
-                "token_scope": "scope:user",
-                "releases": "0.0",
-                "expiration": expiration,
-            },
-            user_id=pretend.stub(),
-            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
-            all_projects=[],
-        )
-
-        assert form.validate()
+        assert form.token_scope.errors.pop() == "Release already exists"
 
 
 class TestDeleteMacaroonForm:

From d59901199d08307eb3c94c0aa0986a46bcfcc1f7 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 13:20:40 -0400
Subject: [PATCH 61/96] warehouse: Fix event recording for projects

---
 warehouse/manage/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
index cc8ba4d30cd6..d6f278559c71 100644
--- a/warehouse/manage/views.py
+++ b/warehouse/manage/views.py
@@ -676,11 +676,14 @@ def create_macaroon(self):
                     "caveats": form.validated_caveats,
                 },
             )
-            if "projects" in form.validated_scope:
+
+            permissions = form.validated_caveats["permissions"]
+            if "projects" in permissions:
+                project_names = [project["name"] for project in permissions["projects"]]
                 projects = [
                     project
                     for project in self.request.user.projects
-                    if project.normalized_name in form.validated_scope["projects"]
+                    if project.normalized_name in project_names
                 ]
                 for project in projects:
                     # NOTE: We don't disclose the full caveats for this token

From 7bee8e7f999b1c6b0235cf73744e7f67082d3ed6 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 13:20:52 -0400
Subject: [PATCH 62/96] tests: Fix manage/views tests

---
 tests/unit/manage/test_views.py | 27 +++++++++------------------
 1 file changed, 9 insertions(+), 18 deletions(-)

diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
index adc296611e58..3cca82b6a036 100644
--- a/tests/unit/manage/test_views.py
+++ b/tests/unit/manage/test_views.py
@@ -1612,7 +1612,7 @@ def test_create_macaroon(self, monkeypatch):
         create_macaroon_obj = pretend.stub(
             validate=lambda: True,
             description=pretend.stub(data=pretend.stub()),
-            validated_scope="foobar",
+            validated_caveats={"version": 2, "permissions": "user"},
         )
         create_macaroon_cls = pretend.call_recorder(
             lambda *a, **kw: create_macaroon_obj
@@ -1635,10 +1635,7 @@ def test_create_macaroon(self, monkeypatch):
                 location=request.domain,
                 user_id=request.user.id,
                 description=create_macaroon_obj.description.data,
-                caveats={
-                    "permissions": create_macaroon_obj.validated_scope,
-                    "version": 1,
-                },
+                caveats=create_macaroon_obj.validated_caveats,
             )
         ]
         assert result == {
@@ -1654,10 +1651,7 @@ def test_create_macaroon(self, monkeypatch):
                 ip_address=request.remote_addr,
                 additional={
                     "description": create_macaroon_obj.description.data,
-                    "caveats": {
-                        "permissions": create_macaroon_obj.validated_scope,
-                        "version": 1,
-                    },
+                    "caveats": create_macaroon_obj.validated_caveats,
                 },
             )
         ]
@@ -1693,7 +1687,10 @@ def test_create_macaroon_records_events_for_each_project(self, monkeypatch):
         create_macaroon_obj = pretend.stub(
             validate=lambda: True,
             description=pretend.stub(data=pretend.stub()),
-            validated_scope={"projects": ["foo", "bar"]},
+            validated_caveats={
+                "version": 2,
+                "permissions": {"projects": [{"name": "foo"}, {"name": "bar"}]},
+            },
         )
         create_macaroon_cls = pretend.call_recorder(
             lambda *a, **kw: create_macaroon_obj
@@ -1713,10 +1710,7 @@ def test_create_macaroon_records_events_for_each_project(self, monkeypatch):
                 location=request.domain,
                 user_id=request.user.id,
                 description=create_macaroon_obj.description.data,
-                caveats={
-                    "permissions": create_macaroon_obj.validated_scope,
-                    "version": 1,
-                },
+                caveats=create_macaroon_obj.validated_caveats,
             )
         ]
         assert result == {
@@ -1732,10 +1726,7 @@ def test_create_macaroon_records_events_for_each_project(self, monkeypatch):
                 ip_address=request.remote_addr,
                 additional={
                     "description": create_macaroon_obj.description.data,
-                    "caveats": {
-                        "permissions": create_macaroon_obj.validated_scope,
-                        "version": 1,
-                    },
+                    "caveats": create_macaroon_obj.validated_caveats,
                 },
             ),
             pretend.call(

From 51effcb4404edb818449b1993e26f52807cc388b Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 14:03:18 -0400
Subject: [PATCH 63/96] warehouse: Fix timestamp, return verify result

---
 tests/unit/macaroons/test_caveats.py | 43 ++++++++++++++++++++++------
 warehouse/macaroons/caveats.py       |  4 +--
 2 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 18c4410dc848..2defd8dc7fc1 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -10,13 +10,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import json
-
-from datetime import datetime, timedelta
+from datetime import datetime, timezone
 
 import pretend
 import pytest
-import pytz
 
 from pymacaroons.exceptions import MacaroonInvalidSignatureException
 
@@ -67,8 +64,7 @@ def test_verify_toplevel_caveat(self, monkeypatch, predicate, verifies):
                 caveat(predicate)
 
     @pytest.mark.parametrize(
-        "predicate",
-        [{}, {"permissions": None}, {"permissions": {"projects": None}}],
+        "predicate", [{}, {"permissions": None}, {"permissions": {"projects": None}}]
     )
     def test_verify_invalid_v1_predicates(self, predicate):
         verifier = pretend.stub()
@@ -77,10 +73,17 @@ def test_verify_invalid_v1_predicates(self, predicate):
         with pytest.raises(InvalidMacaroon):
             caveat(predicate)
 
-    def test_verify_valid_v1_predicate(self):
-        verifier = pretend.stub()
+    @pytest.mark.parametrize(
+        "predicate",
+        [
+            {"version": 1, "permissions": {"projects": ["foobar"]}},
+            {"version": 1, "permissions": "user"},
+        ],
+    )
+    def test_verify_valid_v1_predicates(self, db_request, predicate):
+        project = ProjectFactory.create(name="foobar")
+        verifier = pretend.stub(context=project)
         caveat = V1Caveat(verifier)
-        predicate = {"permissions": "user", "version": 1}
 
         caveat(predicate)
 
@@ -102,6 +105,28 @@ def test_verify_project_invalid_context(self, predicate):
         with pytest.raises(InvalidMacaroon):
             caveat(predicate)
 
+    @pytest.mark.parametrize(
+        ["predicate", "valid"],
+        [
+            ({"version": 2, "expiration": 0, "permissions": "user"}, False),
+            (
+                {
+                    "version": 2,
+                    "expiration": int(datetime.now(tz=timezone.utc)) + 120,
+                    "permissions": "user",
+                },
+                True,
+            ),
+        ],
+    )
+    def test_verify_v2_caveat_expiration(self, predicate, valid):
+        verifier = pretend.stub()
+        caveat = V2Caveat(verifier)
+
+        if not valid:
+            with pytest.raises(InvalidMacaroon):
+                caveat(predicate)
+
     # def test_verify_invalid_string_project(self, db_request):
     #     project = ProjectFactory.create(name="foobar")
     #     ReleaseFactory.create(project=project)
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 3dfbdd5280d5..35adfc99bf4d 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -69,7 +69,7 @@ def verify(self, predicate):
 
 class V2Caveat(Caveat):
     def verify_expiration(self, expiration):
-        now = int(datetime.now(tz=timezone.utc))
+        now = int(datetime.now(tz=timezone.utc).timestamp())
         if expiration < now:
             raise InvalidMacaroon("token has expired")
 
@@ -142,7 +142,7 @@ def verify(self, predicate):
         else:
             raise InvalidMacaroon("invalid version")
 
-        caveat_verifier.verify(data)
+        return caveat_verifier.verify(data)
 
 
 class Verifier:

From 6fa808ddd4d103779f88f5e9955e7459ebe67c7a Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 14:03:54 -0400
Subject: [PATCH 64/96] tests: Update macaroon caveats tests

---
 tests/unit/macaroons/test_caveats.py | 220 +++++++--------------------
 1 file changed, 58 insertions(+), 162 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 2defd8dc7fc1..0fd2b31aec65 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -43,7 +43,7 @@ def test_creation(self):
 
 class TestV1Caveat:
     @pytest.mark.parametrize(
-        ["predicate", "verifies"],
+        ["predicate", "valid"],
         [
             ("invalid json", False),
             ("", False),
@@ -55,13 +55,15 @@ class TestV1Caveat:
             ('{"version": 3}', False),
         ],
     )
-    def test_verify_toplevel_caveat(self, monkeypatch, predicate, verifies):
+    def test_verify_toplevel_caveat(self, monkeypatch, predicate, valid):
         verifier = pretend.stub()
         caveat = TopLevelCaveat(verifier)
 
-        if not verifies:
+        if not valid:
             with pytest.raises(InvalidMacaroon):
                 caveat(predicate)
+        else:
+            assert caveat(predicate)
 
     @pytest.mark.parametrize(
         "predicate", [{}, {"permissions": None}, {"permissions": {"projects": None}}]
@@ -112,7 +114,7 @@ def test_verify_project_invalid_context(self, predicate):
             (
                 {
                     "version": 2,
-                    "expiration": int(datetime.now(tz=timezone.utc)) + 120,
+                    "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 120,
                     "permissions": "user",
                 },
                 True,
@@ -126,39 +128,59 @@ def test_verify_v2_caveat_expiration(self, predicate, valid):
         if not valid:
             with pytest.raises(InvalidMacaroon):
                 caveat(predicate)
+        else:
+            assert caveat(predicate)
+
+    @pytest.mark.parametrize(
+        ["predicate", "valid"],
+        [
+            (
+                {
+                    "version": 2,
+                    "permissions": {"projects": [{"name": "foo", "release": "1.0.0"}]},
+                },
+                False,
+            ),
+            (
+                {
+                    "version": 2,
+                    "permissions": {"projects": [{"name": "foo", "release": "1.0.1"}]},
+                },
+                True,
+            ),
+        ],
+    )
+    def test_verify_v2_caveat_release(self, db_request, predicate, valid):
+        project = ProjectFactory.create(name="foo")
+        ReleaseFactory.create(project=project, version="1.0.0")
+
+        verifier = pretend.stub(context=project)
+        caveat = V2Caveat(verifier)
+
+        if not valid:
+            with pytest.raises(InvalidMacaroon):
+                caveat(predicate)
+        else:
+            assert caveat(predicate)
 
-    # def test_verify_invalid_string_project(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     ReleaseFactory.create(project=project)
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() + timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {"expiration": expiration, "projects": "notfoobar"},
-    #     }
-    #     with pytest.raises(InvalidMacaroon):
-    #         caveat(json.dumps(predicate))
-
-    # def test_verify_valid_string_project(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     ReleaseFactory.create(project=project)
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() + timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {"expiration": expiration, "projects": "foobar"},
-    #     }
-    #     assert caveat(json.dumps(predicate)) is True
+    @pytest.mark.parametrize(
+        ["predicate", "valid"],
+        [
+            ({"version": 2, "permissions": {"projects": [{"name": "foo"}]}}, False),
+            ({"version": 2, "permissions": {}}, False),
+            ({"version": 2, "permissions": {"projects": [{"name": "bar"}]}}, True),
+        ],
+    )
+    def test_verify_v2_caveat_project(self, db_request, predicate, valid):
+        project = ProjectFactory.create(name="bar")
+        verifier = pretend.stub(context=project)
+        caveat = V2Caveat(verifier)
+
+        if not valid:
+            with pytest.raises(InvalidMacaroon):
+                caveat(predicate)
+        else:
+            assert caveat(predicate)
 
     @pytest.mark.parametrize(
         "predicate",
@@ -210,132 +232,6 @@ def test_verify_project(self, db_request, predicate):
 
         assert caveat(predicate) is True
 
-    # def test_verify_releases(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     ReleaseFactory.create(project=project)
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() + timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {
-    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
-    #             "expiration": expiration,
-    #         },
-    #     }
-    #     assert caveat(json.dumps(predicate)) is True
-
-    # def test_verify_release_exists(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     ReleaseFactory.create(project=project)
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() + timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {
-    #             "projects": [
-    #                 {"project-name": "foobar", "version": project.latest_version[0]}
-    #             ],
-    #             "expiration": expiration,
-    #         },
-    #     }
-    #     with pytest.raises(InvalidMacaroon):
-    #         caveat(json.dumps(predicate))
-
-    # def test_verify_release_missing(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() + timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {
-    #             "projects": [{"project-name": "foobar"}],
-    #             "expiration": expiration,
-    #         },
-    #     }
-    #     with pytest.raises(InvalidMacaroon):
-    #         caveat(json.dumps(predicate))
-
-    # def test_verify_invalid_expiration(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     ReleaseFactory.create(project=project)
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {
-    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
-    #             "expiration": "notanexpiration",
-    #         },
-    #     }
-    #     with pytest.raises(InvalidMacaroon):
-    #         caveat(json.dumps(predicate))
-
-    # def test_verify_expiration(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() + timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {
-    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
-    #             "expiration": expiration,
-    #         },
-    #     }
-    #     assert caveat(json.dumps(predicate)) is True
-
-    # def test_verify_expired(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     ReleaseFactory.create(project=project)
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-    #     d = datetime.now() - timedelta(days=1)
-    #     tz = pytz.timezone("GMT")  # GMT for POC, ideally would be user's local timezone
-    #     tz_aware = tz.localize(d)
-    #     expiration = datetime.strftime(tz_aware, "%Y-%m-%dT%H:%M")
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {
-    #             "projects": [{"project-name": "foobar", "version": "1.0"}],
-    #             "expiration": expiration,
-    #         },
-    #     }
-    #     with pytest.raises(InvalidMacaroon):
-    #         caveat(json.dumps(predicate))
-
-    # def test_verify_expiration_missing(self, db_request):
-    #     project = ProjectFactory.create(name="foobar")
-    #     verifier = pretend.stub(context=project)
-    #     caveat = V1Caveat(verifier)
-
-    #     predicate = {
-    #         "version": 1,
-    #         "permissions": {"projects": [{"project-name": "foobar", "version": "1.0"}]},
-    #     }
-    #     with pytest.raises(InvalidMacaroon):
-    #         caveat(json.dumps(predicate))
-
 
 class TestVerifier:
     def test_creation(self):

From 5b504e5e07049bac4f7c7f03a777256e47f422e0 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 15:59:37 -0400
Subject: [PATCH 65/96] tests: Fill in caveats, manage/forms tests

---
 tests/unit/macaroons/test_caveats.py |  2 +-
 tests/unit/manage/test_forms.py      | 46 ++++++++++++++++++++++++++--
 2 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 0fd2b31aec65..7cf33cd615af 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -114,7 +114,7 @@ def test_verify_project_invalid_context(self, predicate):
             (
                 {
                     "version": 2,
-                    "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 120,
+                    "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 3600,
                     "permissions": "user",
                 },
                 True,
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 2d6a8c9954a4..1a8d5e7b8c0c 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -10,11 +10,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 
 import pretend
 import pytest
-import pytz
 import wtforms
 
 from webob.multidict import MultiDict
@@ -417,7 +416,6 @@ def test_validate_token_scope_invalid_project(self):
 
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
-        ReleaseFactory.create(project=project)
         form = forms.CreateMacaroonForm(
             data={"description": "dummy", "token_scope": "scope:project:foo"},
             user_id=pretend.stub(),
@@ -426,6 +424,21 @@ def test_validate_token_scope_valid_project(self, db_request):
         )
         assert form.validate()
 
+    def test_validate_token_scope_valid_project_and_version(self, db_request):
+        project = ProjectFactory(name="foo")
+        ReleaseFactory.create(project=project, version="1.0.0")
+        form = forms.CreateMacaroonForm(
+            data={
+                "description": "dummy",
+                "token_scope": "scope:project:foo",
+                "project_version": "1.0.1",
+            },
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=[project],
+        )
+        assert form.validate()
+
     def test_validate_token_scope_not_in_projects(self, db_request):
         project = ProjectFactory(name="foo")
         form = forms.CreateMacaroonForm(
@@ -471,6 +484,33 @@ def test_validate_token_scope_release_in_use(self, db_request):
         assert not form.validate()
         assert form.token_scope.errors.pop() == "Release already exists"
 
+    @pytest.mark.parametrize(
+        ["expiration", "valid"],
+        [
+            ("invalid date", False),
+            ((datetime.now() - timedelta(hours=1)).strftime("%Y-%m-%dT%H:%M"), False),
+            ((datetime.now() + timedelta(days=366)).strftime("%Y-%m-%dT%H:%M"), False),
+            ((datetime.now() + timedelta(hours=1)).strftime("%Y-%m-%dT%H:%M"), True),
+        ],
+    )
+    def test_validate_expiration(self, expiration, valid):
+        form = forms.CreateMacaroonForm(
+            data={
+                "description": "dummy",
+                "token_scope": "scope:user",
+                "expiration": expiration,
+            },
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=pretend.stub(),
+        )
+
+        assert form.validate() == valid
+        if valid:
+            expiration = datetime.strptime(expiration, "%Y-%m-%dT%H:%M")
+            expiration = expiration.astimezone(timezone.utc)
+            assert form.validated_caveats["expiration"] == int(expiration.timestamp())
+
 
 class TestDeleteMacaroonForm:
     def test_creation(self):

From 4a0eb02a8384d7465eb93f538fd17c9e7089e640 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 23 Sep 2019 18:16:51 -0400
Subject: [PATCH 66/96] warehouse, test: Fix wrong key for version

---
 tests/unit/macaroons/test_caveats.py |  4 ++--
 warehouse/macaroons/caveats.py       | 15 +++++++--------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 7cf33cd615af..73eff36930ad 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -137,14 +137,14 @@ def test_verify_v2_caveat_expiration(self, predicate, valid):
             (
                 {
                     "version": 2,
-                    "permissions": {"projects": [{"name": "foo", "release": "1.0.0"}]},
+                    "permissions": {"projects": [{"name": "foo", "version": "1.0.0"}]},
                 },
                 False,
             ),
             (
                 {
                     "version": 2,
-                    "permissions": {"projects": [{"name": "foo", "release": "1.0.1"}]},
+                    "permissions": {"projects": [{"name": "foo", "version": "1.0.1"}]},
                 },
                 True,
             ),
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 35adfc99bf4d..30643c0f4e2c 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -75,11 +75,11 @@ def verify_expiration(self, expiration):
 
         return True
 
-    def verify_release(self, release):
+    def verify_version(self, version):
         project = self.verifier.context
 
-        for version in project.all_versions:
-            if release == version[0]:
+        for extant_version in project.all_versions:
+            if version == extant_version[0]:
                 raise InvalidMacaroon("release already exists")
         return True
 
@@ -95,9 +95,9 @@ def verify_projects(self, projects):
 
         for proj in projects:
             if proj["name"] == project.normalized_name:
-                release = proj.get("release")
-                if release is not None:
-                    self.verify_release(release)
+                version = proj.get("version")
+                if version is not None:
+                    self.verify_version(version)
                 return True
 
         raise InvalidMacaroon("project-scoped token matches no projects")
@@ -118,8 +118,7 @@ def verify(self, predicate):
         projects = permissions.get("projects")
         if projects is None:
             raise InvalidMacaroon("invalid projects in predicate")
-        else:
-            self.verify_projects(projects)
+        self.verify_projects(projects)
 
         return True
 

From 8d3e66e7ab1610c1534af8732e9aa373e897361c Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 10:50:28 -0400
Subject: [PATCH 67/96] Added functionality for cornice REST api for upload
 tokens.

---
 warehouse/macaroons/api.py | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 warehouse/macaroons/api.py

diff --git a/warehouse/macaroons/api.py b/warehouse/macaroons/api.py
new file mode 100644
index 000000000000..cea3deeb8db1
--- /dev/null
+++ b/warehouse/macaroons/api.py
@@ -0,0 +1,41 @@
+from collections import defaultdict
+
+from pyramid.httpexceptions import HTTPForbidden
+from pyramid.view import view_config
+
+from cornice import Service
+
+import os
+import binascii
+
+from pyramid.httpexceptions import HTTPUnauthorized, HTTPBadRequest
+from warehouse.macaroons.caveats import InvalidMacaroon
+from warehouse.macaroons.interfaces import IMacaroonService
+
+tokens = Service(name='token',
+                path='test_token/{master_key}/{description}/{scope}/{version}/{expiration}',
+                description='Create new api tokens for project uploads.')
+
+
+@tokens.post(validators=[valid_master,valid_scope])
+def create_token(request):
+    macaroon_service = request.find_service(IMacaroonService, context=None)
+    token = request.validated['api_key']
+    return {'api_key': token}
+
+def valid_master(request, **kargs):
+    macaroon_service = request.find_service(IMacaroonService, context=None)
+    try:
+        macaroon_service.verify(request.master_key) #add params for all projects TODO
+    except InvalidMacaroon:
+        raise HTTPUnauthorized()
+
+def valid_scope(request, **kargs):
+    macaroon_service = request.find_service(IMacaroonService, context=None)
+    try:
+        user = macaroon_service.find_userid(request.master_key) #to determine the user of the original token
+        scope = {"version": 2, "permissions": scope}
+        serialized_macaroon, macaroon = macaroon_service.create_macaroon(...) # TODO
+    except ValueError or InvalidMacaroon:
+        raise HTTPBadRequest()
+    request.validated['api_key'] = serialized_macaroon
\ No newline at end of file

From 2f1b699b734653a663b483d22c7fdc3f50f3c8bf Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 15:44:09 -0400
Subject: [PATCH 68/96] Moved api to legacy directory.

---
 warehouse/macaroons/api.py | 41 --------------------------------------
 1 file changed, 41 deletions(-)
 delete mode 100644 warehouse/macaroons/api.py

diff --git a/warehouse/macaroons/api.py b/warehouse/macaroons/api.py
deleted file mode 100644
index cea3deeb8db1..000000000000
--- a/warehouse/macaroons/api.py
+++ /dev/null
@@ -1,41 +0,0 @@
-from collections import defaultdict
-
-from pyramid.httpexceptions import HTTPForbidden
-from pyramid.view import view_config
-
-from cornice import Service
-
-import os
-import binascii
-
-from pyramid.httpexceptions import HTTPUnauthorized, HTTPBadRequest
-from warehouse.macaroons.caveats import InvalidMacaroon
-from warehouse.macaroons.interfaces import IMacaroonService
-
-tokens = Service(name='token',
-                path='test_token/{master_key}/{description}/{scope}/{version}/{expiration}',
-                description='Create new api tokens for project uploads.')
-
-
-@tokens.post(validators=[valid_master,valid_scope])
-def create_token(request):
-    macaroon_service = request.find_service(IMacaroonService, context=None)
-    token = request.validated['api_key']
-    return {'api_key': token}
-
-def valid_master(request, **kargs):
-    macaroon_service = request.find_service(IMacaroonService, context=None)
-    try:
-        macaroon_service.verify(request.master_key) #add params for all projects TODO
-    except InvalidMacaroon:
-        raise HTTPUnauthorized()
-
-def valid_scope(request, **kargs):
-    macaroon_service = request.find_service(IMacaroonService, context=None)
-    try:
-        user = macaroon_service.find_userid(request.master_key) #to determine the user of the original token
-        scope = {"version": 2, "permissions": scope}
-        serialized_macaroon, macaroon = macaroon_service.create_macaroon(...) # TODO
-    except ValueError or InvalidMacaroon:
-        raise HTTPBadRequest()
-    request.validated['api_key'] = serialized_macaroon
\ No newline at end of file

From 42c2525262cd7b0ae3b4bc865b7abfe2e6e3b007 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 15:48:40 -0400
Subject: [PATCH 69/96] Added route for token API endpoint.

---
 warehouse/routes.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/warehouse/routes.py b/warehouse/routes.py
index 8d7733a921a4..22ddce22540b 100644
--- a/warehouse/routes.py
+++ b/warehouse/routes.py
@@ -333,6 +333,7 @@ def includeme(config):
     config.add_pypi_action_route("legacy.api.pypi.browse", "browse", domain=warehouse)
     config.add_pypi_action_route("legacy.api.pypi.files", "files", domain=warehouse)
     config.add_pypi_action_route("legacy.api.pypi.display", "display", domain=warehouse)
+    config.add_pypi_action_route("legacy.api.pypi.token.new", "create_token", domain=warehouse)
 
     # Legacy XMLRPC
     config.add_xmlrpc_endpoint(

From 82ea5f3f5ca655d74c1ab7da504c03305bba636a Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 15:49:59 -0400
Subject: [PATCH 70/96] Added token API endpoint.

---
 warehouse/legacy/api/pypi.py | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index d595ab2702fc..60f1165f8e56 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -14,6 +14,10 @@
 from pyramid.response import Response
 from pyramid.view import forbidden_view_config, view_config
 
+from pyramid.httpexceptions import HTTPUnauthorized, HTTPBadRequest
+from warehouse.macaroons.caveats import InvalidMacaroon
+from warehouse.macaroons.interfaces import IMacaroonService
+
 from warehouse.classifiers.models import Classifier
 
 
@@ -145,3 +149,33 @@ def display(request):
             request.route_path("packaging.release", name=name, version=version)
         )
     return HTTPMovedPermanently(request.route_path("packaging.project", name=name))
+
+
+@view_config(route_name="legacy.api.pypi.token.new")
+# TODO figure out best way to verify master token
+def create_token(request):
+    macaroon_service = request.find_service(IMacaroonService, context=None)
+    try:
+        macaroon_service.verify(
+            raw_macaroon=request.master_key,
+            context="",
+            principals="",
+            permissions="user",
+        )
+    except InvalidMacaroon:
+        raise HTTPUnauthorized()
+    try:
+        user = macaroon_service.find_userid(
+            request.master_key
+        )  # To determine the user of the original token
+        scope = {"version": 2, "permissions": scope}
+        serialized_macaroon, macaroon = macaroon_service.create_macaroon(
+            location=request.domain,  # ?
+            user_id=user,
+            description=request.description,
+            caveats=scope,
+        )
+    except ValueError or InvalidMacaroon:
+        raise HTTPBadRequest()
+
+    return {"api_key": serialized_macaroon}
\ No newline at end of file

From fedec1fb7ad22a52ce84419db2bbd06b37b34b85 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 17:50:19 -0400
Subject: [PATCH 71/96] Added token API endpoint route.

---
 tests/unit/test_routes.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/unit/test_routes.py b/tests/unit/test_routes.py
index 4fade03cbe90..7fd46456d35a 100644
--- a/tests/unit/test_routes.py
+++ b/tests/unit/test_routes.py
@@ -365,6 +365,7 @@ def add_policy(name, filename):
         pretend.call("legacy.api.pypi.browse", "browse", domain=warehouse),
         pretend.call("legacy.api.pypi.files", "files", domain=warehouse),
         pretend.call("legacy.api.pypi.display", "display", domain=warehouse),
+        pretend.call("legacy.api.pypi.token.new", "create_token", domain=warehouse)
     ]
 
     assert config.add_pypi_action_redirect.calls == [

From f71ea8c64784f5ea65b04ed74e676d19bd2e3e28 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 17:51:06 -0400
Subject: [PATCH 72/96] Changed scope to match V2 caveats.

---
 warehouse/legacy/api/pypi.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 60f1165f8e56..437bea66ed86 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -168,7 +168,13 @@ def create_token(request):
         user = macaroon_service.find_userid(
             request.master_key
         )  # To determine the user of the original token
-        scope = {"version": 2, "permissions": scope}
+        scope = {
+            "version": 2,
+            "expiration": request.expiration,
+            "permissions": {
+                "projects": [{"name": request.project_name, "version": request.release}]
+            },
+        }
         serialized_macaroon, macaroon = macaroon_service.create_macaroon(
             location=request.domain,  # ?
             user_id=user,
@@ -178,4 +184,4 @@ def create_token(request):
     except ValueError or InvalidMacaroon:
         raise HTTPBadRequest()
 
-    return {"api_key": serialized_macaroon}
\ No newline at end of file
+    return {"upload_token": serialized_macaroon}

From e13588659302216b6023509d9764867b8ff4d2df Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 30 Sep 2019 17:51:30 -0400
Subject: [PATCH 73/96] Formatting fixes.

---
 warehouse/routes.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/warehouse/routes.py b/warehouse/routes.py
index 22ddce22540b..cee84e6942f2 100644
--- a/warehouse/routes.py
+++ b/warehouse/routes.py
@@ -333,7 +333,9 @@ def includeme(config):
     config.add_pypi_action_route("legacy.api.pypi.browse", "browse", domain=warehouse)
     config.add_pypi_action_route("legacy.api.pypi.files", "files", domain=warehouse)
     config.add_pypi_action_route("legacy.api.pypi.display", "display", domain=warehouse)
-    config.add_pypi_action_route("legacy.api.pypi.token.new", "create_token", domain=warehouse)
+    config.add_pypi_action_route(
+        "legacy.api.pypi.token.new", "create_token", domain=warehouse
+    )
 
     # Legacy XMLRPC
     config.add_xmlrpc_endpoint(

From f65eb3c948a4d7ec13949b93fa47b7d7dd4331d8 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 10 Oct 2019 16:00:16 -0400
Subject: [PATCH 74/96] Started API endpoint for package uploads.

---
 tests/unit/legacy/api/test_pypi.py | 37 ++++++++++++++++++++++++++++++
 warehouse/legacy/api/pypi.py       | 12 ++++++----
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index 9082b9a33cf5..eb8d47abf1ed 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -12,12 +12,17 @@
 
 import pretend
 import pytest
+import pymacaroons
 
 from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound
 
 from warehouse.legacy.api import pypi
 
 from ....common.db.classifiers import ClassifierFactory
+from ....common.db.accounts import UserFactory
+from warehouse.macaroons.interfaces import IMacaroonService
+from warehouse.macaroons import services
+from warehouse.macaroons.models import Macaroon
 
 
 def test_exc_with_message():
@@ -209,3 +214,35 @@ def test_display_no_name(self, db_request):
 
         with pytest.raises(HTTPNotFound):
             pypi.display(db_request)
+
+
+class TestToken:
+    @pytest.mark.parametrize(
+        ("project_name", "version", "valid"),
+        [("foo", "1.0", True)],
+    )
+    def test_token_creation(
+        self, db_request, macaroon_service, project_name, version, valid
+    ):
+        user = UserFactory.create()
+        master_key, macaroon = macaroon_service.create_macaroon(
+            "fake location",
+            user.id,
+            "fake description",
+            {"version": 2, "permissions": "user"},
+        )
+        request = pretend.stub(
+            user=pretend.stub(id=pretend.stub()),
+            domain="fake location",
+            find_service=lambda interface, **kw: {IMacaroonService: macaroon_service}[
+                interface
+            ],
+            master_key=master_key,
+            project_name=project_name,
+            version=version,
+            description="fake description!",
+        )
+        assert pypi.create_token(request) == {} 
+        # for some reason this passes each time even though 2 test cases should not pass
+        # with pytest.raises(HTTPBadRequest):
+        #     pypi.create_token(request) # for some reason HTTPBadReq is never raised
diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 437bea66ed86..de6c4ee9185b 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -20,6 +20,10 @@
 
 from warehouse.classifiers.models import Classifier
 
+from datetime import datetime, timezone
+
+# from warehouse.packaging.models import Project
+
 
 def _exc_with_message(exc, message):
     # The crappy old API that PyPI offered uses the status to pass down
@@ -160,7 +164,7 @@ def create_token(request):
             raw_macaroon=request.master_key,
             context="",
             principals="",
-            permissions="user",
+            permission={"version": 2, "permissions": "user"},
         )
     except InvalidMacaroon:
         raise HTTPUnauthorized()
@@ -170,9 +174,9 @@ def create_token(request):
         )  # To determine the user of the original token
         scope = {
             "version": 2,
-            "expiration": request.expiration,
+            "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 3600,
             "permissions": {
-                "projects": [{"name": request.project_name, "version": request.release}]
+                "projects": [{"name": request.project_name, "version": request.version}]
             },
         }
         serialized_macaroon, macaroon = macaroon_service.create_macaroon(
@@ -181,7 +185,7 @@ def create_token(request):
             description=request.description,
             caveats=scope,
         )
-    except ValueError or InvalidMacaroon:
+    except InvalidMacaroon: #need to figure out why this is not catching
         raise HTTPBadRequest()
 
     return {"upload_token": serialized_macaroon}

From f0a4f6adc5e218e0540723f810668f3b334853c3 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 10 Oct 2019 16:36:16 -0400
Subject: [PATCH 75/96] Added test for invalid master token.

---
 tests/unit/legacy/api/test_pypi.py | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index eb8d47abf1ed..7fd35aef8a13 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -14,7 +14,7 @@
 import pytest
 import pymacaroons
 
-from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound
+from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound, HTTPUnauthorized
 
 from warehouse.legacy.api import pypi
 
@@ -232,7 +232,7 @@ def test_token_creation(
             {"version": 2, "permissions": "user"},
         )
         request = pretend.stub(
-            user=pretend.stub(id=pretend.stub()),
+            user=user,
             domain="fake location",
             find_service=lambda interface, **kw: {IMacaroonService: macaroon_service}[
                 interface
@@ -242,7 +242,20 @@ def test_token_creation(
             version=version,
             description="fake description!",
         )
-        assert pypi.create_token(request) == {} 
-        # for some reason this passes each time even though 2 test cases should not pass
-        # with pytest.raises(HTTPBadRequest):
-        #     pypi.create_token(request) # for some reason HTTPBadReq is never raised
+        assert isinstance(pypi.create_token(request), dict)
+    
+    def test_invalid_master_token(self, macaroon_service):
+        user = UserFactory.create()
+        request = pretend.stub(
+            user=user,
+            domain="fake location",
+            find_service=lambda interface, **kw: {IMacaroonService: macaroon_service}[
+                interface
+            ],
+            master_key="a fake key",
+            project_name="foo",
+            version="1.0",
+            description="fake description!",
+        )
+        with pytest.raises(HTTPUnauthorized):
+            pypi.create_token(request)
\ No newline at end of file

From 44ca1117f892549f651249045e9c97dae035a954 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Thu, 10 Oct 2019 16:36:37 -0400
Subject: [PATCH 76/96] Removed notes.

---
 warehouse/legacy/api/pypi.py | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)

diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index de6c4ee9185b..7198b2fafdf6 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -156,7 +156,6 @@ def display(request):
 
 
 @view_config(route_name="legacy.api.pypi.token.new")
-# TODO figure out best way to verify master token
 def create_token(request):
     macaroon_service = request.find_service(IMacaroonService, context=None)
     try:
@@ -168,24 +167,21 @@ def create_token(request):
         )
     except InvalidMacaroon:
         raise HTTPUnauthorized()
-    try:
-        user = macaroon_service.find_userid(
-            request.master_key
-        )  # To determine the user of the original token
-        scope = {
-            "version": 2,
-            "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 3600,
-            "permissions": {
-                "projects": [{"name": request.project_name, "version": request.version}]
-            },
-        }
-        serialized_macaroon, macaroon = macaroon_service.create_macaroon(
-            location=request.domain,  # ?
-            user_id=user,
-            description=request.description,
-            caveats=scope,
+    user = macaroon_service.find_userid(
+        request.master_key
+    )  # To determine the user of the original token
+    scope = {
+        "version": 2,
+        "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 3600,
+        "permissions": {
+            "projects": [{"name": request.project_name, "version": request.version}]
+        },
+    }
+    serialized_macaroon, macaroon = macaroon_service.create_macaroon(
+        location=request.domain,  # ?
+        user_id=user,
+        description=request.description,
+        caveats=scope,
         )
-    except InvalidMacaroon: #need to figure out why this is not catching
-        raise HTTPBadRequest()
 
     return {"upload_token": serialized_macaroon}

From 734c1757b99372efe8f139c2a8101c7f76959e64 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 15 Oct 2019 14:35:31 -0400
Subject: [PATCH 77/96] Removed unnecessary imports.

---
 warehouse/legacy/api/pypi.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 7198b2fafdf6..553fd3af3e3d 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -22,7 +22,6 @@
 
 from datetime import datetime, timezone
 
-# from warehouse.packaging.models import Project
 
 
 def _exc_with_message(exc, message):
@@ -178,10 +177,10 @@ def create_token(request):
         },
     }
     serialized_macaroon, macaroon = macaroon_service.create_macaroon(
-        location=request.domain,  # ?
+        location=request.domain,
         user_id=user,
         description=request.description,
         caveats=scope,
-        )
+    )
 
     return {"upload_token": serialized_macaroon}

From aa2fdb9fa3d7934903e8b80945d2372350bc77a8 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 22 Oct 2019 16:53:28 -0400
Subject: [PATCH 78/96] Added one time use caveat.

---
 warehouse/macaroons/caveats.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 30643c0f4e2c..ae314916eda2 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -130,6 +130,10 @@ def verify(self, predicate):
         except ValueError:
             raise InvalidMacaroon("malformed predicate")
 
+        used = data.get("used")
+        if used is True:
+            raise InvalidMacaroon("invalid token")
+
         version = data.get("version")
         if version is None:
             raise InvalidMacaroon("malformed version")
@@ -156,6 +160,12 @@ def verify(self, key):
         self.verifier.satisfy_general(TopLevelCaveat(self))
 
         try:
-            return self.verifier.verify(self.macaroon, key)
+            verified = self.verifier.verify(self.macaroon, key)
+            p = self.permission.get("permissions")
+            if p == "user":
+                used = self.permission.get("used")
+                if used is None:
+                    self.macaroon.add_first_party_caveat(json.dumps({"used": "true"}))
+            return verified
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
             raise InvalidMacaroon("invalid macaroon signature")

From d9a698b2853fa6e132ee8c69bde76e7ae3cc6e9b Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 22 Oct 2019 16:53:56 -0400
Subject: [PATCH 79/96] Added tests for one time use caveat.

---
 tests/unit/macaroons/test_caveats.py | 46 ++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 73eff36930ad..d3f6278f7ee3 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -15,6 +15,8 @@
 import pretend
 import pytest
 
+import pymacaroons
+
 from pymacaroons.exceptions import MacaroonInvalidSignatureException
 
 from warehouse.macaroons.caveats import (
@@ -26,6 +28,9 @@
     Verifier,
 )
 
+from warehouse.macaroons.interfaces import IMacaroonService
+from ...common.db.accounts import UserFactory
+
 from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
 
@@ -232,6 +237,22 @@ def test_verify_project(self, db_request, predicate):
 
         assert caveat(predicate) is True
 
+    @pytest.mark.parametrize(
+        ["predicate", "valid"],
+        [
+            ('{"version": 2, "permissions": "user"}', True),
+            ('{"version": 2, "permissions": "user", "used": true}', False),
+        ],
+    )
+    def test_verify_one_time_token_caveat(self, predicate, valid):
+        verifier = pretend.stub()
+        caveat = TopLevelCaveat(verifier)
+        if not valid:
+            with pytest.raises(InvalidMacaroon):
+                caveat(predicate)
+        else:
+            assert caveat(predicate)
+
 
 class TestVerifier:
     def test_creation(self):
@@ -261,3 +282,28 @@ def test_verify(self, monkeypatch):
         with pytest.raises(InvalidMacaroon):
             verifier.verify(key)
         assert verify.calls == [pretend.call(macaroon, key)]
+
+    @pytest.mark.parametrize(
+        "predicate",
+        [
+            {"version": 2, "permissions": "user"},
+            {"version": 2, "permissions": {"projects": [{"name": "bar"}]}},
+            {"version": 2, "permissions": "user", "used": "true"},
+        ],
+    )
+    def test_verify_one_time_token(self, macaroon_service, predicate):
+        project = ProjectFactory.create(name="bar")
+        macaroon_obj = pymacaroons.Macaroon(
+            location="fake location",
+            identifier="identifier",
+            key="key",
+            version=pymacaroons.MACAROON_V2,
+        )
+        macaroon = macaroon_obj
+        context = project
+        principals = pretend.stub()
+        permission = predicate
+        key = "key"
+        verifier = Verifier(macaroon, context, principals, permission)
+
+        assert verifier.verify(key)

From a00ed39619e5b751f83cbc1df4ab6ab929e4ddd9 Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Tue, 22 Oct 2019 16:54:49 -0400
Subject: [PATCH 80/96] Formatting fixes.

---
 tests/unit/legacy/api/test_pypi.py | 14 +++++++++-----
 tests/unit/test_routes.py          |  2 +-
 warehouse/legacy/api/pypi.py       |  1 -
 warehouse/manage/forms.py          |  2 +-
 4 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index 7fd35aef8a13..6a496bc1ac8f 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -14,7 +14,12 @@
 import pytest
 import pymacaroons
 
-from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound, HTTPUnauthorized
+from pyramid.httpexceptions import (
+    HTTPBadRequest,
+    HTTPMovedPermanently,
+    HTTPNotFound,
+    HTTPUnauthorized,
+)
 
 from warehouse.legacy.api import pypi
 
@@ -218,8 +223,7 @@ def test_display_no_name(self, db_request):
 
 class TestToken:
     @pytest.mark.parametrize(
-        ("project_name", "version", "valid"),
-        [("foo", "1.0", True)],
+        ("project_name", "version"), [("foo", "1.0")]
     )
     def test_token_creation(
         self, db_request, macaroon_service, project_name, version, valid
@@ -243,7 +247,7 @@ def test_token_creation(
             description="fake description!",
         )
         assert isinstance(pypi.create_token(request), dict)
-    
+
     def test_invalid_master_token(self, macaroon_service):
         user = UserFactory.create()
         request = pretend.stub(
@@ -258,4 +262,4 @@ def test_invalid_master_token(self, macaroon_service):
             description="fake description!",
         )
         with pytest.raises(HTTPUnauthorized):
-            pypi.create_token(request)
\ No newline at end of file
+            pypi.create_token(request)
diff --git a/tests/unit/test_routes.py b/tests/unit/test_routes.py
index 7fd46456d35a..c1ae7711fd2d 100644
--- a/tests/unit/test_routes.py
+++ b/tests/unit/test_routes.py
@@ -365,7 +365,7 @@ def add_policy(name, filename):
         pretend.call("legacy.api.pypi.browse", "browse", domain=warehouse),
         pretend.call("legacy.api.pypi.files", "files", domain=warehouse),
         pretend.call("legacy.api.pypi.display", "display", domain=warehouse),
-        pretend.call("legacy.api.pypi.token.new", "create_token", domain=warehouse)
+        pretend.call("legacy.api.pypi.token.new", "create_token", domain=warehouse),
     ]
 
     assert config.add_pypi_action_redirect.calls == [
diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 553fd3af3e3d..59e2002ac464 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -23,7 +23,6 @@
 from datetime import datetime, timezone
 
 
-
 def _exc_with_message(exc, message):
     # The crappy old API that PyPI offered uses the status to pass down
     # messages to the client. So this function will make that easier to do.
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 7cab9b4f29b9..460bfedbf92b 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -189,7 +189,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "expiration"]
+    __params__ = ["description", "token_scope", "expiration", "used"]
 
     description = wtforms.StringField(
         validators=[

From d9edc22032c1d9ca8b1df2dfccd586c942f94d7a Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 28 Oct 2019 11:10:26 -0400
Subject: [PATCH 81/96] Added files to ignore.

---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index ba148fbe3877..5c85e3c21935 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,6 +21,9 @@ node_modules/
 dev/example.sql
 dev/prod.sql
 dev/prod.sql.xz
+dev/notdatadog.py
+dev/smtp.py
+docs/conf.py
 ./data/
 
 warehouse/.commit

From 0c991b415f154ecf562dfe93d997c0628996c8cf Mon Sep 17 00:00:00 2001
From: Rachel <rcipkins@stevens.edu>
Date: Mon, 28 Oct 2019 12:14:22 -0400
Subject: [PATCH 82/96] Removed unused variable.

---
 tests/unit/legacy/api/test_pypi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index 6a496bc1ac8f..b3238c5615f9 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -226,7 +226,7 @@ class TestToken:
         ("project_name", "version"), [("foo", "1.0")]
     )
     def test_token_creation(
-        self, db_request, macaroon_service, project_name, version, valid
+        self, db_request, macaroon_service, project_name, version,
     ):
         user = UserFactory.create()
         master_key, macaroon = macaroon_service.create_macaroon(

From ee2a88198465c94b330768dfd89a4a6c8ad88adc Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 18 Nov 2019 11:08:22 -0500
Subject: [PATCH 83/96] tests, warehouse: flake8 fixes

---
 tests/unit/legacy/api/test_pypi.py   | 3 ---
 tests/unit/macaroons/test_caveats.py | 3 ---
 warehouse/legacy/api/pypi.py         | 2 +-
 3 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index b3238c5615f9..659460930a19 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -12,7 +12,6 @@
 
 import pretend
 import pytest
-import pymacaroons
 
 from pyramid.httpexceptions import (
     HTTPBadRequest,
@@ -26,8 +25,6 @@
 from ....common.db.classifiers import ClassifierFactory
 from ....common.db.accounts import UserFactory
 from warehouse.macaroons.interfaces import IMacaroonService
-from warehouse.macaroons import services
-from warehouse.macaroons.models import Macaroon
 
 
 def test_exc_with_message():
diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index d3f6278f7ee3..67ba50141a36 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -28,9 +28,6 @@
     Verifier,
 )
 
-from warehouse.macaroons.interfaces import IMacaroonService
-from ...common.db.accounts import UserFactory
-
 from ...common.db.packaging import ProjectFactory, ReleaseFactory
 
 
diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 59e2002ac464..207706c87244 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -14,7 +14,7 @@
 from pyramid.response import Response
 from pyramid.view import forbidden_view_config, view_config
 
-from pyramid.httpexceptions import HTTPUnauthorized, HTTPBadRequest
+from pyramid.httpexceptions import HTTPUnauthorized
 from warehouse.macaroons.caveats import InvalidMacaroon
 from warehouse.macaroons.interfaces import IMacaroonService
 

From d184a2ee6198ef2543057a3d0cb70e9cee4e2eca Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 18 Nov 2019 11:19:43 -0500
Subject: [PATCH 84/96] tests/unit: Blacken

---
 tests/unit/legacy/api/test_pypi.py | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index 659460930a19..e5d521993e0c 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -219,12 +219,8 @@ def test_display_no_name(self, db_request):
 
 
 class TestToken:
-    @pytest.mark.parametrize(
-        ("project_name", "version"), [("foo", "1.0")]
-    )
-    def test_token_creation(
-        self, db_request, macaroon_service, project_name, version,
-    ):
+    @pytest.mark.parametrize(("project_name", "version"), [("foo", "1.0")])
+    def test_token_creation(self, db_request, macaroon_service, project_name, version):
         user = UserFactory.create()
         master_key, macaroon = macaroon_service.create_macaroon(
             "fake location",

From 4f5aaa92b4d3f886c84b97322bb153de7f8ae672 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 18 Nov 2019 11:34:41 -0500
Subject: [PATCH 85/96] tests, warehouse: isort fixes

---
 tests/unit/legacy/api/test_pypi.py   |  4 ++--
 tests/unit/macaroons/test_caveats.py |  3 +--
 warehouse/legacy/api/pypi.py         | 15 +++++++++------
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index e5d521993e0c..a58019ce8bcd 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -21,10 +21,10 @@
 )
 
 from warehouse.legacy.api import pypi
+from warehouse.macaroons.interfaces import IMacaroonService
 
-from ....common.db.classifiers import ClassifierFactory
 from ....common.db.accounts import UserFactory
-from warehouse.macaroons.interfaces import IMacaroonService
+from ....common.db.classifiers import ClassifierFactory
 
 
 def test_exc_with_message():
diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 67ba50141a36..45bace30460a 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -13,9 +13,8 @@
 from datetime import datetime, timezone
 
 import pretend
-import pytest
-
 import pymacaroons
+import pytest
 
 from pymacaroons.exceptions import MacaroonInvalidSignatureException
 
diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 207706c87244..8df66f75d85a 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -10,18 +10,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from pyramid.httpexceptions import HTTPGone, HTTPMovedPermanently, HTTPNotFound
+from datetime import datetime, timezone
+
+from pyramid.httpexceptions import (
+    HTTPGone,
+    HTTPMovedPermanently,
+    HTTPNotFound,
+    HTTPUnauthorized,
+)
 from pyramid.response import Response
 from pyramid.view import forbidden_view_config, view_config
 
-from pyramid.httpexceptions import HTTPUnauthorized
+from warehouse.classifiers.models import Classifier
 from warehouse.macaroons.caveats import InvalidMacaroon
 from warehouse.macaroons.interfaces import IMacaroonService
 
-from warehouse.classifiers.models import Classifier
-
-from datetime import datetime, timezone
-
 
 def _exc_with_message(exc, message):
     # The crappy old API that PyPI offered uses the status to pass down

From 312f2e56603c0553377eda990d51c587ee3ac589 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 14:03:39 -0500
Subject: [PATCH 86/96] warehouse: Refactor token creation endpoint

Uses the auth framework and leans on the session/active request
user where possible, reuses the macaroon creation form used in the
UI, adds appropriate event recording, and propagates errors
as a JSON response.

Removes "one-time" tokens pending a refactor.
---
 warehouse/legacy/api/json.py          | 86 ++++++++++++++++++++++++++-
 warehouse/legacy/api/pypi.py          | 37 ------------
 warehouse/macaroons/caveats.py        | 12 +---
 warehouse/macaroons/services.py       | 15 ++++-
 warehouse/manage/forms.py             | 11 ++--
 warehouse/routes.py                   |  8 ++-
 warehouse/templates/manage/token.html |  2 +-
 7 files changed, 111 insertions(+), 60 deletions(-)

diff --git a/warehouse/legacy/api/json.py b/warehouse/legacy/api/json.py
index 8192efc451ed..41af8a694c22 100644
--- a/warehouse/legacy/api/json.py
+++ b/warehouse/legacy/api/json.py
@@ -12,13 +12,18 @@
 
 from collections import OrderedDict
 
-from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
+from pyramid.httpexceptions import (
+    HTTPMovedPermanently,
+    HTTPNotFound,
+)
 from pyramid.view import view_config
 from sqlalchemy.orm import Load
 from sqlalchemy.orm.exc import NoResultFound
 
 from warehouse.cache.http import cache_control
 from warehouse.cache.origin import origin_cache
+from warehouse.macaroons.interfaces import IMacaroonService
+from warehouse.manage.forms import CreateMacaroonForm
 from warehouse.packaging.models import File, Project, Release
 
 # Generate appropriate CORS headers for the JSON endpoint.
@@ -205,3 +210,82 @@ def json_release_slash(release, request):
         ),
         headers=_CORS_HEADERS,
     )
+
+
+@view_config(
+    route_name="legacy.api.json.token.new",
+    renderer="json",
+    require_methods=["POST"],
+    uses_session=True,
+    permission="manage:user",
+    require_csrf=False,
+)
+def create_token(request):
+    def _fail(message):
+        request.response.status_code = 400
+        return {"success": False, "message": message}
+
+    if request.authenticated_userid is None:
+        return _fail("invalid authentication token")
+
+    # Sanity-check our JSON payload. Ideally this would be done in a form,
+    # but WTForms isn't well equipped to handle JSON bodies.
+    try:
+        payload = request.json_body
+        if not isinstance(payload, dict):
+            raise ValueError
+    except Exception:
+        return _fail("invalid payload")
+
+    macaroon_service = request.find_service(IMacaroonService, context=None)
+
+    form = CreateMacaroonForm(
+        **payload,
+        user_id=request.user.id,
+        macaroon_service=macaroon_service,
+        all_projects=request.user.projects,
+    )
+    if not form.validate():
+        errors = "\n".join(
+            [str(error) for error_list in form.errors.values() for error in error_list]
+        )
+        return _fail(errors)
+
+    serialized_macaroon, _ = macaroon_service.create_macaroon(
+        location=request.domain,
+        user_id=request.user.id,
+        description=form.description.data,
+        caveats=form.validated_caveats,
+    )
+    request.user.record_event(
+        tag="account:api_token:added",
+        ip_address=request.remote_addr,
+        additional={
+            "description": form.description.data,
+            "caveats": form.validated_caveats,
+        },
+    )
+
+    permissions = form.validated_caveats["permissions"]
+    if "projects" in permissions:
+        project_names = [project["name"] for project in permissions["projects"]]
+        projects = [
+            project
+            for project in request.user.projects
+            if project.normalized_name in project_names
+        ]
+        for project in projects:
+            # NOTE: We don't disclose the full caveats for this token
+            # to the project event log, since the token could also
+            # have access to projects that this project's owner
+            # isn't aware of.
+            project.record_event(
+                tag="project:api_token:added",
+                ip_address=request.remote_addr,
+                additional={
+                    "description": form.description.data,
+                    "user": request.user.username,
+                },
+            )
+
+    return {"success": True, "token": serialized_macaroon}
diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index 8df66f75d85a..fd5ddc869f66 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -10,20 +10,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from datetime import datetime, timezone
-
 from pyramid.httpexceptions import (
     HTTPGone,
     HTTPMovedPermanently,
     HTTPNotFound,
-    HTTPUnauthorized,
 )
 from pyramid.response import Response
 from pyramid.view import forbidden_view_config, view_config
 
 from warehouse.classifiers.models import Classifier
-from warehouse.macaroons.caveats import InvalidMacaroon
-from warehouse.macaroons.interfaces import IMacaroonService
 
 
 def _exc_with_message(exc, message):
@@ -154,35 +149,3 @@ def display(request):
             request.route_path("packaging.release", name=name, version=version)
         )
     return HTTPMovedPermanently(request.route_path("packaging.project", name=name))
-
-
-@view_config(route_name="legacy.api.pypi.token.new")
-def create_token(request):
-    macaroon_service = request.find_service(IMacaroonService, context=None)
-    try:
-        macaroon_service.verify(
-            raw_macaroon=request.master_key,
-            context="",
-            principals="",
-            permission={"version": 2, "permissions": "user"},
-        )
-    except InvalidMacaroon:
-        raise HTTPUnauthorized()
-    user = macaroon_service.find_userid(
-        request.master_key
-    )  # To determine the user of the original token
-    scope = {
-        "version": 2,
-        "expiration": int(datetime.now(tz=timezone.utc).timestamp()) + 3600,
-        "permissions": {
-            "projects": [{"name": request.project_name, "version": request.version}]
-        },
-    }
-    serialized_macaroon, macaroon = macaroon_service.create_macaroon(
-        location=request.domain,
-        user_id=user,
-        description=request.description,
-        caveats=scope,
-    )
-
-    return {"upload_token": serialized_macaroon}
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index ae314916eda2..30643c0f4e2c 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -130,10 +130,6 @@ def verify(self, predicate):
         except ValueError:
             raise InvalidMacaroon("malformed predicate")
 
-        used = data.get("used")
-        if used is True:
-            raise InvalidMacaroon("invalid token")
-
         version = data.get("version")
         if version is None:
             raise InvalidMacaroon("malformed version")
@@ -160,12 +156,6 @@ def verify(self, key):
         self.verifier.satisfy_general(TopLevelCaveat(self))
 
         try:
-            verified = self.verifier.verify(self.macaroon, key)
-            p = self.permission.get("permissions")
-            if p == "user":
-                used = self.permission.get("used")
-                if used is None:
-                    self.macaroon.add_first_party_caveat(json.dumps({"used": "true"}))
-            return verified
+            return self.verifier.verify(self.macaroon, key)
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
             raise InvalidMacaroon("invalid macaroon signature")
diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index 0fff949ade55..c2e5bb935209 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -66,9 +66,9 @@ def find_macaroon(self, macaroon_id):
 
         return dm
 
-    def find_userid(self, raw_macaroon):
+    def find_user(self, raw_macaroon):
         """
-        Returns the id of the user associated with the given raw (serialized)
+        Returns the user model associated with the given raw (serialized)
         macaroon.
         """
         raw_macaroon = self._extract_raw_macaroon(raw_macaroon)
@@ -85,7 +85,16 @@ def find_userid(self, raw_macaroon):
         if dm is None:
             return None
 
-        return dm.user.id
+        return dm.user
+
+    def find_userid(self, raw_macaroon):
+        """
+        Returns the id of the user associated with the given raw (serialized)
+        macaroon.
+        """
+        user = self.find_user(raw_macaroon)
+        if user is not None:
+            return user.id
 
     def verify(self, raw_macaroon, context, principals, permission):
         """
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 2a0f20ff6594..5a0ab27c79a0 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -194,7 +194,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "expiration", "used"]
+    __params__ = ["description", "token_scope", "expiration"]
 
     description = wtforms.StringField(
         validators=[
@@ -258,6 +258,7 @@ def validate_token_scope(self, field):
 
         try:
             scope_kind, scope_value = scope_kind.split(":", 1)
+            scope_values = scope_value.split(",")
         except ValueError:
             raise wtforms.ValidationError(f"Unknown token scope: {scope}")
 
@@ -266,8 +267,8 @@ def validate_token_scope(self, field):
 
         self.validated_scope = {"projects": []}
         for project in self.all_projects:
-            if scope_value == project.normalized_name:
-                project_scope = {"name": scope_value}
+            if project.normalized_name in scope_values:
+                project_scope = {"name": project.normalized_name}
                 all_versions = [version[0] for version in project.all_versions]
                 if self.validated_project_version:
                     if self.validated_project_version in all_versions:
@@ -278,7 +279,9 @@ def validate_token_scope(self, field):
                 self.validated_scope["projects"].append(project_scope)
                 return
 
-        raise wtforms.ValidationError(f"Unknown or invalid project name: {scope_value}")
+        raise wtforms.ValidationError(
+            f"Unknown or invalid project name(s): {scope_value}"
+        )
 
     def validate_expiration(self, field):
         if not field.data:
diff --git a/warehouse/routes.py b/warehouse/routes.py
index fb06652f0fed..06d8b111a605 100644
--- a/warehouse/routes.py
+++ b/warehouse/routes.py
@@ -321,6 +321,11 @@ def includeme(config):
         read_only=True,
         domain=warehouse,
     )
+    config.add_route(
+        "legacy.api.json.token.new",
+        "/pypi/create_token/",
+        domain=warehouse,
+    )
 
     # Legacy Action URLs
     # TODO: We should probably add Warehouse routes for these that just error
@@ -343,9 +348,6 @@ def includeme(config):
     config.add_pypi_action_route("legacy.api.pypi.browse", "browse", domain=warehouse)
     config.add_pypi_action_route("legacy.api.pypi.files", "files", domain=warehouse)
     config.add_pypi_action_route("legacy.api.pypi.display", "display", domain=warehouse)
-    config.add_pypi_action_route(
-        "legacy.api.pypi.token.new", "create_token", domain=warehouse
-    )
 
     # Legacy XMLRPC
     config.add_xmlrpc_endpoint(
diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 9da44c0492e1..1f6b325823bc 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -155,7 +155,7 @@ <h2>{% trans %}Add another token{% endtrans %}</h2>
       </div>
       <div id="api-token-scope-warning" class="callout-block callout-block--warning" hidden>
         <h3 class="callout-block__heading">{% trans %}Proceed with caution!{% endtrans %}</h3>
-        <p>{% trans %}An API token scoped to your entire account will have upload permissions for all of your current and future projects.{% endtrans %}</p>
+        <p>{% trans %}An API token scoped to your entire account will have upload permissions for all of your current and future projects, and will be able to create additional tokens.{% endtrans %}</p>
       </div>
 
       {% set token_scope = create_macaroon_form.token_scope.data %}

From 280144e738710c73624c1fc60435114abf271025 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 14:06:59 -0500
Subject: [PATCH 87/96] tests: Update macaroon caveat tests

---
 tests/unit/macaroons/test_caveats.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 45bace30460a..4268261c1a52 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -237,7 +237,7 @@ def test_verify_project(self, db_request, predicate):
         ["predicate", "valid"],
         [
             ('{"version": 2, "permissions": "user"}', True),
-            ('{"version": 2, "permissions": "user", "used": true}', False),
+            ('{"version": 2, "permissions": "user"}', False),
         ],
     )
     def test_verify_one_time_token_caveat(self, predicate, valid):
@@ -284,7 +284,7 @@ def test_verify(self, monkeypatch):
         [
             {"version": 2, "permissions": "user"},
             {"version": 2, "permissions": {"projects": [{"name": "bar"}]}},
-            {"version": 2, "permissions": "user", "used": "true"},
+            {"version": 2, "permissions": "user"},
         ],
     )
     def test_verify_one_time_token(self, macaroon_service, predicate):

From 67698444ac4d1025cb4c1ebb0894767b32906e30 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 15:23:29 -0500
Subject: [PATCH 88/96] warehouse/routes: Auto-format

---
 warehouse/routes.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/warehouse/routes.py b/warehouse/routes.py
index 06d8b111a605..48c5e8fbdd98 100644
--- a/warehouse/routes.py
+++ b/warehouse/routes.py
@@ -322,9 +322,7 @@ def includeme(config):
         domain=warehouse,
     )
     config.add_route(
-        "legacy.api.json.token.new",
-        "/pypi/create_token/",
-        domain=warehouse,
+        "legacy.api.json.token.new", "/pypi/create_token/", domain=warehouse
     )
 
     # Legacy Action URLs

From 8fbb669e69aa50192fc93767b8958b3a1dfefa47 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 16:14:35 -0500
Subject: [PATCH 89/96] tests/unit: Begin rewriting tests

---
 tests/unit/legacy/api/test_json.py | 62 +++++++++++++++++++++++++++++-
 tests/unit/legacy/api/test_pypi.py | 49 +----------------------
 tests/unit/test_routes.py          |  4 +-
 3 files changed, 65 insertions(+), 50 deletions(-)

diff --git a/tests/unit/legacy/api/test_json.py b/tests/unit/legacy/api/test_json.py
index 62cf9b13ff58..466269157873 100644
--- a/tests/unit/legacy/api/test_json.py
+++ b/tests/unit/legacy/api/test_json.py
@@ -13,10 +13,12 @@
 from collections import OrderedDict
 
 import pretend
+import pytest
 
-from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
+from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound
 
 from warehouse.legacy.api import json
+from warehouse.macaroons.interfaces import IMacaroonService
 from warehouse.packaging.models import Dependency, DependencyKind
 
 from ....common.db.accounts import UserFactory
@@ -474,3 +476,61 @@ def test_normalizing_redirects(self, db_request):
             )
         ]
         assert resp.headers["Location"] == "/project/the-redirect"
+
+
+class TestCreateToken:
+    def test_create_token_unauthenticated(self):
+        request = pretend.stub(
+            response=pretend.stub(status_code=None), authenticated_userid=None
+        )
+
+        resp = json.create_token(request)
+        assert resp == {"success": False, "message": "invalid authentication token"}
+        assert request.response.status_code == 400
+
+    def test_create_token_bad_payload(self):
+        request = pretend.stub(
+            response=pretend.stub(status_code=None),
+            authenticated_userid="fake_id",
+            json_body="invalid json",
+        )
+
+        resp = json.create_token(request)
+        assert resp == {"success": False, "message": "invalid payload"}
+        assert request.response.status_code == 400
+
+    def test_create_token_payload_not_a_dict(self):
+        request = pretend.stub(
+            response=pretend.stub(status_code=None),
+            authenticated_userid="fake_id",
+            json_body=[],
+        )
+
+        resp = json.create_token(request)
+        assert resp == {"success": False, "message": "invalid payload"}
+        assert request.response.status_code == 400
+
+    def test_create_token_invalid_form(self, monkeypatch):
+        request = pretend.stub(
+            response=pretend.stub(status_code=None),
+            authenticated_userid="fake_id",
+            find_service=pretend.call_recorder(lambda *a, **kw: pretend.stub()),
+            user=pretend.stub(id=pretend.stub(), projects=pretend.stub()),
+            json_body={},
+        )
+        create_macaroon_obj = pretend.stub(
+            validate=pretend.call_recorder(lambda: False),
+            errors=pretend.stub(values=pretend.call_recorder(lambda: [["fake error"]])),
+        )
+        create_macaroon_cls = pretend.call_recorder(
+            lambda *a, **kw: create_macaroon_obj
+        )
+        monkeypatch.setattr(json, "CreateMacaroonForm", create_macaroon_cls)
+
+        resp = json.create_token(request)
+        assert resp == {"success": False, "message": "fake error"}
+        assert request.response.status_code == 400
+
+    def test_create_token(self, monkeypatch):
+        # TODO(ww)
+        pass
diff --git a/tests/unit/legacy/api/test_pypi.py b/tests/unit/legacy/api/test_pypi.py
index a58019ce8bcd..9082b9a33cf5 100644
--- a/tests/unit/legacy/api/test_pypi.py
+++ b/tests/unit/legacy/api/test_pypi.py
@@ -13,17 +13,10 @@
 import pretend
 import pytest
 
-from pyramid.httpexceptions import (
-    HTTPBadRequest,
-    HTTPMovedPermanently,
-    HTTPNotFound,
-    HTTPUnauthorized,
-)
+from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound
 
 from warehouse.legacy.api import pypi
-from warehouse.macaroons.interfaces import IMacaroonService
 
-from ....common.db.accounts import UserFactory
 from ....common.db.classifiers import ClassifierFactory
 
 
@@ -216,43 +209,3 @@ def test_display_no_name(self, db_request):
 
         with pytest.raises(HTTPNotFound):
             pypi.display(db_request)
-
-
-class TestToken:
-    @pytest.mark.parametrize(("project_name", "version"), [("foo", "1.0")])
-    def test_token_creation(self, db_request, macaroon_service, project_name, version):
-        user = UserFactory.create()
-        master_key, macaroon = macaroon_service.create_macaroon(
-            "fake location",
-            user.id,
-            "fake description",
-            {"version": 2, "permissions": "user"},
-        )
-        request = pretend.stub(
-            user=user,
-            domain="fake location",
-            find_service=lambda interface, **kw: {IMacaroonService: macaroon_service}[
-                interface
-            ],
-            master_key=master_key,
-            project_name=project_name,
-            version=version,
-            description="fake description!",
-        )
-        assert isinstance(pypi.create_token(request), dict)
-
-    def test_invalid_master_token(self, macaroon_service):
-        user = UserFactory.create()
-        request = pretend.stub(
-            user=user,
-            domain="fake location",
-            find_service=lambda interface, **kw: {IMacaroonService: macaroon_service}[
-                interface
-            ],
-            master_key="a fake key",
-            project_name="foo",
-            version="1.0",
-            description="fake description!",
-        )
-        with pytest.raises(HTTPUnauthorized):
-            pypi.create_token(request)
diff --git a/tests/unit/test_routes.py b/tests/unit/test_routes.py
index b2d38f99c139..c13ff9813192 100644
--- a/tests/unit/test_routes.py
+++ b/tests/unit/test_routes.py
@@ -324,6 +324,9 @@ def add_policy(name, filename):
             read_only=True,
             domain=warehouse,
         ),
+        pretend.call(
+            "legacy.api.json.token.new", "/pypi/create_token/", domain=warehouse
+        ),
         pretend.call("legacy.docs", docs_route_url),
     ]
 
@@ -380,7 +383,6 @@ def add_policy(name, filename):
         pretend.call("legacy.api.pypi.browse", "browse", domain=warehouse),
         pretend.call("legacy.api.pypi.files", "files", domain=warehouse),
         pretend.call("legacy.api.pypi.display", "display", domain=warehouse),
-        pretend.call("legacy.api.pypi.token.new", "create_token", domain=warehouse),
     ]
 
     assert config.add_pypi_action_redirect.calls == [

From 7865c10cab58846c8ee1d247b94bea71c81535c2 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 18:56:20 -0500
Subject: [PATCH 90/96] tests/api: Add more token creation tests

---
 tests/unit/legacy/api/test_json.py | 109 +++++++++++++++++++++++++++--
 1 file changed, 103 insertions(+), 6 deletions(-)

diff --git a/tests/unit/legacy/api/test_json.py b/tests/unit/legacy/api/test_json.py
index 466269157873..29e529957cfa 100644
--- a/tests/unit/legacy/api/test_json.py
+++ b/tests/unit/legacy/api/test_json.py
@@ -13,12 +13,10 @@
 from collections import OrderedDict
 
 import pretend
-import pytest
 
-from pyramid.httpexceptions import HTTPBadRequest, HTTPMovedPermanently, HTTPNotFound
+from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
 
 from warehouse.legacy.api import json
-from warehouse.macaroons.interfaces import IMacaroonService
 from warehouse.packaging.models import Dependency, DependencyKind
 
 from ....common.db.accounts import UserFactory
@@ -531,6 +529,105 @@ def test_create_token_invalid_form(self, monkeypatch):
         assert resp == {"success": False, "message": "fake error"}
         assert request.response.status_code == 400
 
-    def test_create_token(self, monkeypatch):
-        # TODO(ww)
-        pass
+    def test_create_token_user_scoped(self, monkeypatch):
+        macaroon_service = pretend.stub(
+            create_macaroon=pretend.call_recorder(
+                lambda *a, **kw: ("fake_token", pretend.stub())
+            )
+        )
+        request = pretend.stub(
+            domain=pretend.stub(),
+            remote_addr=pretend.stub(),
+            response=pretend.stub(status_code=None),
+            authenticated_userid="fake_id",
+            find_service=pretend.call_recorder(lambda *a, **kw: macaroon_service),
+            user=pretend.stub(
+                id=pretend.stub(),
+                projects=pretend.stub(),
+                record_event=pretend.call_recorder(lambda *a, **kw: pretend.stub()),
+            ),
+            json_body={},
+        )
+        create_macaroon_obj = pretend.stub(
+            validate=pretend.call_recorder(lambda: True),
+            description=pretend.stub(data="fake description"),
+            validated_caveats={"permissions": "user"},
+        )
+        create_macaroon_cls = pretend.call_recorder(
+            lambda *a, **kw: create_macaroon_obj
+        )
+        monkeypatch.setattr(json, "CreateMacaroonForm", create_macaroon_cls)
+
+        resp = json.create_token(request)
+        assert resp == {"success": True, "token": "fake_token"}
+        assert request.user.record_event.calls == [
+            pretend.call(
+                tag="account:api_token:added",
+                ip_address=request.remote_addr,
+                additional={
+                    "description": "fake description",
+                    "caveats": {"permissions": "user"},
+                },
+            )
+        ]
+
+    def test_create_token_project_scoped(self, monkeypatch):
+        macaroon_service = pretend.stub(
+            create_macaroon=pretend.call_recorder(
+                lambda *a, **kw: ("fake_token", pretend.stub())
+            )
+        )
+        request = pretend.stub(
+            domain=pretend.stub(),
+            remote_addr=pretend.stub(),
+            response=pretend.stub(status_code=None),
+            authenticated_userid="fake_id",
+            find_service=pretend.call_recorder(lambda *a, **kw: macaroon_service),
+            user=pretend.stub(
+                id=pretend.stub(),
+                username=pretend.stub(),
+                projects=[
+                    pretend.stub(
+                        normalized_name="fakeproject",
+                        record_event=pretend.call_recorder(
+                            lambda *a, **kw: pretend.stub()
+                        ),
+                    )
+                ],
+                record_event=pretend.call_recorder(lambda *a, **kw: pretend.stub()),
+            ),
+            json_body={},
+        )
+        create_macaroon_obj = pretend.stub(
+            validate=pretend.call_recorder(lambda: True),
+            description=pretend.stub(data="fake description"),
+            validated_caveats={"permissions": {"projects": [{"name": "fakeproject"}]}},
+        )
+        create_macaroon_cls = pretend.call_recorder(
+            lambda *a, **kw: create_macaroon_obj
+        )
+        monkeypatch.setattr(json, "CreateMacaroonForm", create_macaroon_cls)
+
+        resp = json.create_token(request)
+        assert resp == {"success": True, "token": "fake_token"}
+        assert request.user.record_event.calls == [
+            pretend.call(
+                tag="account:api_token:added",
+                ip_address=request.remote_addr,
+                additional={
+                    "description": "fake description",
+                    "caveats": {"permissions": {"projects": [{"name": "fakeproject"}]}},
+                },
+            )
+        ]
+        for project in request.user.projects:
+            assert project.record_event.calls == [
+                pretend.call(
+                    tag="project:api_token:added",
+                    ip_address=request.remote_addr,
+                    additional={
+                        "description": "fake description",
+                        "user": request.user.username,
+                    },
+                )
+            ]

From 634e807a9f7deea7c9d21320e699ce8b7de92237 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 19:12:31 -0500
Subject: [PATCH 91/96] tests: Update management form strings

---
 tests/unit/manage/test_forms.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index a9d10886962a..386329a2faa9 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -425,7 +425,9 @@ def test_validate_token_scope_invalid_project(self):
         )
 
         assert not form.validate()
-        assert form.token_scope.errors.pop() == "Unknown or invalid project name: foo"
+        assert (
+            form.token_scope.errors.pop() == "Unknown or invalid project name(s): foo"
+        )
 
     def test_validate_token_scope_valid_project(self, db_request):
         project = ProjectFactory(name="foo")
@@ -462,7 +464,8 @@ def test_validate_token_scope_not_in_projects(self, db_request):
         )
         assert not form.validate()
         assert (
-            form.token_scope.errors.pop() == "Unknown or invalid project name: foobar"
+            form.token_scope.errors.pop()
+            == "Unknown or invalid project name(s): foobar"
         )
 
     def test_validate_token_scope_invalid_release(self):

From e262de7cbd3b63b3586a472b708b501bdafbbed0 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 19:15:20 -0500
Subject: [PATCH 92/96] tests: Remove one-time-token tests

---
 tests/unit/macaroons/test_caveats.py | 41 ----------------------------
 1 file changed, 41 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 4268261c1a52..2d283f083957 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -233,22 +233,6 @@ def test_verify_project(self, db_request, predicate):
 
         assert caveat(predicate) is True
 
-    @pytest.mark.parametrize(
-        ["predicate", "valid"],
-        [
-            ('{"version": 2, "permissions": "user"}', True),
-            ('{"version": 2, "permissions": "user"}', False),
-        ],
-    )
-    def test_verify_one_time_token_caveat(self, predicate, valid):
-        verifier = pretend.stub()
-        caveat = TopLevelCaveat(verifier)
-        if not valid:
-            with pytest.raises(InvalidMacaroon):
-                caveat(predicate)
-        else:
-            assert caveat(predicate)
-
 
 class TestVerifier:
     def test_creation(self):
@@ -278,28 +262,3 @@ def test_verify(self, monkeypatch):
         with pytest.raises(InvalidMacaroon):
             verifier.verify(key)
         assert verify.calls == [pretend.call(macaroon, key)]
-
-    @pytest.mark.parametrize(
-        "predicate",
-        [
-            {"version": 2, "permissions": "user"},
-            {"version": 2, "permissions": {"projects": [{"name": "bar"}]}},
-            {"version": 2, "permissions": "user"},
-        ],
-    )
-    def test_verify_one_time_token(self, macaroon_service, predicate):
-        project = ProjectFactory.create(name="bar")
-        macaroon_obj = pymacaroons.Macaroon(
-            location="fake location",
-            identifier="identifier",
-            key="key",
-            version=pymacaroons.MACAROON_V2,
-        )
-        macaroon = macaroon_obj
-        context = project
-        principals = pretend.stub()
-        permission = predicate
-        key = "key"
-        verifier = Verifier(macaroon, context, principals, permission)
-
-        assert verifier.verify(key)

From e24fe659296bfabb65ce290ed2eb9ace6ed6e977 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 4 Dec 2019 19:20:27 -0500
Subject: [PATCH 93/96] tests: Remove unused import

---
 tests/unit/macaroons/test_caveats.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 2d283f083957..73eff36930ad 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -13,7 +13,6 @@
 from datetime import datetime, timezone
 
 import pretend
-import pymacaroons
 import pytest
 
 from pymacaroons.exceptions import MacaroonInvalidSignatureException

From 7f33a34739a9ad414e0bddb41061149f8249bb0f Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 5 Dec 2019 10:08:30 -0500
Subject: [PATCH 94/96] warehouse/api: Fix import orders

---
 warehouse/legacy/api/json.py | 5 +----
 warehouse/legacy/api/pypi.py | 6 +-----
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/warehouse/legacy/api/json.py b/warehouse/legacy/api/json.py
index 41af8a694c22..e1475f81baa8 100644
--- a/warehouse/legacy/api/json.py
+++ b/warehouse/legacy/api/json.py
@@ -12,10 +12,7 @@
 
 from collections import OrderedDict
 
-from pyramid.httpexceptions import (
-    HTTPMovedPermanently,
-    HTTPNotFound,
-)
+from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
 from pyramid.view import view_config
 from sqlalchemy.orm import Load
 from sqlalchemy.orm.exc import NoResultFound
diff --git a/warehouse/legacy/api/pypi.py b/warehouse/legacy/api/pypi.py
index fd5ddc869f66..d595ab2702fc 100644
--- a/warehouse/legacy/api/pypi.py
+++ b/warehouse/legacy/api/pypi.py
@@ -10,11 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from pyramid.httpexceptions import (
-    HTTPGone,
-    HTTPMovedPermanently,
-    HTTPNotFound,
-)
+from pyramid.httpexceptions import HTTPGone, HTTPMovedPermanently, HTTPNotFound
 from pyramid.response import Response
 from pyramid.view import forbidden_view_config, view_config
 

From 37051e9c39eb02a008e77d73752c1af03a3815c9 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Fri, 6 Dec 2019 09:36:58 -0500
Subject: [PATCH 95/96] warehouse, tests: Re-add one-time tokens

---
 tests/unit/macaroons/test_caveats.py  | 35 ++++++++++++++++++++++++---
 tests/unit/macaroons/test_services.py |  8 +++---
 tests/unit/manage/test_forms.py       | 11 +++++++++
 warehouse/macaroons/caveats.py        | 11 +++++++--
 warehouse/macaroons/services.py       |  3 +--
 warehouse/manage/forms.py             |  6 ++++-
 warehouse/templates/manage/token.html | 14 ++++++++---
 7 files changed, 72 insertions(+), 16 deletions(-)

diff --git a/tests/unit/macaroons/test_caveats.py b/tests/unit/macaroons/test_caveats.py
index 73eff36930ad..9b967f71cb7d 100644
--- a/tests/unit/macaroons/test_caveats.py
+++ b/tests/unit/macaroons/test_caveats.py
@@ -41,7 +41,7 @@ def test_creation(self):
             caveat(pretend.stub())
 
 
-class TestV1Caveat:
+class TestTopLevelCaveat:
     @pytest.mark.parametrize(
         ["predicate", "valid"],
         [
@@ -65,6 +65,8 @@ def test_verify_toplevel_caveat(self, monkeypatch, predicate, valid):
         else:
             assert caveat(predicate)
 
+
+class TestV1Caveat:
     @pytest.mark.parametrize(
         "predicate", [{}, {"permissions": None}, {"permissions": {"projects": None}}]
     )
@@ -233,15 +235,29 @@ def test_verify_project(self, db_request, predicate):
         assert caveat(predicate) is True
 
 
+class TestV2Caveat:
+    def test_onetime_caveat(self):
+        predicate = {"version": 2, "permissions": "user", "onetime": True}
+        verifier = pretend.stub(
+            database_macaroon=pretend.stub(last_used=pretend.stub())
+        )
+        caveat = V2Caveat(verifier)
+
+        with pytest.raises(InvalidMacaroon):
+            caveat(predicate)
+
+
 class TestVerifier:
     def test_creation(self):
         macaroon = pretend.stub()
+        db_macaroon = pretend.stub()
         context = pretend.stub()
         principals = pretend.stub()
         permission = pretend.stub()
-        verifier = Verifier(macaroon, context, principals, permission)
+        verifier = Verifier(macaroon, db_macaroon, context, principals, permission)
 
         assert verifier.macaroon is macaroon
+        assert verifier.database_macaroon is db_macaroon
         assert verifier.context is context
         assert verifier.principals is principals
         assert verifier.permission is permission
@@ -251,13 +267,26 @@ def test_verify(self, monkeypatch):
             pretend.raiser(MacaroonInvalidSignatureException)
         )
         macaroon = pretend.stub()
+        db_macaroon = pretend.stub()
         context = pretend.stub()
         principals = pretend.stub()
         permission = pretend.stub()
         key = pretend.stub()
-        verifier = Verifier(macaroon, context, principals, permission)
+        verifier = Verifier(macaroon, db_macaroon, context, principals, permission)
 
         monkeypatch.setattr(verifier.verifier, "verify", verify)
         with pytest.raises(InvalidMacaroon):
             verifier.verify(key)
         assert verify.calls == [pretend.call(macaroon, key)]
+
+    def test_verify_updates_last_used(self, monkeypatch):
+        db_macaroon = pretend.stub(last_used=None)
+        verifier = Verifier(
+            pretend.stub(), db_macaroon, pretend.stub(), pretend.stub(), pretend.stub()
+        )
+
+        monkeypatch.setattr(verifier.verifier, "satisfy_general", lambda c: None)
+        monkeypatch.setattr(verifier.verifier, "verify", lambda *a: True)
+
+        assert verifier.verify(pretend.stub())
+        assert verifier.database_macaroon.last_used is not None
diff --git a/tests/unit/macaroons/test_services.py b/tests/unit/macaroons/test_services.py
index 8cdc9d775080..905d38dca0ef 100644
--- a/tests/unit/macaroons/test_services.py
+++ b/tests/unit/macaroons/test_services.py
@@ -119,7 +119,7 @@ def test_verify_no_macaroon(self, macaroon_service):
 
     def test_verify_invalid_macaroon(self, monkeypatch, user_service, macaroon_service):
         user = UserFactory.create()
-        raw_macaroon, _ = macaroon_service.create_macaroon(
+        raw_macaroon, db_macaroon = macaroon_service.create_macaroon(
             "fake location", user.id, "fake description", {"fake": "caveats"}
         )
 
@@ -134,7 +134,7 @@ def test_verify_invalid_macaroon(self, monkeypatch, user_service, macaroon_servi
         with pytest.raises(services.InvalidMacaroon):
             macaroon_service.verify(raw_macaroon, context, principals, permissions)
         assert verifier_cls.calls == [
-            pretend.call(mock.ANY, context, principals, permissions)
+            pretend.call(mock.ANY, db_macaroon, context, principals, permissions)
         ]
 
     def test_verify_malformed_macaroon(self, macaroon_service):
@@ -143,7 +143,7 @@ def test_verify_malformed_macaroon(self, macaroon_service):
 
     def test_verify_valid_macaroon(self, monkeypatch, macaroon_service):
         user = UserFactory.create()
-        raw_macaroon, _ = macaroon_service.create_macaroon(
+        raw_macaroon, db_macaroon = macaroon_service.create_macaroon(
             "fake location", user.id, "fake description", {"fake": "caveats"}
         )
 
@@ -157,7 +157,7 @@ def test_verify_valid_macaroon(self, monkeypatch, macaroon_service):
 
         assert macaroon_service.verify(raw_macaroon, context, principals, permissions)
         assert verifier_cls.calls == [
-            pretend.call(mock.ANY, context, principals, permissions)
+            pretend.call(mock.ANY, db_macaroon, context, principals, permissions)
         ]
 
     def test_delete_macaroon(self, user_service, macaroon_service):
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
index 386329a2faa9..d9da56be4390 100644
--- a/tests/unit/manage/test_forms.py
+++ b/tests/unit/manage/test_forms.py
@@ -527,6 +527,17 @@ def test_validate_expiration(self, expiration, valid):
             expiration = expiration.astimezone(timezone.utc)
             assert form.validated_caveats["expiration"] == int(expiration.timestamp())
 
+    def test_validate_assigns_onetime(self):
+        form = forms.CreateMacaroonForm(
+            data={"description": "dummy", "token_scope": "scope:user", "onetime": True},
+            user_id=pretend.stub(),
+            macaroon_service=pretend.stub(get_macaroon_by_description=lambda *a: None),
+            all_projects=pretend.stub(),
+        )
+
+        assert form.validate()
+        assert form.validated_caveats["onetime"]
+
 
 class TestDeleteMacaroonForm:
     def test_creation(self):
diff --git a/warehouse/macaroons/caveats.py b/warehouse/macaroons/caveats.py
index 30643c0f4e2c..0dc8a4e474fd 100644
--- a/warehouse/macaroons/caveats.py
+++ b/warehouse/macaroons/caveats.py
@@ -103,6 +103,10 @@ def verify_projects(self, projects):
         raise InvalidMacaroon("project-scoped token matches no projects")
 
     def verify(self, predicate):
+        onetime = predicate.get("onetime", False)
+        if onetime and self.verifier.database_macaroon.last_used is not None:
+            raise InvalidMacaroon("token can't be reused")
+
         expiration = predicate.get("expiration")
         if expiration is not None:
             self.verify_expiration(expiration)
@@ -145,8 +149,9 @@ def verify(self, predicate):
 
 
 class Verifier:
-    def __init__(self, macaroon, context, principals, permission):
+    def __init__(self, macaroon, database_macaroon, context, principals, permission):
         self.macaroon = macaroon
+        self.database_macaroon = database_macaroon
         self.context = context
         self.principals = principals
         self.permission = permission
@@ -156,6 +161,8 @@ def verify(self, key):
         self.verifier.satisfy_general(TopLevelCaveat(self))
 
         try:
-            return self.verifier.verify(self.macaroon, key)
+            self.verifier.verify(self.macaroon, key)
+            self.database_macaroon.last_used = datetime.now()
+            return True
         except pymacaroons.exceptions.MacaroonInvalidSignatureException:
             raise InvalidMacaroon("invalid macaroon signature")
diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index c2e5bb935209..404af1d79389 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -117,9 +117,8 @@ def verify(self, raw_macaroon, context, principals, permission):
         if dm is None:
             raise InvalidMacaroon("deleted or nonexistent macaroon")
 
-        verifier = Verifier(m, context, principals, permission)
+        verifier = Verifier(m, dm, context, principals, permission)
         if verifier.verify(dm.key):
-            dm.last_used = datetime.datetime.now()
             return True
 
         raise InvalidMacaroon("invalid macaroon")
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
index 5a0ab27c79a0..7d00e91acd9e 100644
--- a/warehouse/manage/forms.py
+++ b/warehouse/manage/forms.py
@@ -194,7 +194,7 @@ def validate_label(self, field):
 
 
 class CreateMacaroonForm(forms.Form):
-    __params__ = ["description", "token_scope", "expiration"]
+    __params__ = ["description", "token_scope", "expiration", "onetime"]
 
     description = wtforms.StringField(
         validators=[
@@ -213,6 +213,8 @@ class CreateMacaroonForm(forms.Form):
 
     expiration = wtforms.DateTimeField()
 
+    onetime = wtforms.BooleanField()
+
     def __init__(self, *args, user_id, macaroon_service, all_projects, **kwargs):
         super().__init__(*args, **kwargs)
         self.user_id = user_id
@@ -311,6 +313,8 @@ def validate(self):
         self.validated_caveats = {"version": 2, "permissions": self.validated_scope}
         if self.validated_expiration is not None:
             self.validated_caveats["expiration"] = self.validated_expiration
+        if self.onetime.data:
+            self.validated_caveats["onetime"] = True
         return res
 
 
diff --git a/warehouse/templates/manage/token.html b/warehouse/templates/manage/token.html
index 1f6b325823bc..bdb452d9536d 100644
--- a/warehouse/templates/manage/token.html
+++ b/warehouse/templates/manage/token.html
@@ -129,9 +129,15 @@ <h2>{% trans %}Add another token{% endtrans %}</h2>
         </div>
         <p id="description-help-text" class="form-group__help-text">{% trans %}What is this token for?{% endtrans %}</p>
       </div>
+
       <div class="form-group">
-        <span class="form-group__label">{% trans %}Permissions{% endtrans %}</span>
-        <p class="form-group__text">{% trans %}Upload packages{% endtrans %}</p>
+        <label for="onetime" class="form-group__label">
+          {% trans %}Single-use{% endtrans %}
+        </label>
+        <input type="checkbox" name="onetime" id="onetime" class="form-group__input">
+        <div id="onetime-errors">
+          {{ field_errors(create_macaroon_form.onetime) }}
+        </div>
       </div>
 
       <div class="form-group">
@@ -167,7 +173,7 @@ <h3 class="callout-block__heading">{% trans %}Proceed with caution!{% endtrans %
           {% endif %}
         </label>
         <input type="text" name="project_version" id="project_version" class="form-group__input" aria-describedby="token-name-errors description-help-text" value="{{ create_macaroon_form.project_version.data or ""}}">
-        <div id="token-name-errors">
+        <div id="project-release-errors">
           {{ field_errors(create_macaroon_form.project_version) }}
         </div>
       </div>
@@ -180,7 +186,7 @@ <h3 class="callout-block__heading">{% trans %}Proceed with caution!{% endtrans %
           {% endif %}
         </label>
         <input type="datetime-local" name="expiration" id="expiration" class="form-group__input" aria-describedby="token-name-errors expiration-help-text" value="{{ create_macaroon_form.expiration.data or ""}}">
-        <div id="token-name-errors">
+        <div id="expiration-errors">
           {{ field_errors(create_macaroon_form.expiration) }}
         </div>
       </div>

From 87ca35ad80adfcaba15f397aac085319fd530501 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Fri, 6 Dec 2019 10:19:47 -0500
Subject: [PATCH 96/96] warehouse/macaroons: Remove unused import

---
 warehouse/macaroons/services.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/warehouse/macaroons/services.py b/warehouse/macaroons/services.py
index 404af1d79389..f24f9fbc5514 100644
--- a/warehouse/macaroons/services.py
+++ b/warehouse/macaroons/services.py
@@ -10,7 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import datetime
 import json
 import uuid