api: token: drop usage of global authority import

certidude/api/__init__.py

@@ -225,7 +225,7 @@ def certidude_app(log_handlers=[]):
     app.add_route("/api/", SessionResource())
 
     if config.USER_ENROLLMENT_ALLOWED: # TODO: add token enable/disable flag for config
-        app.add_route("/api/token/", TokenResource())
+        app.add_route("/api/token/", TokenResource(authority))
 
     # Extended attributes for scripting etc.
     app.add_route("/api/signed/{cn}/attr/", AttributeResource(authority, namespace="machine"))

certidude/api/token.py

@@ -11,12 +11,15 @@ from time import time
 from certidude import mailer
 from certidude.decorators import serialize
 from certidude.user import User
-from certidude import config, authority
+from certidude import config
 from certidude.auth import login_required, authorize_admin
 
 logger = logging.getLogger(__name__)
 
 class TokenResource(object):
+    def __init__(self, authority):
+        self.authority = authority
+
     def on_put(self, req, resp):
         # Consume token
         now = time()
@@ -43,7 +46,7 @@ class TokenResource(object):
         common_name = csr["certification_request_info"]["subject"].native["common_name"]
         assert common_name == username or common_name.startswith(username + "@"), "Invalid common name %s" % common_name
         try:
-            _, resp.body = authority._sign(csr, body)
+            _, resp.body = self.authority._sign(csr, body)
             resp.set_header("Content-Type", "application/x-pem-file")
             logger.info("Autosigned %s as proven by token ownership", common_name)
         except FileExistsError: