Merge pull request #916 from jakedt/fixcrazyauth

Fixcrazyauth
2015-11-18 19:30:08 -05:00 · 2015-11-18 19:30:08 -05:00 · 0195eea77c
commit 0195eea77c
parent 32d0cb49c9 c27f91f7cf
2 changed files with 17 additions and 6 deletions
--- a/conf/logging_debug.conf
+++ b/conf/logging_debug.conf
@ -1,5 +1,5 @@
 [loggers]
-keys=root
+keys=root,boto

 [handlers]
 keys=console
@ -11,6 +11,11 @@ keys=generic
 level=DEBUG
 handlers=console

+[logger_boto]
+level=INFO
+handlers=console
+qualname=boto
+
 [handler_console]
 class=StreamHandler
 formatter=generic
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@ -9,7 +9,7 @@ from cachetools import lru_cache
 from app import app
 from data import model
 from auth.auth import process_auth
-from auth.auth_context import get_authenticated_user
+from auth.auth_context import get_authenticated_user, get_validated_token
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
                              CreateRepositoryPermission)
 from endpoints.v2 import v2_bp
@ -54,6 +54,10 @@ def generate_registry_jwt():
  logger.debug('Scope request: %s', scope_param)

  user = get_authenticated_user()
+  logger.debug('Authenticated user: %s', user)
+
+  token = get_validated_token()
+  logger.debug('Authenticated token: %s', token)
  access = []
  if scope_param is not None:
    match = SCOPE_REGEX.match(scope_param)
@ -74,17 +78,19 @@ def generate_registry_jwt():
    if not REPOSITORY_NAME_REGEX.match(reponame):
      abort(400)

-    if 'pull' in actions and 'push' in actions:
-      if user is None:
-        abort(401)
+    if ('pull' in actions or 'push' in actions) and user is None and token is None:
+      # We are trying to perform a registry action without auth
+      abort(401)

+    if 'pull' in actions and 'push' in actions:
      repo = model.repository.get_repository(namespace, reponame)
      if repo:
        if not ModifyRepositoryPermission(namespace, reponame).can():
          abort(403)
      else:
-        if not CreateRepositoryPermission(namespace).can():
+        if not CreateRepositoryPermission(namespace).can() or user is None:
          abort(403)
+
        logger.debug('Creating repository: %s/%s', namespace, reponame)
        model.repository.create_repository(namespace, reponame, user)
    elif 'pull' in actions: