From 4c0e215c2f504c755315e9e70b2a573fc4aa8c19 Mon Sep 17 00:00:00 2001
From: Jake Moshenko <jake.moshenko@coreos.com>
Date: Wed, 18 Nov 2015 19:04:26 -0500
Subject: [PATCH 1/2] Silence boto logs when running locally

---
 conf/logging_debug.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/conf/logging_debug.conf b/conf/logging_debug.conf
index 01a3c8fbb..3413f3035 100644
--- a/conf/logging_debug.conf
+++ b/conf/logging_debug.conf
@@ -1,5 +1,5 @@
 [loggers]
-keys=root
+keys=root,boto
 
 [handlers]
 keys=console
@@ -11,6 +11,11 @@ keys=generic
 level=DEBUG
 handlers=console
 
+[logger_boto]
+level=INFO
+handlers=console
+qualname=boto
+
 [handler_console]
 class=StreamHandler
 formatter=generic

From c27f91f7cf0629767e7a86d4338fbb6030363196 Mon Sep 17 00:00:00 2001
From: Jake Moshenko <jake.moshenko@coreos.com>
Date: Wed, 18 Nov 2015 19:04:40 -0500
Subject: [PATCH 2/2] Fix token pushes for v2 auth, tokens have no user

---
 endpoints/v2/v2auth.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py
index 4e48b4416..4dec3f342 100644
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@@ -9,7 +9,7 @@ from cachetools import lru_cache
 from app import app
 from data import model
 from auth.auth import process_auth
-from auth.auth_context import get_authenticated_user
+from auth.auth_context import get_authenticated_user, get_validated_token
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
                               CreateRepositoryPermission)
 from endpoints.v2 import v2_bp
@@ -54,6 +54,10 @@ def generate_registry_jwt():
   logger.debug('Scope request: %s', scope_param)
 
   user = get_authenticated_user()
+  logger.debug('Authenticated user: %s', user)
+
+  token = get_validated_token()
+  logger.debug('Authenticated token: %s', token)
   access = []
   if scope_param is not None:
     match = SCOPE_REGEX.match(scope_param)
@@ -74,17 +78,19 @@ def generate_registry_jwt():
     if not REPOSITORY_NAME_REGEX.match(reponame):
       abort(400)
 
-    if 'pull' in actions and 'push' in actions:
-      if user is None:
-        abort(401)
+    if ('pull' in actions or 'push' in actions) and user is None and token is None:
+      # We are trying to perform a registry action without auth
+      abort(401)
 
+    if 'pull' in actions and 'push' in actions:
       repo = model.repository.get_repository(namespace, reponame)
       if repo:
         if not ModifyRepositoryPermission(namespace, reponame).can():
           abort(403)
       else:
-        if not CreateRepositoryPermission(namespace).can():
+        if not CreateRepositoryPermission(namespace).can() or user is None:
           abort(403)
+
         logger.debug('Creating repository: %s/%s', namespace, reponame)
         model.repository.create_repository(namespace, reponame, user)
     elif 'pull' in actions: