Jake Moshenko
commit
0195eea77c
2 changed files with 17 additions and 6 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
[loggers]
|
[loggers]
|
||||||
keys=root
|
keys=root,boto
|
||||||
|
|
||||||
[handlers]
|
[handlers]
|
||||||
keys=console
|
keys=console
|
||||||
|
|
@ -11,6 +11,11 @@ keys=generic
|
||||||
level=DEBUG
|
level=DEBUG
|
||||||
handlers=console
|
handlers=console
|
||||||
|
|
||||||
|
[logger_boto]
|
||||||
|
level=INFO
|
||||||
|
handlers=console
|
||||||
|
qualname=boto
|
||||||
|
|
||||||
[handler_console]
|
[handler_console]
|
||||||
class=StreamHandler
|
class=StreamHandler
|
||||||
formatter=generic
|
formatter=generic
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ from cachetools import lru_cache
|
||||||
from app import app
|
from app import app
|
||||||
from data import model
|
from data import model
|
||||||
from auth.auth import process_auth
|
from auth.auth import process_auth
|
||||||
from auth.auth_context import get_authenticated_user
|
from auth.auth_context import get_authenticated_user, get_validated_token
|
||||||
from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
|
from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
|
||||||
CreateRepositoryPermission)
|
CreateRepositoryPermission)
|
||||||
from endpoints.v2 import v2_bp
|
from endpoints.v2 import v2_bp
|
||||||
|
|
@ -54,6 +54,10 @@ def generate_registry_jwt():
|
||||||
logger.debug('Scope request: %s', scope_param)
|
logger.debug('Scope request: %s', scope_param)
|
||||||
|
|
||||||
user = get_authenticated_user()
|
user = get_authenticated_user()
|
||||||
|
logger.debug('Authenticated user: %s', user)
|
||||||
|
|
||||||
|
token = get_validated_token()
|
||||||
|
logger.debug('Authenticated token: %s', token)
|
||||||
access = []
|
access = []
|
||||||
if scope_param is not None:
|
if scope_param is not None:
|
||||||
match = SCOPE_REGEX.match(scope_param)
|
match = SCOPE_REGEX.match(scope_param)
|
||||||
|
|
@ -74,17 +78,19 @@ def generate_registry_jwt():
|
||||||
if not REPOSITORY_NAME_REGEX.match(reponame):
|
if not REPOSITORY_NAME_REGEX.match(reponame):
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
if 'pull' in actions and 'push' in actions:
|
if ('pull' in actions or 'push' in actions) and user is None and token is None:
|
||||||
if user is None:
|
# We are trying to perform a registry action without auth
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
||||||
|
if 'pull' in actions and 'push' in actions:
|
||||||
repo = model.repository.get_repository(namespace, reponame)
|
repo = model.repository.get_repository(namespace, reponame)
|
||||||
if repo:
|
if repo:
|
||||||
if not ModifyRepositoryPermission(namespace, reponame).can():
|
if not ModifyRepositoryPermission(namespace, reponame).can():
|
||||||
abort(403)
|
abort(403)
|
||||||
else:
|
else:
|
||||||
if not CreateRepositoryPermission(namespace).can():
|
if not CreateRepositoryPermission(namespace).can() or user is None:
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
logger.debug('Creating repository: %s/%s', namespace, reponame)
|
logger.debug('Creating repository: %s/%s', namespace, reponame)
|
||||||
model.repository.create_repository(namespace, reponame, user)
|
model.repository.create_repository(namespace, reponame, user)
|
||||||
elif 'pull' in actions:
|
elif 'pull' in actions:
|
||||||
|
|
|
||||||
Reference in a new issue