From 2597bcef3fc330457a6818362ac4b99e7dbec8cc Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 11 Aug 2014 15:47:44 -0400 Subject: [PATCH 001/160] Add support for login with Google. Note that this CL is not complete --- config.py | 12 +- endpoints/callbacks.py | 128 ++++++++++++++---- initdb.py | 2 + static/directives/external-login-button.html | 17 +++ static/directives/signin-form.html | 6 +- static/directives/signup-form.html | 6 +- static/js/app.js | 100 +++++++++----- static/js/controllers.js | 5 +- static/partials/user-admin.html | 30 +++- .../{githuberror.html => ologinerror.html} | 8 +- 10 files changed, 231 insertions(+), 83 deletions(-) create mode 100644 static/directives/external-login-button.html rename templates/{githuberror.html => ologinerror.html} (66%) diff --git a/config.py b/config.py index a903fa29a..708449714 100644 --- a/config.py +++ b/config.py @@ -19,7 +19,7 @@ def build_requests_session(): CLIENT_WHITELIST = ['SERVER_HOSTNAME', 'PREFERRED_URL_SCHEME', 'GITHUB_CLIENT_ID', 'GITHUB_LOGIN_CLIENT_ID', 'MIXPANEL_KEY', 'STRIPE_PUBLISHABLE_KEY', 'ENTERPRISE_LOGO_URL', 'SENTRY_PUBLIC_DSN', 'AUTHENTICATION_TYPE', - 'REGISTRY_TITLE', 'REGISTRY_TITLE_SHORT'] + 'REGISTRY_TITLE', 'REGISTRY_TITLE_SHORT', 'GOOGLE_LOGIN_CLIENT_ID'] def getFrontendVisibleConfig(config_dict): @@ -115,6 +115,13 @@ class DefaultConfig(object): GITHUB_LOGIN_CLIENT_ID = '' GITHUB_LOGIN_CLIENT_SECRET = '' + # Google Config. + GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token' + GOOGLE_USER_URL = 'https://www.googleapis.com/oauth2/v1/userinfo' + + GOOGLE_LOGIN_CLIENT_ID = '' + GOOGLE_LOGIN_CLIENT_SECRET = '' + # Requests based HTTP client with a large request pool HTTPCLIENT = build_requests_session() @@ -144,6 +151,9 @@ class DefaultConfig(object): # Feature Flag: Whether GitHub login is supported. FEATURE_GITHUB_LOGIN = False + # Feature Flag: Whether Google login is supported. + FEATURE_GOOGLE_LOGIN = False + # Feature flag, whether to enable olark chat FEATURE_OLARK_CHAT = False diff --git a/endpoints/callbacks.py b/endpoints/callbacks.py index 015f3c3a7..ba53cbc5c 100644 --- a/endpoints/callbacks.py +++ b/endpoints/callbacks.py @@ -7,6 +7,7 @@ from endpoints.common import render_page_template, common_login, route_show_if from app import app, analytics from data import model from util.names import parse_repository_name +from util.validation import generate_valid_usernames from util.http import abort from auth.permissions import AdministerRepositoryPermission from auth.auth import require_session_login @@ -21,19 +22,31 @@ client = app.config['HTTPCLIENT'] callback = Blueprint('callback', __name__) -def exchange_github_code_for_token(code, for_login=True): +def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False): code = request.args.get('code') + id_config = service_name + '_LOGIN_CLIENT_ID' if for_login else service_name + '_CLIENT_ID' + secret_config = service_name + '_LOGIN_CLIENT_SECRET' if for_login else service_name + '_CLIENT_SECRET' + payload = { - 'client_id': app.config['GITHUB_LOGIN_CLIENT_ID' if for_login else 'GITHUB_CLIENT_ID'], - 'client_secret': app.config['GITHUB_LOGIN_CLIENT_SECRET' if for_login else 'GITHUB_CLIENT_SECRET'], + 'client_id': app.config[id_config], + 'client_secret': app.config[secret_config], 'code': code, + 'grant_type': 'authorization_code', + 'redirect_uri': '%s://%s/oauth2/%s/callback' % (app.config['PREFERRED_URL_SCHEME'], + app.config['SERVER_HOSTNAME'], + service_name.lower()) } + headers = { 'Accept': 'application/json' } - get_access_token = client.post(app.config['GITHUB_TOKEN_URL'], - params=payload, headers=headers) + if form_encode: + get_access_token = client.post(app.config[service_name + '_TOKEN_URL'], + data=payload, headers=headers) + else: + get_access_token = client.post(app.config[service_name + '_TOKEN_URL'], + params=payload, headers=headers) json_data = get_access_token.json() if not json_data: @@ -52,17 +65,76 @@ def get_github_user(token): return get_user.json() +def get_google_user(token): + token_param = { + 'access_token': token, + 'alt': 'json', + } + + get_user = client.get(app.config['GOOGLE_USER_URL'], params=token_param) + return get_user.json() + +def conduct_oauth_login(service_name, user_id, username, email): + to_login = model.verify_federated_login(service_name.lower(), user_id) + if not to_login: + # try to create the user + try: + valid = next(generate_valid_usernames(username)) + to_login = model.create_federated_user(valid, email, service_name.lower(), + user_id, set_password_notification=True) + + # Success, tell analytics + analytics.track(to_login.username, 'register', {'service': service_name.lower()}) + + state = request.args.get('state', None) + if state: + logger.debug('Aliasing with state: %s' % state) + analytics.alias(to_login.username, state) + + except model.DataModelException, ex: + return render_page_template('ologinerror.html', service_name=service_name, + error_message=ex.message) + + if common_login(to_login): + return redirect(url_for('web.index')) + + return render_page_template('ologinerror.html', service_name=service_name, + error_message='Unknown error') + + +@callback.route('/google/callback', methods=['GET']) +@route_show_if(features.GOOGLE_LOGIN) +def google_oauth_callback(): + error = request.args.get('error', None) + if error: + return render_page_template('ologinerror.html', service_name='Google', error_message=error) + + token = exchange_code_for_token(request.args.get('code'), service_name='GOOGLE', form_encode=True) + user_data = get_google_user(token) + if not user_data or not user_data.get('id', None) or not user_data.get('email', None): + return render_page_template('ologinerror.html', service_name = 'Google', + error_message='Could not load user data') + + username = user_data['email'] + at = username.find('@') + if at > 0: + username = username[0:at] + + return conduct_oauth_login('Google', user_data['id'], username, user_data['email']) + + @callback.route('/github/callback', methods=['GET']) @route_show_if(features.GITHUB_LOGIN) def github_oauth_callback(): error = request.args.get('error', None) if error: - return render_page_template('githuberror.html', error_message=error) + return render_page_template('ologinerror.html', service_name = 'GitHub', error_message=error) - token = exchange_github_code_for_token(request.args.get('code')) + token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB') user_data = get_github_user(token) if not user_data: - return render_page_template('githuberror.html', error_message='Could not load user data') + return render_page_template('ologinerror.html', service_name = 'GitHub', + error_message='Could not load user data') username = user_data['login'] github_id = user_data['id'] @@ -84,38 +156,34 @@ def github_oauth_callback(): if user_email['primary']: break - to_login = model.verify_federated_login('github', github_id) - if not to_login: - # try to create the user - try: - to_login = model.create_federated_user(username, found_email, 'github', - github_id, set_password_notification=True) + return conduct_oauth_login('github', github_id, username, found_email) - # Success, tell analytics - analytics.track(to_login.username, 'register', {'service': 'github'}) - state = request.args.get('state', None) - if state: - logger.debug('Aliasing with state: %s' % state) - analytics.alias(to_login.username, state) +@callback.route('/google/callback/attach', methods=['GET']) +@route_show_if(features.GOOGLE_LOGIN) +@require_session_login +def google_oauth_attach(): + token = exchange_code_for_token(request.args.get('code'), service_name='GOOGLE') + user_data = get_google_user(token) + if not user_data or not user_data.get('id', None): + return render_page_template('ologinerror.html', service_name = 'Google', + error_message='Could not load user data') - except model.DataModelException, ex: - return render_page_template('githuberror.html', error_message=ex.message) - - if common_login(to_login): - return redirect(url_for('web.index')) - - return render_page_template('githuberror.html') + google_id = user_data['id'] + user_obj = current_user.db_user() + model.attach_federated_login(user_obj, 'google', google_id) + return redirect(url_for('web.user')) @callback.route('/github/callback/attach', methods=['GET']) @route_show_if(features.GITHUB_LOGIN) @require_session_login def github_oauth_attach(): - token = exchange_github_code_for_token(request.args.get('code')) + token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB') user_data = get_github_user(token) if not user_data: - return render_page_template('githuberror.html', error_message='Could not load user data') + return render_page_template('ologinerror.html', service_name = 'GitHub', + error_message='Could not load user data') github_id = user_data['id'] user_obj = current_user.db_user() @@ -130,7 +198,7 @@ def github_oauth_attach(): def attach_github_build_trigger(namespace, repository): permission = AdministerRepositoryPermission(namespace, repository) if permission.can(): - token = exchange_github_code_for_token(request.args.get('code'), for_login=False) + token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB', for_login=False) repo = model.get_repository(namespace, repository) if not repo: msg = 'Invalid repository: %s/%s' % (namespace, repository) diff --git a/initdb.py b/initdb.py index 7e48ae3af..5d10a2039 100644 --- a/initdb.py +++ b/initdb.py @@ -179,6 +179,8 @@ def initialize_database(): TeamRole.create(name='member') Visibility.create(name='public') Visibility.create(name='private') + + LoginService.create(name='google') LoginService.create(name='github') LoginService.create(name='quayrobot') LoginService.create(name='ldap') diff --git a/static/directives/external-login-button.html b/static/directives/external-login-button.html new file mode 100644 index 000000000..cc1d39bbd --- /dev/null +++ b/static/directives/external-login-button.html @@ -0,0 +1,17 @@ + + + + + Sign In with GitHub + Attach to GitHub Account + + + + + + + Sign In with Google + Attach to Google Account + + + diff --git a/static/directives/signin-form.html b/static/directives/signin-form.html index f56b8f8db..ec57619a8 100644 --- a/static/directives/signin-form.html +++ b/static/directives/signin-form.html @@ -11,10 +11,8 @@ OR - - Sign In with GitHub - +
+
Invalid username or password.
diff --git a/static/directives/signup-form.html b/static/directives/signup-form.html index fb0ccc6fa..249bff31c 100644 --- a/static/directives/signup-form.html +++ b/static/directives/signup-form.html @@ -18,10 +18,8 @@ OR - - Sign In with GitHub - +
+

No credit card required.

diff --git a/static/js/app.js b/static/js/app.js index 8daec75d4..978012bb6 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -1278,10 +1278,41 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading var keyService = {} keyService['stripePublishableKey'] = Config['STRIPE_PUBLISHABLE_KEY']; + keyService['githubClientId'] = Config['GITHUB_CLIENT_ID']; keyService['githubLoginClientId'] = Config['GITHUB_LOGIN_CLIENT_ID']; keyService['githubRedirectUri'] = Config.getUrl('/oauth2/github/callback'); + keyService['googleLoginClientId'] = Config['GOOGLE_LOGIN_CLIENT_ID']; + keyService['googleRedirectUri'] = Config.getUrl('/oauth2/google/callback'); + + keyService['googleLoginUrl'] = 'https://accounts.google.com/o/oauth2/auth?response_type=code&'; + keyService['githubLoginUrl'] = 'https://github.com/login/oauth/authorize?'; + + keyService['googleLoginScope'] = 'openid email'; + keyService['githubLoginScope'] = 'user:email'; + + keyService.getExternalLoginUrl = function(service, action) { + var state_clause = ''; + if (Config.MIXPANEL_KEY && window.mixpanel) { + if (mixpanel.get_distinct_id !== undefined) { + state_clause = "&state=" + encodeURIComponent(mixpanel.get_distinct_id()); + } + } + + var client_id = keyService[service + 'LoginClientId']; + var scope = keyService[service + 'LoginScope']; + var redirect_uri = keyService[service + 'RedirectUri']; + if (action == 'attach') { + redirect_uri += '/attach'; + } + + var url = keyService[service + 'LoginUrl'] + 'client_id=' + client_id + '&scope=' + scope + + '&redirect_uri=' + redirect_uri + state_clause; + + return url; + }; + return keyService; }]); @@ -2150,6 +2181,41 @@ quayApp.directive('userSetup', function () { }); +quayApp.directive('externalLoginButton', function () { + var directiveDefinitionObject = { + priority: 0, + templateUrl: '/static/directives/external-login-button.html', + replace: false, + transclude: true, + restrict: 'C', + scope: { + 'signInStarted': '&signInStarted', + 'redirectUrl': '=redirectUrl', + 'provider': '@provider', + 'action': '@action' + }, + controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, CookieService, Features, Config) { + $scope.startSignin = function(service) { + $scope.signInStarted({'service': service}); + + var url = KeyService.getExternalLoginUrl(service, $scope.action || 'login'); + + // Save the redirect URL in a cookie so that we can redirect back after the service returns to us. + var redirectURL = $scope.redirectUrl || window.location.toString(); + CookieService.putPermanent('quay.redirectAfterLoad', redirectURL); + + // Needed to ensure that UI work done by the started callback is finished before the location + // changes. + $timeout(function() { + document.location = url; + }, 250); + }; + } + }; + return directiveDefinitionObject; +}); + + quayApp.directive('signinForm', function () { var directiveDefinitionObject = { priority: 0, @@ -2163,29 +2229,6 @@ quayApp.directive('signinForm', function () { 'signedIn': '&signedIn' }, controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, CookieService, Features, Config) { - $scope.showGithub = function() { - if (!Features.GITHUB_LOGIN) { return; } - - $scope.markStarted(); - - var mixpanelDistinctIdClause = ''; - if (Config.MIXPANEL_KEY && mixpanel.get_distinct_id !== undefined) { - $scope.mixpanelDistinctIdClause = "&state=" + encodeURIComponent(mixpanel.get_distinct_id()); - } - - // Save the redirect URL in a cookie so that we can redirect back after GitHub returns to us. - var redirectURL = $scope.redirectUrl || window.location.toString(); - CookieService.putPermanent('quay.redirectAfterLoad', redirectURL); - - // Needed to ensure that UI work done by the started callback is finished before the location - // changes. - $timeout(function() { - var url = 'https://github.com/login/oauth/authorize?client_id=' + encodeURIComponent(KeyService.githubLoginClientId) + - '&scope=user:email' + mixpanelDistinctIdClause; - document.location = url; - }, 250); - }; - $scope.markStarted = function() { if ($scope.signInStarted != null) { $scope.signInStarted(); @@ -2235,18 +2278,9 @@ quayApp.directive('signupForm', function () { scope: { }, - controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, Config, UIService) { + controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, Config, UIService) { $('.form-signup').popover(); - if (Config.MIXPANEL_KEY) { - angulartics.waitForVendorApi(mixpanel, 500, function(loadedMixpanel) { - var mixpanelId = loadedMixpanel.get_distinct_id(); - $scope.github_state_clause = '&state=' + mixpanelId; - }); - } - - $scope.githubClientId = KeyService.githubLoginClientId; - $scope.awaitingConfirmation = false; $scope.registering = false; diff --git a/static/js/controllers.js b/static/js/controllers.js index d77ffb298..7690f79f6 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -1681,6 +1681,10 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use $scope.githubLogin = resp.login; }); } + + if ($scope.cuser.logins[i].service == 'google') { + $scope.hasGoogleLogin = true; + } } } }); @@ -1697,7 +1701,6 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use $scope.convertStep = 0; $scope.org = {}; $scope.githubRedirectUri = KeyService.githubRedirectUri; - $scope.githubClientId = KeyService.githubLoginClientId; $scope.authorizedApps = null; $scope.logsShown = 0; diff --git a/static/partials/user-admin.html b/static/partials/user-admin.html index 783c5f87a..fc0acb89e 100644 --- a/static/partials/user-admin.html +++ b/static/partials/user-admin.html @@ -33,7 +33,7 @@
  • Account E-mail
  • Robot Accounts
  • Change Password
    • -
  • GitHub Login
    • +
  • External Logins
  • Authorized Applications
  • Usage Logs @@ -162,12 +162,14 @@ - -
    + +
    -
    + + +
    GitHub Login:
    @@ -175,12 +177,28 @@ {{githubLogin}}
    -
    - Connect with GitHub +
    +
    + + +
    +
    +
    Google Login:
    +
    +
    + Account tied to your Google account. +
    +
    + +
    +
    +
    +
    +
    diff --git a/templates/githuberror.html b/templates/ologinerror.html similarity index 66% rename from templates/githuberror.html rename to templates/ologinerror.html index acb803f57..cd921eec2 100644 --- a/templates/githuberror.html +++ b/templates/ologinerror.html @@ -1,14 +1,14 @@ {% extends "base.html" %} {% block title %} - Error Logging in with GitHub · Quay.io + Error Logging in with {{ service_name }} · Quay.io {% endblock %} {% block body_content %}
    -

    There was an error logging in with GitHub.

    +

    There was an error logging in with {{ service_name }}.

    {% if error_message %}
    {{ error_message }}
    @@ -16,11 +16,11 @@
    Please register using the registration form to continue. - You will be able to connect your github account to your Quay.io account + You will be able to connect your account to your Quay.io account in the user settings.
    -{% endblock %} \ No newline at end of file +{% endblock %} From 389c88a7c4b2b08b879b772a0deca139e004ef3e Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 11 Aug 2014 18:25:01 -0400 Subject: [PATCH 002/160] Update federated login to store metadata and have the UI pull the information from the metadata --- data/database.py | 1 + data/model/legacy.py | 13 ++++-- endpoints/api/user.py | 8 ++++ endpoints/callbacks.py | 81 ++++++++++++++++++++++++++------- static/js/controllers.js | 9 ++-- static/partials/user-admin.html | 17 +++++-- 6 files changed, 99 insertions(+), 30 deletions(-) diff --git a/data/database.py b/data/database.py index 76a0af9df..6099cf5d9 100644 --- a/data/database.py +++ b/data/database.py @@ -116,6 +116,7 @@ class FederatedLogin(BaseModel): user = ForeignKeyField(User, index=True) service = ForeignKeyField(LoginService, index=True) service_ident = CharField() + metadata_json = TextField(default='{}') class Meta: database = db diff --git a/data/model/legacy.py b/data/model/legacy.py index b5afdfeb8..bfa310046 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -346,7 +346,8 @@ def set_team_org_permission(team, team_role_name, set_by_username): return team -def create_federated_user(username, email, service_name, service_id, set_password_notification): +def create_federated_user(username, email, service_name, service_id, + set_password_notification, metadata={}): if not is_create_user_allowed(): raise TooManyUsersException() @@ -356,7 +357,8 @@ def create_federated_user(username, email, service_name, service_id, set_passwor service = LoginService.get(LoginService.name == service_name) FederatedLogin.create(user=new_user, service=service, - service_ident=service_id) + service_ident=service_id, + metadata_json=json.dumps(metadata)) if set_password_notification: create_notification('password_required', new_user) @@ -364,9 +366,10 @@ def create_federated_user(username, email, service_name, service_id, set_passwor return new_user -def attach_federated_login(user, service_name, service_id): +def attach_federated_login(user, service_name, service_id, metadata={}): service = LoginService.get(LoginService.name == service_name) - FederatedLogin.create(user=user, service=service, service_ident=service_id) + FederatedLogin.create(user=user, service=service, service_ident=service_id, + metadata_json=json.dumps(metadata)) return user @@ -385,7 +388,7 @@ def verify_federated_login(service_name, service_id): def list_federated_logins(user): selected = FederatedLogin.select(FederatedLogin.service_ident, - LoginService.name) + LoginService.name, FederatedLogin.metadata_json) joined = selected.join(LoginService) return joined.where(LoginService.name != 'quayrobot', FederatedLogin.user == user) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 3d79a806d..23bc3137a 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -39,9 +39,16 @@ def user_view(user): organizations = model.get_user_organizations(user.username) def login_view(login): + print login.metadata_json + try: + metadata = json.loads(login.metadata_json) + except: + metadata = None + return { 'service': login.service.name, 'service_identifier': login.service_ident, + 'metadata': metadata } logins = model.list_federated_logins(user) @@ -88,6 +95,7 @@ class User(ApiResource): """ Operations related to users. """ schemas = { 'NewUser': { + 'id': 'NewUser', 'type': 'object', 'description': 'Fields which must be specified for a new user.', diff --git a/endpoints/callbacks.py b/endpoints/callbacks.py index ba53cbc5c..49fa1e8a6 100644 --- a/endpoints/callbacks.py +++ b/endpoints/callbacks.py @@ -11,6 +11,7 @@ from util.validation import generate_valid_usernames from util.http import abort from auth.permissions import AdministerRepositoryPermission from auth.auth import require_session_login +from peewee import IntegrityError import features @@ -22,7 +23,8 @@ client = app.config['HTTPCLIENT'] callback = Blueprint('callback', __name__) -def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False): +def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False, + redirect_suffix=''): code = request.args.get('code') id_config = service_name + '_LOGIN_CLIENT_ID' if for_login else service_name + '_CLIENT_ID' secret_config = service_name + '_LOGIN_CLIENT_SECRET' if for_login else service_name + '_CLIENT_SECRET' @@ -32,9 +34,10 @@ def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_en 'client_secret': app.config[secret_config], 'code': code, 'grant_type': 'authorization_code', - 'redirect_uri': '%s://%s/oauth2/%s/callback' % (app.config['PREFERRED_URL_SCHEME'], - app.config['SERVER_HOSTNAME'], - service_name.lower()) + 'redirect_uri': '%s://%s/oauth2/%s/callback%s' % (app.config['PREFERRED_URL_SCHEME'], + app.config['SERVER_HOSTNAME'], + service_name.lower(), + redirect_suffix) } headers = { @@ -74,14 +77,15 @@ def get_google_user(token): get_user = client.get(app.config['GOOGLE_USER_URL'], params=token_param) return get_user.json() -def conduct_oauth_login(service_name, user_id, username, email): +def conduct_oauth_login(service_name, user_id, username, email, metadata={}): to_login = model.verify_federated_login(service_name.lower(), user_id) if not to_login: # try to create the user try: valid = next(generate_valid_usernames(username)) to_login = model.create_federated_user(valid, email, service_name.lower(), - user_id, set_password_notification=True) + user_id, set_password_notification=True, + metadata=metadata) # Success, tell analytics analytics.track(to_login.username, 'register', {'service': service_name.lower()}) @@ -102,6 +106,15 @@ def conduct_oauth_login(service_name, user_id, username, email): error_message='Unknown error') +def get_google_username(user_data): + username = user_data['email'] + at = username.find('@') + if at > 0: + username = username[0:at] + + return username + + @callback.route('/google/callback', methods=['GET']) @route_show_if(features.GOOGLE_LOGIN) def google_oauth_callback(): @@ -115,12 +128,13 @@ def google_oauth_callback(): return render_page_template('ologinerror.html', service_name = 'Google', error_message='Could not load user data') - username = user_data['email'] - at = username.find('@') - if at > 0: - username = username[0:at] + username = get_google_username(user_data) + metadata = { + 'service_username': username + } - return conduct_oauth_login('Google', user_data['id'], username, user_data['email']) + return conduct_oauth_login('Google', user_data['id'], username, user_data['email'], + metadata=metadata) @callback.route('/github/callback', methods=['GET']) @@ -156,14 +170,20 @@ def github_oauth_callback(): if user_email['primary']: break - return conduct_oauth_login('github', github_id, username, found_email) + metadata = { + 'service_username': username + } + + return conduct_oauth_login('github', github_id, username, found_email, metadata=metadata) @callback.route('/google/callback/attach', methods=['GET']) @route_show_if(features.GOOGLE_LOGIN) @require_session_login def google_oauth_attach(): - token = exchange_code_for_token(request.args.get('code'), service_name='GOOGLE') + token = exchange_code_for_token(request.args.get('code'), service_name='GOOGLE', + redirect_suffix='/attach', form_encode=True) + user_data = get_google_user(token) if not user_data or not user_data.get('id', None): return render_page_template('ologinerror.html', service_name = 'Google', @@ -171,7 +191,21 @@ def google_oauth_attach(): google_id = user_data['id'] user_obj = current_user.db_user() - model.attach_federated_login(user_obj, 'google', google_id) + + username = get_google_username(user_data) + metadata = { + 'service_username': username + } + + try: + model.attach_federated_login(user_obj, 'google', google_id, metadata=metadata) + except IntegrityError: + err = 'Google account %s is already attached to a %s account' % ( + username, app.config['REGISTRY_TITLE_SHORT']) + + return render_page_template('ologinerror.html', service_name = 'Google', + error_message=err) + return redirect(url_for('web.user')) @@ -187,7 +221,21 @@ def github_oauth_attach(): github_id = user_data['id'] user_obj = current_user.db_user() - model.attach_federated_login(user_obj, 'github', github_id) + + username = user_data['login'] + metadata = { + 'service_username': username + } + + try: + model.attach_federated_login(user_obj, 'github', github_id, metadata=metadata) + except IntegrityError: + err = 'Github account %s is already attached to a %s account' % ( + username, app.config['REGISTRY_TITLE_SHORT']) + + return render_page_template('ologinerror.html', service_name = 'Github', + error_message=err) + return redirect(url_for('web.user')) @@ -198,7 +246,8 @@ def github_oauth_attach(): def attach_github_build_trigger(namespace, repository): permission = AdministerRepositoryPermission(namespace, repository) if permission.can(): - token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB', for_login=False) + token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB', + for_login=False) repo = model.get_repository(namespace, repository) if not repo: msg = 'Invalid repository: %s/%s' % (namespace, repository) diff --git a/static/js/controllers.js b/static/js/controllers.js index 7690f79f6..5278e4efe 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -1673,17 +1673,16 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use UserService.updateUserIn($scope, function(user) { $scope.cuser = jQuery.extend({}, user); - if (Features.GITHUB_LOGIN && $scope.cuser.logins) { + if ($scope.cuser.logins) { for (var i = 0; i < $scope.cuser.logins.length; i++) { if ($scope.cuser.logins[i].service == 'github') { - var githubId = $scope.cuser.logins[i].service_identifier; - $http.get('https://api.github.com/user/' + githubId).success(function(resp) { - $scope.githubLogin = resp.login; - }); + $scope.hasGithubLogin = true; + $scope.githubLogin = $scope.cuser.logins[i].metadata['service_username']; } if ($scope.cuser.logins[i].service == 'google') { $scope.hasGoogleLogin = true; + $scope.googleLogin = $scope.cuser.logins[i].metadata['service_username']; } } } diff --git a/static/partials/user-admin.html b/static/partials/user-admin.html index fc0acb89e..ca76342dd 100644 --- a/static/partials/user-admin.html +++ b/static/partials/user-admin.html @@ -173,11 +173,15 @@
    GitHub Login:
    -
    +
    {{githubLogin}}
    -
    +
    + + Account attached to Github Account +
    +
    @@ -189,8 +193,13 @@
    Google Login:
    -
    - Account tied to your Google account. +
    + + {{ googleLogin }} +
    +
    + + Account attached to Google Account
    From 11176215e10a069045892420a2c41c6492fe11af Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 11 Aug 2014 18:35:26 -0400 Subject: [PATCH 003/160] Commit new DB changes and make sure the metadata is always present in some form --- endpoints/api/user.py | 2 +- test/data/test.db | Bin 614400 -> 614400 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 23bc3137a..d0d089dcd 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -43,7 +43,7 @@ def user_view(user): try: metadata = json.loads(login.metadata_json) except: - metadata = None + metadata = {} return { 'service': login.service.name, diff --git a/test/data/test.db b/test/data/test.db index 4d04283311e6feb845dff3fde9a4d370858119be..b64829db209fca64a5f122a3c96d74f8f7d66845 100644 GIT binary patch delta 6425 zcmds*dwdjCmdCrgs#9HgbucId2x&qhB&5>yeq<6zr;|?7-RVb?&Z7lMRdrPYA!*2y zfEdad{mjhnXI5y}yY4WGpd-=XBWN=0h~m1aJ32Zus581cj2{P=QQ|oJQFdKX_J)Xp zLC4SV-{y}_cb$8__uSt-=hXe&okt6I9xc3eF;cs0i3h2Dq~q*nEa%-fQj;B9_F%5U z=eO*k$G_aQA*YmwbC*94qX; z)1OQZ-j9ZVASWw__FzkozPLL1hoO^L`TJyg^52J#Vfem>Hzap&oz6;Id;QC1kNr!E zc>q$L9vR2hl=bdS_HP@*O1r`Oq;vZotU^IHC68`Di7kBUog0&5Hypzk+*#o=dr?qw z6;Y9#*l`eFgSZcwJywvL4Ik{kaU5Tz{`W$&7y%jciSk3cNBefBV~*n%$48EL9d9^} zADZWU+EIaHsO9QSabJDcoQQ2%>hp2A@%|+1Ig4A7aIn4=y!Q#>tfayLMyhY~ zxC2cQxq*uLLSkKWb)A>-Mrvqxv(M{ou4xa|1gfH~?ez_UJLahs!!em|YWDF`wB7^! zXOR{zB6A5rZEIH>BEhJ;w0a{~9jwu}4b&LJK_92a^hm6?YinFE+$zo0ceS>9MjF5? zXOSYlv77Zbck3+!Ra>>VNDsGjgYrnJU#>QWs{BLEMwgGHShr_$f8Fp_mpI%LYV4;* z0Q)IY!h2+Ggi1751vbZ+E#7*cXWMWi8>(vQ>Z~22wrtv@M+Q6f`r*!iNV&uPyJ8`%JG&NW|*rNvG+v44^YPFwDZ0(n;{On+3tI=L6dMS{74iPG=WTu60iP24U zF_=@WO>QpO=8pQsP(9_1`Poo3)+kaQt~Suv5DZgI6e~8x+8MsN$sLx&04IVUoI{rI zO-)rkPpq`lU*8|@-XyU;$=%#qI>Pq1^%i_!)PK6H zdCt@qERI7C!;zEu0_;nVXO8+Y+=3ux#=La&N=4hg!;gLrOGCeh6?{W zbF|h5ttw-ojZT}Qv#aM8~}SE{MiJF_t25;-rU=CZ$9{gby^-*GHL(=i-F zpqy#w?0=gz1^y;b>rX2YYVudsPcm0FOOn66p)S@G^$GqcTUG0;WhJ?l^E7)Km~b2I zuN4|4p^X7gp0E~zx)avWN~yM`p`8yia?mG)-BlsFIxL1LpWN0U1gqN`o1;=)buAO9 zoq{eOxFWKy$3>NsNlGzvl8ZA6DNCA4a)u6@C&d_)LHFsK6J<)gXG8CR-ajyq=+=7~ zisnd4B5B4+(Pa!(M)Rct&j>6vnT5XLDEKzmTb$^m6HCcTdD!9@$$S_l&pnyo&DB_X z0mpDGEoeHNL5!1}u1TaSN)$=QIYpv%!-&fo$XJ8%qcrVw4|Y0d!f`T88OxTjw3DRZ zUw(-*e;~0wt_Z=&5sSuoqnn)O=2a)?Cz0Tz&!P9TV82j)rd| zs&xe#CBCx8%Pw(pC$`lwO2KWGB|{{6Ru@Sq4NM+Jlwd9~l1Qr*BPjxEby@8eBuc=p zn@UTxtV#kL!6^#KNg72eicFDlgM(Ww@VX?kR@8-@cR(yisuquP0;@`7JT5~AR%1vx zZp2BMk_8^;SWc7~Vd}Ggz(RWpL`9?Gl%SIgEyyIt=y6gKMT3+CN)=T_RpOcmwv^ba zmm3BJCz1?O5aCvG46TwX&kCe2NdhN{hHmiScO^EVU?xnsqdeSR8ZHoyBo&ocNI~ME zt1halqyUDrRTLNk1+Ah&Qi1>j)l{97SXw3pT~p$+pz)HZf+T6HDiCGSkaWo8DVm0p z^BgHFyh>^!C+U*L>+sMAJ|=Ce3OJgkG?_6-M$_PeWC_M0$~?(xA_Em;SxuKfU8&7o zz|xAqiVVy}L4qSCUM3ZW5lAYoC~$SMs2B=3SZZ5R04s=5R1p@h0gIl4@spBFF=Sja z;+mjAnHU93m)hzIC`B?@9abGLD-x6*f>lFeNtUMcIIYtRN2{RSWm~nJRfIUlL5pT^ zB&Wc(po(#dlr&aVIF^CCDuVl5HoichXibqc4eAqzlPfb}sv^t*O5_X}sw{}{Ny>K5 zx$C^X`Y2x)Xb;7_;WkdL^3+7A7B<>K$w5(StFLQqiO2%$W@FJvh;3}*DLG1e+i7o; z+)&pfR<+sZRs&zkvy?>fQ|DYMPdO^DbcV^wlz(#uq&#(s*(&t z#Wh)xc~zV`l1K?%KmX#og`r5i#0bFoV#;s7Y7u!x=0Vy^b1ecdNc7a1mr{ndU*aT{ z@(j<*6xiv+C@rISd#O!N2xss!-r%TM?F27D!;8gLAp4B&;A z9|OG?0jU9Bb9pmF6oE$@@N2%-yc$|4@j_3&II2a!7sRifF$;6d=R+G0;wvw2J{80x zGZuc1BaHWIpoZ|0%bWLwaPhL1sp$}Y|MjC6@A8FM)0d)dWNtoQFsFU9IrW>(#3km@ zFJ287==MwObIka~=D9MbTw~q9MzuA1rTW#)EO+Ji2{ZK_P z7KzX`5gkL3om|ZtT~(5`BG@aeZh&Q8($OTB4`g$Ja}(g1b7#P_i!; zn(VOuhokVT2x~S<5_5)bwy$0G|ML*JT=P-fKUNRlHWc3v}FVzdz;ur6p!=0r<6@C7acMa>f%W&;r!n;K&mRHddm%CXkq=LS z%AeZD@RCpdRW);$f=4nSvgAI9OxyL{3Dd|0kxYpE<$Vx&RsAa;ncgK}d@UUF*a65a zx^~Arux1Q0R~~DDz3G0)oELZ?2AmH-=KNDTaWi)zKn~fAeO77&y!A2kkdwwzl9j$a`>xdFHlkkoA!LG>38b9nXN*UfGs}#o@^G zW~@s;lAe|3Omz{4eFy#~PNh`ZLf9?nPpqF>!$=1lR=LZaUE+#DCyRwpIe4;^IGq$Z z8J@KTgC=E}hi4m_(>Pv+r(Qt^TOPJg<10@Ld|>uS;L`;#o_&wl$MI!%txh$IMKHY( zu6ox5+&X)!?*Z`HgnbW|@j$l^+$}pEbSQ%sR@!Gmk=T<|_x^2I0rxItth2 zl>_(W%nttQ+V=rHWgo*<9grO0_fz&gxL|$hv}w4&qC7a`6F-BRlqS#An%>gn>ArGs z?_r2?>I-ea^)C?RI=EyzaQ+;kYzyDK9%MZZWnNk_-C*VxgTJ6~>a&kSnYrUPbel#I z*o8slPmavUe8>HVOz+C%3&Z8$<|iPM9dGFajwc~tngaSN71FCGCM2mv!{%Do&!tON|}=*H)O8zsiD zMZ@jI;C+xmd)nzkOMLtg}v>!XAw;+q`0cc9Bq&s z1<#%w4^P+%JfxDk&S(myQ39(grm=pu&Ze@6d$C2|e|r*i%p;Crmcv&)4~njWfiQ>b zdcmS>7|5DCpFR#!=M!VN@c2#7n7Ogp0y{IGScex=yZ>k!?Xv|2u7<4n2a2mf$OC7UU5pG3OndyC$8)+Id*+De)-ipow?T+xrGUJwqJB`B$&`uGyOarx(K{Yh;Oo zIR8(*3(THg@a7Wu#KRHeIJflK2D7*a{4y7&Cc_gOF{kb0F0hw}`%(H(+XtXhfYYRh zK8=7P5r(?#iR1|QFOite%3fFWBeSRL%Uk)GyM3@+CdM)6vhLI1xC}SfWuWuG&N2wg ze*W1Tf%7{Mw)l+D1c-77<5sOG1-~hWuqAD;JZSc)U&3at_yM|_IEZ?VnBdTA$jW|Z z(J9ce2C|Sp-ZU{;NsQ*;C68`zGkdn3zsm>UK@Gwozz9TX|&j^93I_6*E6nElt!i1hcB Zz%1^cZ7@42q7wXOJyDF6-1R-{{{h72SJ(gm delta 6334 zcmds*dwf%6n#XfaPA;dkO@S&>C=F1ALQiro@3}#Nq)pQ#ZEj7{rUiwQe+z-9cxRy3XwAdWC&U2S;qjb(a6O zfAo^)eZKGW{@&+(-ly-@BlET%nYVog=Dl%d4dy+t`twah*{lO4xz(LJh!VpyhMTgd zh5A{=4t9+c70j1!*V_sw84`L0H(Or>@7!$#x&P=MB&J-sq$HQ? zx!2e@H;{An?jQ=X>z3r+>ODmW=_gm_p1$fRQF8ljQ*$?M9x0mdcSw4h^{*6tFQPov zH%Js_rs=t^{(VI8o#E$l_ANVzs-W}D+>tG(h~hM7hhCKEW`luig|{)$NadZ(9&l4 zIcXqu@{_y=CdKmi7tjTd*!pa1upYx3hU3_BY)NjiJu=*R1mi5^lDU>?6&2WZ4BY>( z*e~GKzrtv^^`yB7I!>6T55IQ|JHom+DH&?1t!tGVYEvV(%oDS zWTBe&&@BN$6hJbXh`T*>YkjN7@AK7(HSv1*-e;KI6^qmd8@)_(4PTRVvrWEeq+Sj% zk`RoAg+M?O6OEETDf$`$kpPoys^t<~qa;V_8pTkfKgK*7Z*IB&f^Fto$-#WBh@3({jJ%USRHAV}we^Ccb^!r$UtpDd(z!n5?O|(L zWtOkw>KojxYaEiA?&)%F%*0~Jeznu%4u|7FX!6E3_oSVT&c2oy{PC!(ytbyVwuf~@ zvRbw`l1eo6MN(pTV>ILJ?`1U6)8q+tc{Z+zM>i&fPy^E+YTr!vzz@H`m;u%=ib4|; z@V0uBJRJ~de@)!$X^OOjYnwnQ7>L(32c+6SlnXWSv1X}0=@ugHL{ek|b&|x%u`7s4 zhBDnWpEOvlRxPV`t?lVjv*oN(&amZjYoNB>r#RO+*0#0B+Wg(^tlt@SWYX2~mWZZq zSW8b00Xace2f#Y6GsMRF7?4unp)=Tg(8hAHx;05bxh~pK!};LUvzXwLM6R0gNBxbgH&pFO#KK&Rjs+XSHA%6V_O$X+ z5Jesevm)Q>s|CCqa(e?oCR|$=Y6yZxpAX(}7MsZ{iJrvz_5ja!b8Q_$%jR&B@7kcM z&0#OSrZ3sv5o`(9U*&Cxgi@QL8`4cZeoz0J@bK$rF^Ao1qY9VXb`@SfTx7>V;lRbF zc783P7hwPA)V7?@?PnbLTGz#HILtb6{-QM=e#eQI+4GJYY(utAVfZBD*iRE~Mt_qyezyywhhD%xD_jtiXdferNq+#{GA%q; zTjK{bsF9i@Y$z%;#l>i>iD?p|@QIW7Jm@=#hZjU+3E3O3kF(KcZ)?yW^|plSnt`A8 z#yzOSv9-bahIl0AZ5&1}A2_3eAkj*O6)2wJG8E8Qj#AVVpg1W-i;|RPc#+Mjn>rRN znYMN9-D+2NcgF^`ouwH-(IUmlcA8nt(u--}06Y*RFjQoG!&d%nu-oj$Av<9%GQVlC z-Cg+Rx#WQlE+g{G(=rg#EYDGbAfzcE3MncDQZkiMfSgG&ESr%t@U3M8Kfp@%K+i_| zXgGG3UCePP7CS|wuQ`?WIo%zrGD^2PXR&=wu%o@we!*z&g3;G}xgyEVNMj}k12`ZE zNz7_UV5HM+RoM(+BuSx!3@=h3qb^fWV4_Cxn#5~7r)mnr=WUtO)zNlt(q3g_k2+^! zG$%^@@Y&_Wb50h?IBrtB)aWKBjA_iVgLv2${5Cq_^Nk5|T;LPLJ+zhBY#We4ie*!b zLNPp-qJS)mlp@ePC9!mx6=_Cg0BgjZxYd9qNK`HJQVcDj?nt3DhCzFk(EydwXh5;Z zK?W=mgiGN@C(;l(UqXlXB%#Vohj`EBq z^C?;4sf?ON*_la8R7zweiqX=%MvIKh2omh9GctTfkG)_3J58nuq@zUjxtr3bBdBqBZVkNQfLY&yhh0=G>TyuAtR|7nUh%f31wPT zuA!*_t%#JWo(ogpDTP)Tij&a?tc)U&Xy|j8+~qQdmZOS*QdlGo04hx>+-T}?GK=Kn z0Ve~v-(i|r&H})3Da2G1TBZOBn?gfU6eCKsB*-EFX%UV%Oulk~0U8ntMVCSo0|n6~ z6$zkZG8`+YEDcxzwm40T=F*}fr&7qGr3DH|j7CX70aS*gH98}pR6u>>Jx&u}o@QtU zsjE>Lc2p#l2b7F_DV7n?RFVJ`Mj4__cb#34jJj(=;Ygf`OOfV4q&46XVqssMB-g|w z5Q{`&LQ<~vxtn4_qrWch3pTd$VSja$=e<<*QJs=SKiRM6UK7X6l1Sqg1(3ZP77(%SIh4s-a*;;)`t6pDn@l2DQHXC^Q3P!=Y6x8yudv0<<)SWZoR-h&TP5BJWgiw1?F)wo4#(|Fm@T9 zpPabBK2B`oH=8fK)y8=bJ!pCAfu)gVxjtImPzQX8dT%`JT{POa@)U`$?@F)j$Yxy` zwYOVIZB!lUjy9gIX>O?owY-Pn>m;USXtnjXws~Ji;8TqhId14C>&n^xKc8ygP5*3N zPt0BM=$~)dX>BM+g^NiEDo@c0J=)}P=n_LEiBeK&QOl@2tH}!7w9|T;z;7$R0j|E& zdarp(Ymr`B4qvpARj^@~^$JT-^G|-EYja^INiKyWyR3UGQ&zlwSohA!4PIRZU)gQl zMu^*gI{;VRWgQ_Vd#>t%kv)jGr2XA1q3dqzK1;>k@BNEjItv~sK*-8_5YqP2W=Ypd zVYCn-pS=emOKv`NK=;msgDcUPNA@D-6zZu#xP0Fz^NRhiLHb_AT+p)32JQD*_Yn*? z;{<&6KI;x*TJej2f^CD=Q-EI!DU0^PvilJOFZ=!{u;>Bn zX;5_dH%}L!m#L|SPJ_)>=qgoSbiG8(e+Bdb+5L z${x@w#JsULzxl@86I~qq(Lw8aWAXP7!Y>Y@W!N6xeJi~EA+(I*${jOxFBn}$6+HSd zl7ej6wFrhELCDL0_q!*cYY0h^_vf9*AU%wvuu*$IhHnmAcTArA^y2|tb)J6|EH&l^ z`Z;*`kadrF%V+QCUPtb9whHd~DMHS9uJ|M9d=w$gzg&9)+8;wm@TqYK7X1wE*rhAx z@6$^c!ao{O2%rB9?bwWwclYaB1-y|!+TMN`?O4%2y`R&)3v$1@stR8JI6_t|xwRSE zoPLM8hQ!!aX^qMT2pyil{7)-WZl~^8rRLQlG}&{ zKd(6hS7Rg!>yCkWFp86>iRtls2uhYHW zb72gb5JF!5o!5K~|K z$IEr^;<5DYwIRmRU4aj8DI#O@dGrsB!k`9CR8Yr@GDo1KR7OHAm8Jqo(J~Sv>e{NY z<277F?jfp1RuORZWb!D1-%#a-6;n_k3(Ftd21}-*K)Cl#JPq@T$$gd?zifL+FKrz= zS05FV=%^mLzFXH?#?BSI1hI%SGtAI+DPk3bx3G|$hFHX`>m2aYX^2(k`tL^g?q!H& z%KRX#m&V}>_gSmptJ4unzWVLEbS(xq4O*ANt4a{7bkCvNpnV2nP5;ep+u$E&AQsiO z6@#zOM69A%@iF*JDPk@BqaB_15PWMGv4&ta~Wb4efN$PLw0iI zWCFZuZh@;A@@?Z!Zm>f?OCGfl_B~JN?H%y+43un*9J${zSuZ`Vx3$AJXQEGP06A#k zr|tYeU)TnpEk!BH^5lAg%l}{j+{vSTSwtTB6uJcR6aiW;bHWM{gK{4G^hm*4sNUU*~$iXrdi?Ki@G zE0IV`#cOu!?L9Dm8j|GT6-cC6|0(tBZQbyT(NA_?iJ0`u*S6>jyWq%WNTjVa>4Gn< MA{P?No{u#D4?#ajMgRZ+ From 56d7a3524de95c54bfe01c4306e195bbf33958fd Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Fri, 15 Aug 2014 17:47:43 -0400 Subject: [PATCH 004/160] Work in progress: Require invite acceptance to join an org --- data/database.py | 10 ++++- data/model/legacy.py | 44 +++++++++++++++++++++- endpoints/api/team.py | 67 ++++++++++++++++++++++++++++----- initdb.py | 4 +- static/js/app.js | 17 +++++++++ static/js/controllers.js | 3 +- static/partials/team-view.html | 1 + test/data/test.db | Bin 614400 -> 626688 bytes util/useremails.py | 24 ++++++++++++ 9 files changed, 157 insertions(+), 13 deletions(-) diff --git a/data/database.py b/data/database.py index 76a0af9df..3e98b83be 100644 --- a/data/database.py +++ b/data/database.py @@ -108,6 +108,14 @@ class TeamMember(BaseModel): ) +class TeamMemberInvite(BaseModel): + # Note: Either user OR email will be filled in, but not both. + user = ForeignKeyField(User, index=True, null=True) + email = CharField(null=True) + team = ForeignKeyField(Team, index=True) + invite_token = CharField(default=uuid_generator) + + class LoginService(BaseModel): name = CharField(unique=True, index=True) @@ -405,4 +413,4 @@ all_models = [User, Repository, Image, AccessToken, Role, RepositoryPermission, OAuthApplication, OAuthAuthorizationCode, OAuthAccessToken, NotificationKind, Notification, ImageStorageLocation, ImageStoragePlacement, ExternalNotificationEvent, ExternalNotificationMethod, RepositoryNotification, - RepositoryAuthorizedEmail] + RepositoryAuthorizedEmail, TeamMemberInvite] diff --git a/data/model/legacy.py b/data/model/legacy.py index b5afdfeb8..64bf8d4f8 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -43,6 +43,9 @@ class InvalidRobotException(DataModelException): class InvalidTeamException(DataModelException): pass +class InvalidTeamMemberException(DataModelException): + pass + class InvalidPasswordException(DataModelException): pass @@ -291,11 +294,46 @@ def remove_team(org_name, team_name, removed_by_username): team.delete_instance(recursive=True, delete_nullable=True) +def add_or_invite_to_team(team, user=None, email=None, adder=None): + # If the user is a member of the organization, then we simply add the + # user directly to the team. Otherwise, an invite is created for the user/email. + # We return None if the user was directly added and the invite object if the user was invited. + if email: + try: + user = User.get(email=email) + except User.DoesNotExist: + pass + + requires_invite = True + if user: + orgname = team.organization.username + + # If the user is part of the organization (or a robot), then no invite is required. + if user.robot: + requires_invite = False + if not user.username.startswith(orgname + '+'): + raise InvalidTeamMemberException('Cannot add the specified robot to this team, ' + + 'as it is not a member of the organization') + else: + Org = User.alias() + found = User.select(User.username) + found = found.where(User.username == user.username).join(TeamMember).join(Team) + found = found.join(Org, on=(Org.username == orgname)).limit(1) + requires_invite = not any(found) + + # If we have a valid user and no invite is required, simply add the user to the team. + if user and not requires_invite: + add_user_to_team(user, team) + return None + + return TeamMemberInvite.create(user=user, email=email if not user else None, team=team) + + def add_user_to_team(user, team): try: return TeamMember.create(user=user, team=team) except Exception: - raise DataModelException('Unable to add user \'%s\' to team: \'%s\'' % + raise DataModelException('User \'%s\' is already a member of team \'%s\'' % (user.username, team.name)) @@ -570,6 +608,10 @@ def get_organization_team_members(teamid): query = joined.where(Team.id == teamid) return query +def get_organization_team_member_invites(teamid): + joined = TeamMemberInvite.select().join(Team).join(User) + query = joined.where(Team.id == teamid) + return query def get_organization_member_set(orgname): Org = User.alias() diff --git a/endpoints/api/team.py b/endpoints/api/team.py index 0631cc028..47eeed1f4 100644 --- a/endpoints/api/team.py +++ b/endpoints/api/team.py @@ -1,12 +1,32 @@ from flask import request from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, - log_action, Unauthorized, NotFound, internal_only, require_scope) + log_action, Unauthorized, NotFound, internal_only, require_scope, + query_param, truthy_bool, parse_args) from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission from auth.auth_context import get_authenticated_user from auth import scopes from data import model +from util.useremails import send_org_invite_email +def add_or_invite_to_team(team, user=None, email=None, adder=None): + invite = model.add_or_invite_to_team(team, user, email, adder) + if not invite: + # User was added to the team directly. + return + + orgname = team.organization.username + if user: + model.create_notification('org_team_invite', user, metadata = { + 'code': invite.invite_token, + 'adder': adder, + 'org': orgname, + 'team': team.name + }) + + send_org_invite_email(user.username if user else email, user.email if user else email, + orgname, team.name, adder, invite.invite_token) + return invite def team_view(orgname, team): view_permission = ViewTeamPermission(orgname, team.name) @@ -19,14 +39,26 @@ def team_view(orgname, team): 'role': role } -def member_view(member): +def member_view(member, invited=False): return { 'name': member.username, 'kind': 'user', 'is_robot': member.robot, + 'invited': invited, } +def invite_view(invite): + if invite.user: + return member_view(invite.user, invited=True) + else: + return { + 'email': invite.email, + 'kind': 'invite', + 'invited': True + } + + @resource('/v1/organization//team/') @internal_only class OrganizationTeam(ApiResource): @@ -114,8 +146,10 @@ class OrganizationTeam(ApiResource): @internal_only class TeamMemberList(ApiResource): """ Resource for managing the list of members for a team. """ + @parse_args + @query_param('includePending', 'Whether to include pending members', type=truthy_bool, default=False) @nickname('getOrganizationTeamMembers') - def get(self, orgname, teamname): + def get(self, args, orgname, teamname): """ Retrieve the list of members for the specified team. """ view_permission = ViewTeamPermission(orgname, teamname) edit_permission = AdministerOrganizationPermission(orgname) @@ -128,11 +162,17 @@ class TeamMemberList(ApiResource): raise NotFound() members = model.get_organization_team_members(team.id) - return { + data = { 'members': {m.username : member_view(m) for m in members}, 'can_edit': edit_permission.can() } + if args['includePending'] and edit_permission.can(): + invites = model.get_organization_team_member_invites(team.id) + data['pending'] = [invite_view(i) for i in invites] + + return data + raise Unauthorized() @@ -142,7 +182,7 @@ class TeamMember(ApiResource): @require_scope(scopes.ORG_ADMIN) @nickname('updateOrganizationTeamMember') def put(self, orgname, teamname, membername): - """ Add a member to an existing team. """ + """ Adds or invites a member to an existing team. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): team = None @@ -159,10 +199,19 @@ class TeamMember(ApiResource): if not user: raise request_error(message='Unknown user') - # Add the user to the team. - model.add_user_to_team(user, team) - log_action('org_add_team_member', orgname, {'member': membername, 'team': teamname}) - return member_view(user) + # Add or invite the user to the team. + adder = None + if get_authenticated_user(): + adder = get_authenticated_user().username + + invite = add_or_invite_to_team(team, user=user, adder=adder) + if not invite: + log_action('org_add_team_member', orgname, {'member': membername, 'team': teamname}) + return member_view(user, invited=False) + + # User was invited. + log_action('org_invite_team_member', orgname, {'member': membername, 'team': teamname}) + return member_view(user, invited=True) raise Unauthorized() diff --git a/initdb.py b/initdb.py index 7e48ae3af..21485d5a4 100644 --- a/initdb.py +++ b/initdb.py @@ -212,6 +212,7 @@ def initialize_database(): LogEntryKind.create(name='org_create_team') LogEntryKind.create(name='org_delete_team') + LogEntryKind.create(name='org_invite_team_member') LogEntryKind.create(name='org_add_team_member') LogEntryKind.create(name='org_remove_team_member') LogEntryKind.create(name='org_set_team_description') @@ -261,6 +262,7 @@ def initialize_database(): NotificationKind.create(name='over_private_usage') NotificationKind.create(name='expiring_license') NotificationKind.create(name='maintenance') + NotificationKind.create(name='org_team_invite') NotificationKind.create(name='test_notification') @@ -292,7 +294,7 @@ def populate_database(): new_user_2.verified = True new_user_2.save() - new_user_3 = model.create_user('freshuser', 'password', 'no@thanks.com') + new_user_3 = model.create_user('freshuser', 'password', 'jschorr+test@devtable.com') new_user_3.verified = True new_user_3.save() diff --git a/static/js/app.js b/static/js/app.js index 9c4095db6..3dba1519e 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -736,6 +736,8 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading // We already have /api/v1/ on the URLs, so remove them from the paths. path = path.substr('/api/v1/'.length, path.length); + // Build the path, adjusted with the inline parameters. + var used = {}; var url = ''; for (var i = 0; i < path.length; ++i) { var c = path[i]; @@ -747,6 +749,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading throw new Error('Missing parameter: ' + varName); } + used[varName] = true; url += parameters[varName]; i = end; continue; @@ -755,6 +758,20 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading url += c; } + // Append any query parameters. + var isFirst = true; + for (var paramName in parameters) { + if (!parameters.hasOwnProperty(paramName)) { continue; } + if (used[paramName]) { continue; } + + var value = parameters[paramName]; + if (value) { + url += isFirst ? '?' : '&'; + url += paramName + '=' + encodeURIComponent(value) + isFirst = false; + } + } + return url; }; diff --git a/static/js/controllers.js b/static/js/controllers.js index e04dd0a3c..e05fdc0c3 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -2411,7 +2411,8 @@ function TeamViewCtrl($rootScope, $scope, Restangular, ApiService, $routeParams) var loadMembers = function() { var params = { 'orgname': orgname, - 'teamname': teamname + 'teamname': teamname, + 'includePending': true }; $scope.membersResource = ApiService.getOrganizationTeamMembersAsResource(params).get(function(resp) { diff --git a/static/partials/team-view.html b/static/partials/team-view.html index b55721455..c63bcea1d 100644 --- a/static/partials/team-view.html +++ b/static/partials/team-view.html @@ -15,6 +15,7 @@ + {{ member.invited }} ;tmS7<^;9kb(V!qbS+rK69(!uhRH2DGQr~*k>a3UF3)R4Fe5?=1=Wa1-e!}LYq?m{*TRrXJ}z& zNqgYK!I$Ys+1C?zX7#y9{>49u{$7(_)#}d_XZh#D*6pkm`2ElX&9ccofxwz^IwSvp z5-42z2+fZC=y2e7YtPWL)!G*VuMEFT&nw8`0-Hz9MNTVIHu-zmFJb(<5$2`QJ=8~! z|2(jI-8dcd#*V~5%KArW-O_!Iz`^xr=$WVTF9gOnysRYwd$Yfff~;F~`GIF{-=j@* ze5cjltA?Z~By7K9LYp@8j|=_t2pFg9@&cR3n&V**2m6Di*gRB&&G!{-zL$Z`clTc& zW4fqJLq$OQJ3cMK_!r}G<8#Ix#=DIkW2w<>j5d63_=Dkf!-N40V+OCGV*j+1^Lk%G zCZ)>vcze7<-lc=yf&Qg^{X^ZpZntx&yT5P7TuNngdOSCBV&+gP@mjTEuWNaK|H`Ng zN@e~+;|ei#cHot>X=CY>O1Prp92n@i(noX}lGhA)oM^zcP=!ibQwc z+U_Cm{oV{O{sryyL7JY*LK7+}y!DuwzZ`#Af za(8nk?xDc6l)2z~jQl0|`c}f5pyuaf!{lB zu%STzuKso$*AhM4_ZdkoY_DplEH4sk+dGu1hH}}qu(Z6gqNTp6rphK)TPuspON#31 zD{6|1+o~#+%FeRll2)OqzEKv6i!4n-M+5xnGm=tRp)9mpEPRntSzl9C+_X?G?I@~m zuvT>=`#?u|wc9SXm9AacQw_&1lDV>A z_pVvtvGM)G#VzYrW%qWJDxJ19tsX~>tEQ!`vt-2OX_wbEtt(%x5~GQ z?}mp$s-4Y)9gY0R@`2il>YA#aoW}Y=OGWlz&*(zFv}~kjw7t8rrMAyf@2j+y6%RMH zuE}vPY==)S5n-%sVJmN~Y%VUT>}Z#S;)=F*-mbJ;JFOMX%|b^@U2CIYZ*QsQ9b&ms zTGLi-7poRZovls0y}7g0QZ07VdR4NYDbT4{mh}yKS1(_)+B=wTai$BFbeC+it#&zz zN2HGW>T*w0ZPQ47cKvWm#d6Pzwbh+9eWP=o{LpG;VQE9-P_}(UYOKgEb*@gVVXG>y>TE48FDq%SXzFaSJ1p(3vZcPY+}c^v z(&nfwt?KNw)ECv37FSu?n~KX9w${~EmN+WKhE}n<2JX8|66MM&sc$gbyQak_HZNb7 zGgvgx*HrB7b2YmM2CJpD-Oj$@fmTZ$KiuA()8MwaEt0sbJoxryl9duKs<>_3EYqk- z82a`k< zkei2dV~%>xw~k5h4>{`3vcI*@DkzPL5Wi8c{vY{m?3xLrLLG);)Zf;36(o$LR)16G zrhHTCPIjqvDcWao_0KfDhq-pdG*-^wc!~PkW*dD4=l|AkW7ki-)D@s_>ov6_G%(#a z`E1rVmiy!b>d)%t+H0-#QdLD$yDT+SwN|w^mCL+RR@Z86Di)fBCb3m$;LC-D#qi?0 z>e*27uDX7%Qd`$i-rii)R?^teB9=)NN}Hpk$l|C_>=t{OSmvly>Z_zWTM$(~&Y9(N zdz~IZGW%S1!7N!Uvf0T?KC{p6m8>q&$@}04ML!sf2i89^AQKrW^ zBe#aj8IAIeT;Ide&?>aF+jBj=2qyBW8Tv5rln^-csi?{@ zAvI-g>J`P*%sUo*Z3iLbn{)tA=2LN34PT6X#e4~UMI|-Uzpen1^QaV30)=_hTa$$p zy*Ee~l8ZT89w3@snvbYL&0ZBZYTAp{y2Avg7tn@uK@lalO|Y6Jo5f|8c;07LTvn&q z&Pz_OZ1Ff1K>%X`&5t<-yR%XRIi+aLvJ?w1NGTQ}SK@PJCB@9+pVW|#`7W zsW(bnz9M~l2*S)`2FfV{re6psTd;|eBKm2fQ?(MEpDAMPGH;cf7OUAkCfhw`$>p`0 z?JmV_cG;YQVsQx;yTztopW5$QfxWIzbz&=^B`*Bmayvda2M6(S5z;JKDdG~OtnTlf zvT&`lXN@=Y=5|&tNrizTRn$r)qOege?IWZjr0gNCfO9X)vYLI#pbn}B{zD3BI!fTamvf}cXd5Z@FFZx_&r_1X!W_`DJ?74Wj;6`c}A8PQ?UsvZ^o{VmBO|3x)ZFVPA;&O~Z! zwV$xtb=A6~5ib2){Z50ySZ+LIs#NV%ZNtgHs`eE^LOwN@l!huP4wmFovq=%$6(W^| zNCl)A&gN4*aloowBpRN}r*47L1(XGoeRu(tPRfIiETB9@-B${iAEUEiIZs8w-mSC_ z)^DTdAV~jKI-68N*ETu<&TXUTBN7V6!RK4)C{h)sLj8ITY|zCaDh7f4!Yf zB^B`TcG^N}g6TVGof@ICchV)`-A$)K-A+0ZcI>1D1Uj~pE`yIk)CIffGDJYJOxUxF zj)(7$hh=r4S1nxFg$gy0wVPH*BYeD@PKA4S(`Hf&le_6$(i9>!vUS?nWg_v9!s(r8 zt$Uo#BF$l8e2#;LU33zBFit0vdSIVG%UdAx33@SUfK5-(v*E}D9Rr7+z~MH+xe&Vz zwjO0>?8z?BxZ&Wg_6f1kG*PLuVrLygjr8 zXWw90*nO0l2Ie;z6YM@r(t^A9&{neZ0XlMWFI~GK-R<&WCV2(3+a)Sy$u3J~7q3{& z7SSUh&n3HMFRaR9O4F>o&*BkXPBZUyV|j}*Z+1zdV76GiKAYtADoz`m$YQMNPLE=> zDpsFab_zBWbV_EY=;O_T$6^tEcHZiC%3v`w3(_RXEBJgOrnD6W1)FSkStZ#lyFE^? z;0(z-Az)^T(|sPdAS+lh9-rNfQw#4h+ZCt9EcvWnpHsk@2Rr|VnVFyFcA+XxLuR+) z#7WX?L3EqwGfPg7#U*0@Za0)?BP5#ak$pC=S(arl0{L*ZvI|bL%-duf63@GAUf7e( zB&N%<$L{mmB%IB7T%uiW86_p&Y;js$f})_6k`vBlGZpDJUKU(-E0(v#i39Rr89I5J z%WT7;$cl%TMBWJIo%?=-MrN$ znHAnGVSt=Cp~@D;>=k6}#D!jQ$vb(biw~7_q?%W$dG#TxiTZ@z#8hh{wU^lM>g>AX z5v%o=49g5>jE$yUToc($zK6wJN!^p>f$>uePx({Y;fXhxxs>133hzBd=fQn%GU>4Q zG0gsor!l44LeyChc$!Wii^6GWJj&?dji>4CtJ>1H(k_N`zr}nVc?KRk{*f&8OP44vsO?tqVvFtb9|MnmLDO$5xuav)2;C=Czk3`tax zt}jT@fRI{9KFUY+z3?M!4++BcOQ?oM4KHCrtnQ3C4;hA{ms7IDD~CmEhBhd-ZWYOsgAQ_MWl9ePWEJ5Mng2#(>hlND2Q z1APBY4Fi!!a2)*G8g0;cnyFB4!OcXFet@}HFo_q^g+V$+^BC9JA=C*Sme!&UvB*-@ zT3K3ZDN=a8O0I3P@pYx;MJ0{a#+HS$wL|W-isfx$ky6+0C>7e0<+v~5hM$)cUB&2G5A8i z#?hb{>3$X6&%`so)U4J*`P50CVzLncNlfdORe(sWE{gpN)hclx8|?Jg$j@n&X-n(jOK?LLCP7H^(*eVDCxIm6;nu{62Q=4RxIc>)&P4 z;MrrEjL_3m+C{?HsjEqVz0(klgHg}-LDEr8Ik=9aXyH*D`FXF%*SIy$N|yt{kJtyP;yF>42Ry<%qBgcKcz{81t-y=Si>CrCd9&58{4am ztwz0D!+O67F)L1MvH_oNMK`0KovaBtaVE?;6^_R|^y&c|e65y-Gd0@THQ7uD)yJjah0wAdUnLu zvvpr#kA0DPSJBz8@NZyizrw!3?V7K!Z*V(vJ$np~de=mazLtNZSE;XOf91e+qju=$ zRyFrGY*kyh&$z#tZa3uwr|;FC;WQ5}MB)R%%P(pTJb5^1_(;2yBLV2StgR-Sg9k2a zDm7BSWto9Fy2&Lc!l8wwBx<-hm*!QSDd5Q!-mh zzH_~Ps+G+#`H42Rpg?_hQuy}zF)JGf!&Ww)+!tQDr=Xv;vcFgRRq&{d%_a9KQD z-NBFZS&r)ur=9QZFQw};VXsXD(*OU7Bl8Bml^tP^Lj{i6lK<3uR1xvE}r%O=cfR$`N!-E zIx%_i9a|n_Ytk)ln}UZTui5K!;~C3}XF0nQZ>W5D`+$cg*=6x4Fz^_Ame#LnGD6o@ zc3eAa$+6}Bq;xpK>hhpw8@oh1{nO2N`F&}yN~g=m13&w?Hez9eWg zA>?bjLXh_D8~u(%m{^Q5|FIh}&HuPJ2nFMa8F66R1HeClm@&&gh=-IX5i{5G-lRWi z29W)19vCJNGjm(nr+!~7Y~9c1!=4Gmw3LWBen$+{Sg@BZd)RyEc`uB1LGn|G$@QIo z79yW!&q_JZ6+S;TL#g^z9A|PEml%F#h}5S<PVd~&F2w3KC9L25xsay6ZA{A`jL8Q_zxVzg3{=tP&A2ti5tAksUZYmRu+Z@Pw4xy$u@RN}8Q-tE%-+l)opGOyqwz~EH zqH$@P4V-{F|DVv<1! z)xrG}P^dwOh_l-t0zr!qF}HMHf>|s=-1@)o`~-f@B1BrmuNOm~4k2oE{7IeR+WOmc z-4ZRebk#k6Uq`sMAR4if3)YuGVGLr;itpV7y4Vob8;$qFg;>N|koE9S;Eyv9EAsu~ zGybHOa7`VHLo8NQV@)-OYic+iv2tEe6+lV?V)08ZJK@6w#EO3Dk8|PeM8x9TSKR`? zO42={iJ$Y3KdBDh3u1Xr&eScT<@3esAvRfehSn-0yC+k0i>J{G)Z$CfB_J)gj(R{3+(o&MfFIGu=;5=l3qHS50P_Rs5u*OD+ZEwXL} zP44~l2s|cZJfeReH3JH*h&iJ=#s---G*!58=m7l1raKoo-#urezjyhUpJj!p%TTt>4q}+;Nw!2z_pvyzB`EM*I@J1ej@&C2y7ye$? zmtdi9yntGOVCs!=)v$j7f+g?FycN0%LY957dEsQCZY)kK@3Vg5?_D?bITyUtfg{TB z&Y9_-H#+q_7d+F6BZ}<%$9s^n2=x+|toOmeMQB7pUi@4bUyNSLI5FDo?^^?g&~)<5 t67X22&h)AHUMWmi_kozW2;M|4!GxGU@Xr4<*sZ23)y$lNi3q6cOr_Lw=U>q5<5EZ z$Lsz0QC5Q=VgY_6XX8g=+>^Av}BGy+nfQplWT`31Y&3SKbx= zplcs7^7M>b!%ub(#uzf}_bKhhXjPq(C5%@l!vinTV)!3Dn~9OvPfZAidp8mB)oJc< z!J>N!Ls#3>@Y{<{5Z1u1nc)LB>?0EHTR$qicJW|LhAT%>+Uf6Mlw%lX&yp>gV7wCU zUb=~heZc!%*mUE)L|#Sio8g@|o*?wPSAyY9%l2v0vw!i8(xHLu>AGp*Czo&0PDYQs zqqM6bxd;m$ylJy`!f%{}G6{jfq00-e?W;-nO&1>Q+7|q{s~kUWv*X9D6Y=AgZ5R5; z*_up!Agq1cJl7UggS|bV@jP zFfMAGMpZPd4R;PEQ0<+;w$PHWcQ6hmg;x!x#3yQ0xt(3DE!}cYOONbpZ|UlsFDE91 z|1y{~ajZsVkLbGO_RdA}u)1At_sd;zV{oSt6&}X6u^)egYBTjg74s4^ziCc&_R$ub&^Q;ZW0pBr8^ z>}2YgfPTL*U~m~Um{h$!>^hs2m^oHsLzgJ~A*C7N6=&lUCdO*m@AcnNIw4I{hQeD< zrl9oj3uoiTq{V4CbR~K&U9akIs$(c0O~uBQ18a7oG!(8y%OH0*O1}8vo&nz;^l)~Fz4V|@1YlXI2t3xbt(VNZF*(1y|%idt+>qU zle?ypch)TK z4dhnmE@`TPUq?*sbBdM}_wqTFU7@Z;mHxW&C6#`gcYakccj+Q7WOLLzJl&4@t+iG2 z>#Uw~ZmFkZvAGvMIET1C-et2{>p8cx+1Y3@yRBwdQLWQaU)kg>t`|KO?%I+Dw^Zz| z59tLjA$i^$bCO52*O{lg#WrD~hp$<}iGE*4XF<;# zU&p*|*mWL_v$XRC@q873&>I+*@WqwtIAc)J3Z4Kbv0h0##~cT?k#GxHJBaE7O4V{!Q#dvH;kHqvKyS`l^*|ss(FF>UYBEOt9Rh_3n<%^kgsA`V?MLdxRP1P{L}b_@$XCmqh-2{ zhj8qt82gF|#el9g_Vq(3|CiX;Ul#mN=cwm+t~DUY5taqRcBoDJPf>_t3H#{ zcda~?YA6*#iXmG4f8omB_k%)Fsvd?S)z`{bDH=vntA8q5O+OW`{j=3NlXfAFvHxVU zaD2UB>?SyMYB1JnH!XXAe|#rxN&&v-H`By%Ze zvo*Thcrj_R2*pJ%(JU584VAp7%35D*tE#Ez>aA6<<1O_BD1A%q&8(`avpZ|cYWb=L zXLE(C%Gu;8X%JmzXRQMlGQPN?th~0e##udpO+L*XZN2~Oo{#zKC+W|ulN4LWubnWzvh>?Fp* z6FZ3s=(>m~9tL+3Bhd7SJRjvl{w~6dilA@{8VxIV5e`%U2X_(a$T9HAE+UB59VLlJ zi2}_N1B8iC7f^4im`99n4h1nh(Lw0b19s6C;4K1cwORwLXtVlRzv#EKL7!+3`Z=Bt z+Jo?R2Vw53==Pm5NioZmXJk| zLq5(Dbz^FGXZuj6i+uBY<fY z6+eeFb%v%+_e1~xmHYiq5Q~{UyXfb6Kj&jPi{NKPyWPh6tY!-<@#X+;GjlR0@)~un znpUAY9j>-fe$Fi6&6|%6aU7nvU`S;BA+yNx*uXCGm>0pX#@p;61EfMxJ}D^6l4xUX zGLL=CnoPZ=in=-KL;VE(?+qEo<4mXVFw?1$BEhaquLsXQay*>hOOA$^GgK7Zv5$;ew}+&m zbPF=VTwh|no_~HhlquT_7El< z{QLG0ImiiL>>->u__0kkDuFqBi4^rULrh2CCu|a&+DoMBi?#8BfPS6Wt^wyhLZ`-lR6a`-AvavNpGbuT&k`~4%(DcCJ^JQZq8OD&y|OdH=SAY}<$ zcs4>+q~WaxiHYz*q{YRrqhRnLk%#-9bO;kx1!aebnYi1>4&gddJzOpRafq0VJir{r z4QfDnju->Cm(W`99wxp;UT_`36xRaULymzpM+gB`!rmi9E~*>0#xofOuOA^8NPUjT z!abBfM~J9?0ORx_jbf~ZdAo)KK?^f>ld-5F0+kk-d@ZcsO=jUfaf>|E7?D@?zfDvu zOAm(Z7QbDxut7P1%Xu&$v3?sbv0Nx%37Ku2owG`?a3<+Uv&m*(fWvx=WR+P_uyL#u z^y4ZPwBqV6@q$f+V>3x>x-AeCE&h(d@IavOMIa)x!GBK8_XaSisw{BNCKck0I>>9*k@gSs#y6 zQWRw~>k}e%Pq6biX)U5)7h%iwWKudWih|(BkUpQ;&WgNUU~v;a%h@EeWVPEwF<^ti z>&en|D<_69P1rd&(k;$kZRjD7 zp;1y~`1Dh%2)2JgO@z0;qDE+bc3JV_D8u!~jb>g7(t3?zs)hg9NoK)$$0$$S%@nLIT6ks zz@^xA5Tne3MF+`L6d1VYASoksJzO|MW}x6Oae0Svixy}*Oq!7l>kpIVxV!fclao*= z@+}eABjiNf-Ljpe87_Q5(WrHJ92K8YdN7}+v;*6ZkfmyklIf3l8wXFErAS!uHATbm zFDL`-*o(`@maiy1ngd(UP|256c_?ZC6`%|G{gu>1OmkyZVUfpMS_s(_SW{V9V{Nn-mloF7SgTznwWSr+%@(g~dX>fEv=&!-3v1~s*K#pO5X_uq z;Cu_Un<==~4*C~R>vPjBa?om%Ei%qZAI=~%k3R)up2elYFXCmE3xwo>r+-g5EB{Pr zX=7wRdTHB({gEQ6m}1l(i~W(pCR%w8q8aULl|Ry0MZ7ce_qNRsvK_v5IkIBw$pjUd zK<=lywWGC%qZUTJ8{Ms^^D*ak8gS_ z=mfMJvMT5axa_EVHs7hH^&(RidpLym_Y6W!MCYnA(k z)_CYUMI`~{p~q=frnbWKUsID%`*$nS=hQo}We?J?`ukpzKg@^s$QeB9iqm8#rMhX+b7!7xxrbeO8h_mBh*J)}3 zc0Bql9_w{yuoHNH#GnPkN-VI^bG7kh*mml$?ekb2^F8xJbG$G@}IU8e540v%`VzcbffroMu9>N52e zw39zp_YI#FFAj~kOn(Kdnt!jp{Iqw4b>x>oHS-mIs=~|}<}2fJW9~rg+u9Qhbw?u> z-ac^Q6RqBiemkHy(Jc&G1M~6r9NjsvJ(n(xd8CpyXVR$EFaMBDMb9_D=u)c(zf>!>(a&;*^0?1NYP`7r%6c?`fi(sppPJm@DdLpi4590Lz z-4GGQ!*&;5cTTzJ@n|88bkmd2;$eA)8+-ao7d;Y2{N|&eOtr_RH$`;n_Ge<5D1$@}U`z_Yz57}n{cI#dxc^qt=h9R?G z!;s92izOwL3{}@*$Rn>|$b{c+->Nv1VDoLb&7Y59%#rM#&5-}s2jG5WA ziUHFb^d^E65|6`?H|Tqb_}CXdgZ97CC$vegO#PMOjDvDNMqT$Ny^2SKAt%23?hYt;4^t8K#fJT0ejii8u#bHMZ@y38J7UCvr`?L2 zd-1i2WKFnlsQ^#?lYW@G@yz>*GbenqD-Rz207Ire7yA|DeuyEdLvxOU=_3p&p4Rk3 z%t<_BaWgVDDan)IQvthh_9ULM#K8}@D4{I4OT^sXH;88}=64^56=!Dn@C|ve@?#8{ zHTCWWU_QZ+vD=TG>_0{K6imd|2(sCaPt*9$0N=ez__{;1+F5f*wwPrpWVH)+#aTY& z)~jaSDk5`t(RrB7>9AY(_f3E*UU!lhTl**hg@SGqAv}I}9egb4?j>^68$X6SMBNE( z!p)1@6sL2@jeZM;u;=eO3I$dS!Av|c4mcZz81+_{6~;>#B1SXqb$Cv~5IkGJK!+Ve z5C>P@p*RbM!g<{k43WHQ?5kj!iXk#RZ`Z+yJPeWi$g-J$reTOtYf8G|@o5+$>c0X2 zp6f8gsMmfuQE^Tg4&O!j7-QN-_m}GmbTt_keEIC-@KuJ*hi@cteYFLkTo4UGAaGPS3yD%c0~B-_yLG==r(B+ z54FFjBsUM|)mIK3PSx!zdz4Vqa9%+%#v;xqQc&Q;SO)KnJm^X=7BTMT95`Kqu~G`Y zu7(dwF%}uT-K!+m!qGSAJb2ZGvFyvQfU=cMrV%K8EV|V5pQ+f3qr~3Rv+^4AtPpP%*dM zKcl}=H**9bzDhO0Y@hA~G3lPwCUE(6`?Q4V;T=jxC!8$9!B!p6ZPAWUl8-6v9q?v3 zmJ|hbo3)ns4X2bz?Qo<5hbS-W<`RPbR3>bY@w`md?K}+yA&e{~j#zrV?m6Fj$sabpW&txr`ZEg5<%37)(Kk0>Yk<*i`472D|-zWx~OycIhU z_41m#VAE}wrD?Y14=NqKpfACkJb622Y1}8$Ql-5I&P5~--l5w %s/authrepoemail?code=%s """ +INVITE_TO_ORG_TEAM_MESSAGE = """ +Hi {0},
    +{1} has invited you to join the team {2} under organization {3} on {5}. +

    +To join the team, please click the following link:
    +{4}/confirminvite?code={6} +

    +If you were not expecting this invitation, you can ignore this email. +

    +Thanks,
    +- {5} Support +""" + SUBSCRIPTION_CHANGE_TITLE = 'Subscription Change - {0} {1}' @@ -123,3 +136,14 @@ def send_payment_failed(customer_email, quay_username): recipients=[customer_email]) msg.html = PAYMENT_FAILED.format(quay_username) mail.send(msg) + + +def send_org_invite_email(member_name, member_email, orgname, team, adder, code): + app_title = app.config['REGISTRY_TITLE_SHORT'] + app_url = get_app_url() + + title = '%s has invited you to join a team in %s' % (adder, app_title) + msg = Message(title, sender='support@quay.io', recipients=[member_email]) + msg.html = INVITE_TO_ORG_TEAM_MESSAGE.format(member_name, adder, team, orgname, + app_url, app_title, code) + mail.send(msg) From 7d7cca39ccdb2cf90d80cc3d46f271418b44c614 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Fri, 15 Aug 2014 20:51:31 -0400 Subject: [PATCH 005/160] New team view interface --- endpoints/api/team.py | 14 ++-- static/css/quay.css | 46 +++++++++++- static/directives/entity-reference.html | 10 ++- static/directives/entity-search.html | 2 +- static/directives/team-view-add.html | 14 ++++ static/js/app.js | 6 +- static/js/controllers.js | 33 +++++++-- static/partials/team-view.html | 93 +++++++++++++++++-------- 8 files changed, 173 insertions(+), 45 deletions(-) create mode 100644 static/directives/team-view-add.html diff --git a/endpoints/api/team.py b/endpoints/api/team.py index 47eeed1f4..3c0751a56 100644 --- a/endpoints/api/team.py +++ b/endpoints/api/team.py @@ -8,6 +8,7 @@ from auth.auth_context import get_authenticated_user from auth import scopes from data import model from util.useremails import send_org_invite_email +from util.gravatar import compute_hash def add_or_invite_to_team(team, user=None, email=None, adder=None): invite = model.add_or_invite_to_team(team, user, email, adder) @@ -44,6 +45,7 @@ def member_view(member, invited=False): 'name': member.username, 'kind': 'user', 'is_robot': member.robot, + 'gravatar': compute_hash(member.email) if not member.robot else None, 'invited': invited, } @@ -55,6 +57,7 @@ def invite_view(invite): return { 'email': invite.email, 'kind': 'invite', + 'gravatar': compute_hash(invite.email), 'invited': True } @@ -162,14 +165,15 @@ class TeamMemberList(ApiResource): raise NotFound() members = model.get_organization_team_members(team.id) - data = { - 'members': {m.username : member_view(m) for m in members}, - 'can_edit': edit_permission.can() - } + invites = [] if args['includePending'] and edit_permission.can(): invites = model.get_organization_team_member_invites(team.id) - data['pending'] = [invite_view(i) for i in invites] + + data = { + 'members': [member_view(m) for m in members] + [invite_view(i) for i in invites], + 'can_edit': edit_permission.can() + } return data diff --git a/static/css/quay.css b/static/css/quay.css index 20a81200f..4743b6e50 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -4593,4 +4593,48 @@ i.quay-icon { .external-notification-view-element:hover .side-controls button { border: 1px solid #eee; -} \ No newline at end of file +} + +.member-listing { + width: 100%; +} + +.member-listing .section-header { + color: #ccc; + margin-top: 20px; + margin-bottom: 10px; +} + +.member-listing .gravatar { + vertical-align: middle; + margin-right: 10px; +} + +.member-listing .entity-reference { + margin-bottom: 10px; + display: inline-block; +} + +.organization-header .popover { + max-width: none !important; +} + +.organization-header .popover.bottom-right .arrow:after { + border-bottom-color: #f7f7f7; + top: 2px; +} + +.organization-header .popover-content { + font-size: 14px; + padding-top: 6px; +} + +.organization-header .popover-content input { + background: white; +} + +.organization-header .popover-content .help-text { + font-size: 13px; + color: #ccc; + margin-top: 10px; +} diff --git a/static/directives/entity-reference.html b/static/directives/entity-reference.html index d01b100ee..ea65db875 100644 --- a/static/directives/entity-reference.html +++ b/static/directives/entity-reference.html @@ -7,15 +7,19 @@     - + {{entity.name}} {{entity.name}} - - + + + + + + {{ getPrefix(entity.name) }}+{{ getShortenedName(entity.name) }} diff --git a/static/directives/entity-search.html b/static/directives/entity-search.html index fec00b393..63abb1528 100644 --- a/static/directives/entity-search.html +++ b/static/directives/entity-search.html @@ -5,7 +5,7 @@ ng-click="lazyLoad()"> -
    diff --git a/static/js/app.js b/static/js/app.js index f5651c007..74a7b3454 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -535,6 +535,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading stringBuilderService.buildString = function(value_or_func, metadata) { var fieldIcons = { + 'adder': 'user', 'username': 'user', 'activating_username': 'user', 'delegate_user': 'user', @@ -1132,6 +1133,19 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading 'page': '/about/', 'dismissable': true }, + 'org_team_invite': { + 'level': 'primary', + 'message': '{adder} is inviting you to join team {team} under organization {org}', + 'actions': [ + { + 'title': 'Join team', + 'kind': 'primary', + 'handler': function(notification) { + } + }, + {'title': 'Decline', 'kind': 'default'} + ] + }, 'password_required': { 'level': 'error', 'message': 'In order to begin pushing and pulling repositories, a password must be set for your account', @@ -1224,6 +1238,15 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading } }; + notificationService.getActions = function(notification) { + var kindInfo = notificationKinds[notification['kind']]; + if (!kindInfo) { + return []; + } + + return kindInfo['actions'] || []; + }; + notificationService.canDismiss = function(notification) { var kindInfo = notificationKinds[notification['kind']]; if (!kindInfo) { @@ -5104,6 +5127,10 @@ quayApp.directive('notificationView', function () { $scope.getClass = function(notification) { return NotificationService.getClass(notification); }; + + $scope.getActions = function(notification) { + return NotificationService.getActions(notification); + }; } }; return directiveDefinitionObject; From 43b6695f9cae84f7efa7dd434b4be4411694b91c Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 18 Aug 2014 17:24:00 -0400 Subject: [PATCH 010/160] Get team invite confirmation working and fully tested --- data/database.py | 1 + data/model/legacy.py | 87 +++++++++- endpoints/api/team.py | 66 ++++++-- endpoints/web.py | 13 +- initdb.py | 2 + static/js/app.js | 51 ++++-- static/js/controllers.js | 36 +++++ static/partials/confirm-team-invite.html | 13 ++ static/partials/signin.html | 2 +- test/test_api_security.py | 33 +++- test/test_api_usage.py | 195 ++++++++++++++++++++++- util/useremails.py | 2 +- 12 files changed, 458 insertions(+), 43 deletions(-) create mode 100644 static/partials/confirm-team-invite.html diff --git a/data/database.py b/data/database.py index 3e98b83be..a659e7d50 100644 --- a/data/database.py +++ b/data/database.py @@ -113,6 +113,7 @@ class TeamMemberInvite(BaseModel): user = ForeignKeyField(User, index=True, null=True) email = CharField(null=True) team = ForeignKeyField(Team, index=True) + inviter = ForeignKeyField(User, related_name='inviter') invite_token = CharField(default=uuid_generator) diff --git a/data/model/legacy.py b/data/model/legacy.py index 64bf8d4f8..52248958c 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -71,6 +71,10 @@ class TooManyUsersException(DataModelException): pass +class UserAlreadyInTeam(DataModelException): + pass + + def is_create_user_allowed(): return get_active_user_count() < config.app_config['LICENSE_USER_LIMIT'] @@ -294,7 +298,7 @@ def remove_team(org_name, team_name, removed_by_username): team.delete_instance(recursive=True, delete_nullable=True) -def add_or_invite_to_team(team, user=None, email=None, adder=None): +def add_or_invite_to_team(inviter, team, user=None, email=None): # If the user is a member of the organization, then we simply add the # user directly to the team. Otherwise, an invite is created for the user/email. # We return None if the user was directly added and the invite object if the user was invited. @@ -326,15 +330,16 @@ def add_or_invite_to_team(team, user=None, email=None, adder=None): add_user_to_team(user, team) return None - return TeamMemberInvite.create(user=user, email=email if not user else None, team=team) + return TeamMemberInvite.create(user=user, email=email if not user else None, team=team, + inviter=inviter) def add_user_to_team(user, team): try: return TeamMember.create(user=user, team=team) except Exception: - raise DataModelException('User \'%s\' is already a member of team \'%s\'' % - (user.username, team.name)) + raise UserAlreadyInTeam('User \'%s\' is already a member of team \'%s\'' % + (user.username, team.name)) def remove_user_from_team(org_name, team_name, username, removed_by_username): @@ -1766,6 +1771,32 @@ def delete_notifications_by_kind(target, kind_name): Notification.delete().where(Notification.target == target, Notification.kind == kind_ref).execute() +def delete_matching_notifications(target, kind_name, **kwargs): + kind_ref = NotificationKind.get(name=kind_name) + + # Load all notifications for the user with the given kind. + notifications = list(Notification.select().where( + Notification.target == target, + Notification.kind == kind_ref)) + + # For each, match the metadata to the specified values. + for notification in notifications: + matches = True + try: + metadata = json.loads(notification.metadata_json) + except: + continue + + for (key, value) in kwargs.iteritems(): + if not key in metadata or metadata[key] != value: + matches = False + break + + if not matches: + continue + + notification.delete_instance() + def get_active_users(): return User.select().where(User.organization == False, User.robot == False) @@ -1821,3 +1852,51 @@ def confirm_email_authorization_for_repo(code): found.save() return found + + +def lookup_team_invites(user): + return TeamMemberInvite.select().where(TeamMemberInvite.user == user) + +def lookup_team_invite(code, user): + # Lookup the invite code. + try: + found = TeamMemberInvite.get(TeamMemberInvite.invite_token == code) + except TeamMemberInvite.DoesNotExist: + raise DataModelException('Invalid confirmation code.') + + # Verify the code applies to the current user. + if found.user: + if found.user != user: + raise DataModelException('Invalid confirmation code.') + else: + if found.email != user.email: + raise DataModelException('Invalid confirmation code.') + + return found + + +def delete_team_invite(code, user): + found = lookup_team_invite(code, user) + + team = found.team + inviter = found.inviter + + found.delete_instance() + + return (team, inviter) + +def confirm_team_invite(code, user): + found = lookup_team_invite(code, user) + + # Add the user to the team. + try: + add_user_to_team(user, found.team) + except UserAlreadyInTeam: + # Ignore. + pass + + # Delete the invite and return the team. + team = found.team + inviter = found.inviter + found.delete_instance() + return (team, inviter) diff --git a/endpoints/api/team.py b/endpoints/api/team.py index 3c0751a56..37efd44f2 100644 --- a/endpoints/api/team.py +++ b/endpoints/api/team.py @@ -2,7 +2,7 @@ from flask import request from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, log_action, Unauthorized, NotFound, internal_only, require_scope, - query_param, truthy_bool, parse_args) + query_param, truthy_bool, parse_args, require_user_admin) from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission from auth.auth_context import get_authenticated_user from auth import scopes @@ -10,8 +10,8 @@ from data import model from util.useremails import send_org_invite_email from util.gravatar import compute_hash -def add_or_invite_to_team(team, user=None, email=None, adder=None): - invite = model.add_or_invite_to_team(team, user, email, adder) +def add_or_invite_to_team(inviter, team, user=None, email=None): + invite = model.add_or_invite_to_team(inviter, team, user, email) if not invite: # User was added to the team directly. return @@ -20,13 +20,13 @@ def add_or_invite_to_team(team, user=None, email=None, adder=None): if user: model.create_notification('org_team_invite', user, metadata = { 'code': invite.invite_token, - 'adder': adder, + 'inviter': inviter.username, 'org': orgname, 'team': team.name }) send_org_invite_email(user.username if user else email, user.email if user else email, - orgname, team.name, adder, invite.invite_token) + orgname, team.name, inviter.username, invite.invite_token) return invite def team_view(orgname, team): @@ -204,11 +204,8 @@ class TeamMember(ApiResource): raise request_error(message='Unknown user') # Add or invite the user to the team. - adder = None - if get_authenticated_user(): - adder = get_authenticated_user().username - - invite = add_or_invite_to_team(team, user=user, adder=adder) + inviter = get_authenticated_user() + invite = add_or_invite_to_team(inviter, team, user=user) if not invite: log_action('org_add_team_member', orgname, {'member': membername, 'team': teamname}) return member_view(user, invited=False) @@ -232,3 +229,52 @@ class TeamMember(ApiResource): return 'Deleted', 204 raise Unauthorized() + + +@resource('/v1/teaminvite/') +@internal_only +class TeamMemberInvite(ApiResource): + """ Resource for managing invites to jon a team. """ + @require_user_admin + @nickname('acceptOrganizationTeamInvite') + def put(self, code): + """ Accepts an invite to join a team in an organization. """ + # Accept the invite for the current user. + try: + (team, inviter) = model.confirm_team_invite(code, get_authenticated_user()) + except model.DataModelException: + raise NotFound() + + model.delete_matching_notifications(get_authenticated_user(), 'org_team_invite', code=code) + + orgname = team.organization.username + log_action('org_team_member_invite_accepted', orgname, { + 'member': get_authenticated_user().username, + 'team': team.name, + 'inviter': inviter.username + }) + + return { + 'org': orgname, + 'team': team.name + } + + @nickname('declineOrganizationTeamInvite') + @require_user_admin + def delete(self, code): + """ Delete an existing member of a team. """ + try: + (team, inviter) = model.delete_team_invite(code, get_authenticated_user()) + except model.DataModelException: + raise NotFound() + + model.delete_matching_notifications(get_authenticated_user(), 'org_team_invite', code=code) + + orgname = team.organization.username + log_action('org_team_member_invite_declined', orgname, { + 'member': get_authenticated_user().username, + 'team': team.name, + 'inviter': inviter.username + }) + + return 'Deleted', 204 diff --git a/endpoints/web.py b/endpoints/web.py index 19f9bb7f1..b1e69bc5e 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -32,8 +32,8 @@ STATUS_TAGS = app.config['STATUS_TAGS'] @web.route('/', methods=['GET'], defaults={'path': ''}) @web.route('/organization/', methods=['GET']) @no_cache -def index(path): - return render_page_template('index.html') +def index(path, **kwargs): + return render_page_template('index.html', **kwargs) @web.route('/500', methods=['GET']) @@ -101,7 +101,7 @@ def superuser(): @web.route('/signin/') @no_cache -def signin(): +def signin(redirect=None): return index('') @@ -123,6 +123,13 @@ def new(): return index('') +@web.route('/confirminvite') +@no_cache +def confirm_invite(): + code = request.values['code'] + return index('', code=code) + + @web.route('/repository/', defaults={'path': ''}) @web.route('/repository/', methods=['GET']) @no_cache diff --git a/initdb.py b/initdb.py index 21485d5a4..860b4e135 100644 --- a/initdb.py +++ b/initdb.py @@ -214,6 +214,8 @@ def initialize_database(): LogEntryKind.create(name='org_delete_team') LogEntryKind.create(name='org_invite_team_member') LogEntryKind.create(name='org_add_team_member') + LogEntryKind.create(name='org_team_member_invite_accepted') + LogEntryKind.create(name='org_team_member_invite_declined') LogEntryKind.create(name='org_remove_team_member') LogEntryKind.create(name='org_set_team_description') LogEntryKind.create(name='org_set_team_role') diff --git a/static/js/app.js b/static/js/app.js index 74a7b3454..e17e36e6f 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -535,7 +535,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading stringBuilderService.buildString = function(value_or_func, metadata) { var fieldIcons = { - 'adder': 'user', + 'inviter': 'user', 'username': 'user', 'activating_username': 'user', 'delegate_user': 'user', @@ -1115,8 +1115,8 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading return externalNotificationData; }]); - $provide.factory('NotificationService', ['$rootScope', '$interval', 'UserService', 'ApiService', 'StringBuilderService', 'PlanService', 'UserService', 'Config', - function($rootScope, $interval, UserService, ApiService, StringBuilderService, PlanService, UserService, Config) { + $provide.factory('NotificationService', ['$rootScope', '$interval', 'UserService', 'ApiService', 'StringBuilderService', 'PlanService', 'UserService', 'Config', '$location', + function($rootScope, $interval, UserService, ApiService, StringBuilderService, PlanService, UserService, Config, $location) { var notificationService = { 'user': null, 'notifications': [], @@ -1135,15 +1135,24 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading }, 'org_team_invite': { 'level': 'primary', - 'message': '{adder} is inviting you to join team {team} under organization {org}', + 'message': '{inviter} is inviting you to join team {team} under organization {org}', 'actions': [ { 'title': 'Join team', 'kind': 'primary', 'handler': function(notification) { + window.location = '/confirminvite?code=' + notification.metadata['code']; } }, - {'title': 'Decline', 'kind': 'default'} + { + 'title': 'Decline', + 'kind': 'default', + 'handler': function(notification) { + ApiService.declineOrganizationTeamInvite(null, {'code': notification.metadata['code']}).then(function() { + notificationService.update(); + }); + } + } ] }, 'password_required': { @@ -1725,7 +1734,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading templateUrl: '/static/partials/plans.html', controller: PlansCtrl}). when('/security/', {title: 'Security', description: 'Security features used when transmitting and storing data', templateUrl: '/static/partials/security.html'}). - when('/signin/', {title: 'Sign In', description: 'Sign into ' + title, templateUrl: '/static/partials/signin.html'}). + when('/signin/', {title: 'Sign In', description: 'Sign into ' + title, templateUrl: '/static/partials/signin.html', controller: SignInCtrl, reloadOnSearch: false}). when('/new/', {title: 'Create new repository', description: 'Create a new public or private docker repository, optionally constructing from a dockerfile', templateUrl: '/static/partials/new-repo.html', controller: NewRepoCtrl}). when('/organizations/', {title: 'Organizations', description: 'Private docker repository hosting for businesses and organizations', @@ -1746,6 +1755,8 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading when('/tour/features', {title: title + ' Features', templateUrl: '/static/partials/tour.html', controller: TourCtrl}). when('/tour/enterprise', {title: 'Enterprise Edition', templateUrl: '/static/partials/tour.html', controller: TourCtrl}). + when('/confirminvite', {title: 'Confirm Team Invite', templateUrl: '/static/partials/confirm-team-invite.html', controller: ConfirmInviteCtrl, reloadOnSearch: false}). + when('/', {title: 'Hosted Private Docker Registry', templateUrl: '/static/partials/landing.html', controller: LandingCtrl, pageClass: 'landing-page'}). otherwise({redirectTo: '/'}); @@ -2244,6 +2255,10 @@ quayApp.directive('signinForm', function () { 'signedIn': '&signedIn' }, controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, CookieService, Features, Config) { + var getRedirectUrl = function() { + return $scope.redirectUrl; + }; + $scope.showGithub = function() { if (!Features.GITHUB_LOGIN) { return; } @@ -2255,7 +2270,7 @@ quayApp.directive('signinForm', function () { } // Save the redirect URL in a cookie so that we can redirect back after GitHub returns to us. - var redirectURL = $scope.redirectUrl || window.location.toString(); + var redirectURL = getRedirectUrl() || window.location.toString(); CookieService.putPermanent('quay.redirectAfterLoad', redirectURL); // Needed to ensure that UI work done by the started callback is finished before the location @@ -2283,17 +2298,19 @@ quayApp.directive('signinForm', function () { if ($scope.signedIn != null) { $scope.signedIn(); } - + + // Load the newly created user. UserService.load(); // Redirect to the specified page or the landing page // Note: The timeout of 500ms is needed to ensure dialogs containing sign in // forms get removed before the location changes. $timeout(function() { - if ($scope.redirectUrl == $location.path()) { - return; - } - $location.path($scope.redirectUrl ? $scope.redirectUrl : '/'); + var redirectUrl = getRedirectUrl(); + if (redirectUrl == $location.path()) { + return; + } + window.location = (redirectUrl ? redirectUrl : '/'); }, 500); }, function(result) { $scope.needsEmailVerification = result.data.needsEmailVerification; @@ -2629,8 +2646,12 @@ quayApp.directive('logsView', function () { 'org_create_team': 'Create team: {team}', 'org_delete_team': 'Delete team: {team}', 'org_add_team_member': 'Add member {member} to team {team}', - 'org_invite_team_member': 'Invite user {member} to team {team}', 'org_remove_team_member': 'Remove member {member} from team {team}', + 'org_invite_team_member': 'Invite user {member} to team {team}', + + 'org_team_member_invite_accepted': 'User {member}, invited by {inviter}, accepted to join team {team}', + 'org_team_member_invite_declined': 'User {member}, invited by {inviter}, declined to join team {team}', + 'org_set_team_description': 'Change description of team {team}: {description}', 'org_set_team_role': 'Change permission of team {team} to {role}', 'create_prototype_permission': function(metadata) { @@ -2711,6 +2732,8 @@ quayApp.directive('logsView', function () { 'org_add_team_member': 'Add team member', 'org_invite_team_member': 'Invite team member', 'org_remove_team_member': 'Remove team member', + 'org_team_member_invite_accepted': 'Team invite accepted', + 'org_team_member_invite_declined': 'Team invite declined', 'org_set_team_description': 'Change team description', 'org_set_team_role': 'Change team permission', 'create_prototype_permission': 'Create default permission', @@ -5346,7 +5369,7 @@ quayApp.directive('dockerfileBuildForm', function () { var data = { 'mimeType': mimeType }; - + var getUploadUrl = ApiService.getFiledropUrl(data).then(function(resp) { conductUpload(file, resp.url, resp.file_id, mimeType); }, function() { diff --git a/static/js/controllers.js b/static/js/controllers.js index 56689e80a..82ed5c684 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -20,6 +20,17 @@ $.fn.clipboardCopy = function() { }); }; +function SignInCtrl($scope, $location) { + var redirect = $location.search()['redirect']; + if (redirect && redirect.indexOf('/') < 0) { + delete $location.search()['redirect']; + $scope.redirectUrl = '/' + redirect; + return; + } + + $scope.redirectUrl = '/'; +} + function GuideCtrl() { } @@ -2855,3 +2866,28 @@ function SuperUserAdminCtrl($scope, ApiService, Features, UserService) { function TourCtrl($scope, $location) { $scope.kind = $location.path().substring('/tour/'.length); } + +function ConfirmInviteCtrl($scope, $location, UserService, ApiService, NotificationService) { + // Monitor any user changes and place the current user into the scope. + $scope.loading = false; + + UserService.updateUserIn($scope, function(user) { + if (!user.anonymous && !$scope.loading) { + $scope.loading = true; + + var params = { + 'code': $location.search()['code'] + }; + + ApiService.acceptOrganizationTeamInvite(null, params).then(function(resp) { + NotificationService.update(); + $location.path('/organization/' + resp.org + '/teams/' + resp.team); + }, function() { + $scope.loading = false; + $scope.invalid = true; + }); + } + }); + + $scope.redirectUrl = 'confirminvite?code=' + $location.search()['code']; +} \ No newline at end of file diff --git a/static/partials/confirm-team-invite.html b/static/partials/confirm-team-invite.html new file mode 100644 index 000000000..625e9e262 --- /dev/null +++ b/static/partials/confirm-team-invite.html @@ -0,0 +1,13 @@ +
    + +
    diff --git a/static/partials/signin.html b/static/partials/signin.html index 4aac6cb7e..2a1a9563d 100644 --- a/static/partials/signin.html +++ b/static/partials/signin.html @@ -1,7 +1,7 @@ diff --git a/test/test_api_security.py b/test/test_api_security.py index 5b3e5612d..364432d4b 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -8,7 +8,7 @@ from app import app from initdb import setup_database_for_testing, finished_database_for_testing from endpoints.api import api_bp, api -from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam +from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam, TeamMemberInvite from endpoints.api.tag import RepositoryTagImages, RepositoryTag from endpoints.api.search import FindRepositories, EntitySearch from endpoints.api.image import RepositoryImageChanges, RepositoryImage, RepositoryImageList @@ -3424,6 +3424,36 @@ class TestSuperUserLogs(ApiTestCase): self._run_test('GET', 200, 'devtable', None) +class TestTeamMemberInvite(ApiTestCase): + def setUp(self): + ApiTestCase.setUp(self) + self._set_url(TeamMemberInvite, code='foobarbaz') + + def test_put_anonymous(self): + self._run_test('PUT', 401, None, None) + + def test_put_freshuser(self): + self._run_test('PUT', 404, 'freshuser', None) + + def test_put_reader(self): + self._run_test('PUT', 404, 'reader', None) + + def test_put_devtable(self): + self._run_test('PUT', 404, 'devtable', None) + + def test_delete_anonymous(self): + self._run_test('DELETE', 401, None, None) + + def test_delete_freshuser(self): + self._run_test('DELETE', 404, 'freshuser', None) + + def test_delete_reader(self): + self._run_test('DELETE', 404, 'reader', None) + + def test_delete_devtable(self): + self._run_test('DELETE', 404, 'devtable', None) + + class TestSuperUserList(ApiTestCase): def setUp(self): ApiTestCase.setUp(self) @@ -3442,7 +3472,6 @@ class TestSuperUserList(ApiTestCase): self._run_test('GET', 200, 'devtable', None) - class TestSuperUserManagement(ApiTestCase): def setUp(self): ApiTestCase.setUp(self) diff --git a/test/test_api_usage.py b/test/test_api_usage.py index c91005c5c..99086e45b 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -11,7 +11,7 @@ from app import app from initdb import setup_database_for_testing, finished_database_for_testing from data import model, database -from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam +from endpoints.api.team import TeamMember, TeamMemberList, TeamMemberInvite, OrganizationTeam from endpoints.api.tag import RepositoryTagImages, RepositoryTag from endpoints.api.search import FindRepositories, EntitySearch from endpoints.api.image import RepositoryImage, RepositoryImageList @@ -734,16 +734,50 @@ class TestGetOrganizationTeamMembers(ApiTestCase): params=dict(orgname=ORGANIZATION, teamname='readers')) - assert READ_ACCESS_USER in json['members'] + self.assertEquals(READ_ACCESS_USER, json['members'][1]['name']) class TestUpdateOrganizationTeamMember(ApiTestCase): - def test_addmember(self): + def assertInTeam(self, data, membername): + for memberData in data['members']: + if memberData['name'] == membername: + return + + self.fail(membername + ' not found in team: ' + json.dumps(data)) + + def test_addmember_alreadyteammember(self): self.login(ADMIN_ACCESS_USER) + membername = READ_ACCESS_USER + self.putResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='readers', + membername=membername), + expected_code=400) + + + def test_addmember_orgmember(self): + self.login(ADMIN_ACCESS_USER) + + membername = READ_ACCESS_USER + self.putJsonResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='owners', + membername=membername)) + + # Verify the user was added to the team. + json = self.getJsonResponse(TeamMemberList, + params=dict(orgname=ORGANIZATION, + teamname='owners')) + + self.assertInTeam(json, membername) + + + def test_addmember_robot(self): + self.login(ADMIN_ACCESS_USER) + + membername = ORGANIZATION + '+coolrobot' self.putJsonResponse(TeamMember, params=dict(orgname=ORGANIZATION, teamname='readers', - membername=NO_ACCESS_USER)) + membername=membername)) # Verify the user was added to the team. @@ -751,7 +785,152 @@ class TestUpdateOrganizationTeamMember(ApiTestCase): params=dict(orgname=ORGANIZATION, teamname='readers')) - assert NO_ACCESS_USER in json['members'] + self.assertInTeam(json, membername) + + + def test_addmember_invalidrobot(self): + self.login(ADMIN_ACCESS_USER) + + membername = 'freshuser+anotherrobot' + self.putResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='readers', + membername=membername), + expected_code=400) + + + def test_addmember_nonorgmember(self): + self.login(ADMIN_ACCESS_USER) + + membername = NO_ACCESS_USER + response = self.putJsonResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='owners', + membername=membername)) + + + self.assertEquals(True, response['invited']) + + # Make sure the user is not (yet) part of the team. + json = self.getJsonResponse(TeamMemberList, + params=dict(orgname=ORGANIZATION, + teamname='readers')) + + for member in json['members']: + self.assertNotEqual(membername, member['name']) + + +class TestAcceptTeamMemberInvite(ApiTestCase): + def assertInTeam(self, data, membername): + for memberData in data['members']: + if memberData['name'] == membername: + return + + self.fail(membername + ' not found in team: ' + json.dumps(data)) + + def test_accept_wronguser(self): + self.login(ADMIN_ACCESS_USER) + + # Create the invite. + membername = NO_ACCESS_USER + response = self.putJsonResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='owners', + membername=membername)) + + self.assertEquals(True, response['invited']) + + # Try to accept the invite. + user = model.get_user(membername) + invites = list(model.lookup_team_invites(user)) + self.assertEquals(1, len(invites)) + + self.putResponse(TeamMemberInvite, + params=dict(code=invites[0].invite_token), + expected_code=404) + + + def test_accept(self): + self.login(ADMIN_ACCESS_USER) + + # Create the invite. + membername = NO_ACCESS_USER + response = self.putJsonResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='owners', + membername=membername)) + + self.assertEquals(True, response['invited']) + + # Login as the user. + self.login(membername) + + # Accept the invite. + user = model.get_user(membername) + invites = list(model.lookup_team_invites(user)) + self.assertEquals(1, len(invites)) + + self.putJsonResponse(TeamMemberInvite, + params=dict(code=invites[0].invite_token)) + + # Verify the user is now on the team. + json = self.getJsonResponse(TeamMemberList, + params=dict(orgname=ORGANIZATION, + teamname='owners')) + + self.assertInTeam(json, membername) + + # Verify the accept now fails. + self.putResponse(TeamMemberInvite, + params=dict(code=invites[0].invite_token), + expected_code=404) + + + +class TestDeclineTeamMemberInvite(ApiTestCase): + def test_decline_wronguser(self): + self.login(ADMIN_ACCESS_USER) + + # Create the invite. + membername = NO_ACCESS_USER + response = self.putJsonResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='owners', + membername=membername)) + + self.assertEquals(True, response['invited']) + + # Try to decline the invite. + user = model.get_user(membername) + invites = list(model.lookup_team_invites(user)) + self.assertEquals(1, len(invites)) + + self.deleteResponse(TeamMemberInvite, + params=dict(code=invites[0].invite_token), + expected_code=404) + + + def test_decline(self): + self.login(ADMIN_ACCESS_USER) + + # Create the invite. + membername = NO_ACCESS_USER + response = self.putJsonResponse(TeamMember, + params=dict(orgname=ORGANIZATION, teamname='owners', + membername=membername)) + + self.assertEquals(True, response['invited']) + + # Login as the user. + self.login(membername) + + # Decline the invite. + user = model.get_user(membername) + invites = list(model.lookup_team_invites(user)) + self.assertEquals(1, len(invites)) + + self.deleteResponse(TeamMemberInvite, + params=dict(code=invites[0].invite_token)) + + # Make sure the invite was deleted. + self.deleteResponse(TeamMemberInvite, + params=dict(code=invites[0].invite_token), + expected_code=404) class TestDeleteOrganizationTeamMember(ApiTestCase): @@ -768,7 +947,7 @@ class TestDeleteOrganizationTeamMember(ApiTestCase): params=dict(orgname=ORGANIZATION, teamname='readers')) - assert not READ_ACCESS_USER in json['members'] + assert len(json['members']) == 1 class TestCreateRepo(ApiTestCase): @@ -2064,7 +2243,7 @@ class TestSuperUserManagement(ApiTestCase): json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser')) self.assertEquals('freshuser', json['username']) - self.assertEquals('no@thanks.com', json['email']) + self.assertEquals('jschorr+test@devtable.com', json['email']) self.assertEquals(False, json['super_user']) def test_delete_user(self): @@ -2087,7 +2266,7 @@ class TestSuperUserManagement(ApiTestCase): # Verify the user exists. json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser')) self.assertEquals('freshuser', json['username']) - self.assertEquals('no@thanks.com', json['email']) + self.assertEquals('jschorr+test@devtable.com', json['email']) # Update the user. self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com')) diff --git a/util/useremails.py b/util/useremails.py index 33307623c..7e727cb40 100644 --- a/util/useremails.py +++ b/util/useremails.py @@ -67,7 +67,7 @@ To confirm this email address, please click the following link:
    INVITE_TO_ORG_TEAM_MESSAGE = """ Hi {0},
    -{1} has invited you to join the team {2} under organization {3} on {5}. +{1} has invited you to join the team {2} under organization {3} on {5}.

    To join the team, please click the following link:
    {4}/confirminvite?code={6} From daa43c3bb959b5a8d637c85d90f17e63a64f14e4 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 18 Aug 2014 20:34:39 -0400 Subject: [PATCH 011/160] Add better messaging around pulling of base images when they fail due to invalid or missing credentials --- data/buildlogs.py | 7 +++- static/css/quay.css | 4 +- static/directives/build-log-error.html | 27 ++++++++++++-- static/js/app.js | 51 +++++++++++++++++++++++++- static/partials/repo-build.html | 2 +- workers/dockerfilebuild.py | 14 ++++++- 6 files changed, 93 insertions(+), 12 deletions(-) diff --git a/data/buildlogs.py b/data/buildlogs.py index 2ccd03899..8f184de27 100644 --- a/data/buildlogs.py +++ b/data/buildlogs.py @@ -25,7 +25,7 @@ class RedisBuildLogs(object): """ return self._redis.rpush(self._logs_key(build_id), json.dumps(log_obj)) - def append_log_message(self, build_id, log_message, log_type=None): + def append_log_message(self, build_id, log_message, log_type=None, log_data=None): """ Wraps the message in an envelope and push it to the end of the log entry list and returns the index at which it was inserted. @@ -37,6 +37,9 @@ class RedisBuildLogs(object): if log_type: log_obj['type'] = log_type + if log_data: + log_obj['data'] = log_data + return self._redis.rpush(self._logs_key(build_id), json.dumps(log_obj)) - 1 def get_log_entries(self, build_id, start_index): @@ -106,4 +109,4 @@ class BuildLogs(object): return buildlogs def __getattr__(self, name): - return getattr(self.state, name, None) \ No newline at end of file + return getattr(self.state, name, None) diff --git a/static/css/quay.css b/static/css/quay.css index 01fe84e60..68834f282 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -2535,7 +2535,7 @@ p.editable:hover i { margin-top: 10px; } -.repo-build .build-log-error-element { +.repo-build .build-log-error-element .error-message-container { position: relative; display: inline-block; margin: 10px; @@ -2545,7 +2545,7 @@ p.editable:hover i { margin-left: 22px; } -.repo-build .build-log-error-element i.fa { +.repo-build .build-log-error-element .error-message-container i.fa { color: red; position: absolute; top: 13px; diff --git a/static/directives/build-log-error.html b/static/directives/build-log-error.html index 095f8edd0..cf03fa7b2 100644 --- a/static/directives/build-log-error.html +++ b/static/directives/build-log-error.html @@ -1,4 +1,23 @@ - - - - +
    + + + + + caused by attempting to pull private repository {{ getLocalPullInfo().repo }} + with inaccessible crdentials + without credentials + + + + +
    +
    + Note: The credentials {{ getLocalPullInfo().login.username }} for registry {{ getLocalPullInfo().login.registry }} cannot + access repository {{ getLocalPullInfo().repo }}. +
    +
    + Note: No robot account is specified for this build. Without such credentials, this pull will always fail. Please setup a new + build trigger with a robot account that has access to {{ getLocalPullInfo().repo }} or make the repository public. +
    +
    +
    diff --git a/static/js/app.js b/static/js/app.js index ad6527fc1..00c1a27ce 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -113,6 +113,14 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading this.currentIndex_ = 0; } + _ViewArray.prototype.length = function() { + return this.entries.length; + }; + + _ViewArray.prototype.get = function(index) { + return this.entries[index]; + }; + _ViewArray.prototype.push = function(elem) { this.entries.push(elem); this.hasEntries = true; @@ -4021,9 +4029,48 @@ quayApp.directive('buildLogError', function () { transclude: false, restrict: 'C', scope: { - 'error': '=error' + 'error': '=error', + 'entries': '=entries' }, - controller: function($scope, $element) { + controller: function($scope, $element, Config) { + $scope.getLocalPullInfo = function() { + if ($scope.entries.__localpull !== undefined) { + return $scope.entries.__localpull; + } + + var localInfo = { + 'isLocal': false + }; + + // Find the 'pulling' phase entry, and then extra any metadata found under + // it. + for (var i = 0; i < $scope.entries.length; ++i) { + var entry = $scope.entries[i]; + if (entry.type == 'phase' && entry.message == 'pulling') { + for (var j = 0; j < entry.logs.length(); ++j) { + var log = entry.logs.get(j); + if (log.data && log.data.phasestep == 'login') { + localInfo['login'] = log.data; + } + + if (log.data && log.data.phasestep == 'pull') { + var repo_url = log.data['repo_url']; + var repo_and_tag = repo_url.substring(Config.SERVER_HOSTNAME.length + 1); + var tagIndex = repo_and_tag.lastIndexOf(':'); + var repo = repo_and_tag.substring(0, tagIndex); + + localInfo['repo_url'] = repo_url; + localInfo['repo'] = repo; + + localInfo['isLocal'] = repo_url.indexOf(Config.SERVER_HOSTNAME + '/') == 0; + } + } + break; + } + } + + return $scope.entries.__localpull = localInfo; + }; } }; return directiveDefinitionObject; diff --git a/static/partials/repo-build.html b/static/partials/repo-build.html index 3afe87508..225f58701 100644 --- a/static/partials/repo-build.html +++ b/static/partials/repo-build.html @@ -77,7 +77,7 @@
    - +
    diff --git a/workers/dockerfilebuild.py b/workers/dockerfilebuild.py index a4de1cc47..d200a336e 100644 --- a/workers/dockerfilebuild.py +++ b/workers/dockerfilebuild.py @@ -223,6 +223,13 @@ class DockerfileBuildContext(object): if self._pull_credentials: logger.debug('Logging in with pull credentials: %s@%s', self._pull_credentials['username'], self._pull_credentials['registry']) + + self._build_logger('Pulling base image: %s' % image_and_tag, { + 'phasestep': 'login', + 'username': self._pull_credentials['username'], + 'registry': self._pull_credentials['registry'] + }) + self._build_cl.login(self._pull_credentials['username'], self._pull_credentials['password'], registry=self._pull_credentials['registry'], reauth=True) @@ -233,7 +240,12 @@ class DockerfileBuildContext(object): raise JobException('Missing FROM command in Dockerfile') image_and_tag = ':'.join(image_and_tag_tuple) - self._build_logger('Pulling base image: %s' % image_and_tag) + + self._build_logger('Pulling base image: %s' % image_and_tag, { + 'phasestep': 'pull', + 'repo_url': image_and_tag + }) + pull_status = self._build_cl.pull(image_and_tag, stream=True) self.__monitor_completion(pull_status, 'Downloading', self._status, 'pull_completion') From d5027d238376d1177db76e1e8a405b6b3e0b26b7 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 18 Aug 2014 20:45:48 -0400 Subject: [PATCH 012/160] Add a migration script for the new table and log entry kinds --- ...d0e_add_support_for_team_member_invites.py | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 data/migrations/versions/25aea439ad0e_add_support_for_team_member_invites.py diff --git a/data/migrations/versions/25aea439ad0e_add_support_for_team_member_invites.py b/data/migrations/versions/25aea439ad0e_add_support_for_team_member_invites.py new file mode 100644 index 000000000..81bc9bbc6 --- /dev/null +++ b/data/migrations/versions/25aea439ad0e_add_support_for_team_member_invites.py @@ -0,0 +1,72 @@ +"""Add support for team member invites + +Revision ID: 25aea439ad0e +Revises: 82297d834ad +Create Date: 2014-08-18 20:40:38.553951 + +""" + +# revision identifiers, used by Alembic. +revision = '25aea439ad0e' +down_revision = '82297d834ad' + +from alembic import op +import sqlalchemy as sa +from sqlalchemy.dialects import mysql + +def upgrade(): + ### commands auto generated by Alembic - please adjust! ### + op.create_table('teammemberinvite', + sa.Column('id', sa.Integer(), nullable=False), + sa.Column('user_id', sa.Integer(), nullable=True), + sa.Column('email', sa.String(length=255), nullable=True), + sa.Column('team_id', sa.Integer(), nullable=False), + sa.Column('inviter_id', sa.Integer(), nullable=False), + sa.Column('invite_token', sa.String(length=255), nullable=False), + sa.ForeignKeyConstraint(['inviter_id'], ['user.id'], ), + sa.ForeignKeyConstraint(['team_id'], ['team.id'], ), + sa.ForeignKeyConstraint(['user_id'], ['user.id'], ), + sa.PrimaryKeyConstraint('id') + ) + op.create_index('teammemberinvite_inviter_id', 'teammemberinvite', ['inviter_id'], unique=False) + op.create_index('teammemberinvite_team_id', 'teammemberinvite', ['team_id'], unique=False) + op.create_index('teammemberinvite_user_id', 'teammemberinvite', ['user_id'], unique=False) + ### end Alembic commands ### + + schema = gen_sqlalchemy_metadata(all_models) + + # Manually add the new logentrykind types + op.bulk_insert(schema.tables['logentrykind'], + [ + {'id':41, 'name':'org_invite_team_member'}, + {'id':42, 'name':'org_team_member_invite_accepted'}, + {'id':43, 'name':'org_team_member_invite_declined'}, + ]) + + +def downgrade(): + ### commands auto generated by Alembic - please adjust! ### + op.drop_index('teammemberinvite_user_id', table_name='teammemberinvite') + op.drop_index('teammemberinvite_team_id', table_name='teammemberinvite') + op.drop_index('teammemberinvite_inviter_id', table_name='teammemberinvite') + op.drop_table('teammemberinvite') + ### end Alembic commands ### + + schema = gen_sqlalchemy_metadata(all_models) + + logentrykind = schema.tables['logentrykind'] + + op.execute( + (logentrykind.delete() + .where(logentrykind.c.name == op.inline_literal('org_invite_team_member'))) + ) + + op.execute( + (logentrykind.delete() + .where(logentrykind.c.name == op.inline_literal('org_team_member_invite_accepted'))) + ) + + op.execute( + (logentrykind.delete() + .where(logentrykind.c.name == op.inline_literal('org_team_member_invite_declined'))) + ) From 35bd28a77e1b407a31487b8ca242c34d385b678c Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 19 Aug 2014 14:33:33 -0400 Subject: [PATCH 013/160] Add support for the Flowdock Team chat API: https://www.flowdock.com/api/push --- endpoints/notificationevent.py | 2 + endpoints/notificationmethod.py | 55 +++++++++++++++++- initdb.py | 2 + static/css/quay.css | 7 +++ .../create-external-notification-dialog.html | 8 ++- static/img/flowdock.ico | Bin 0 -> 5558 bytes static/js/app.js | 13 +++++ test/data/test.db | Bin 614400 -> 614400 bytes 8 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 static/img/flowdock.ico diff --git a/endpoints/notificationevent.py b/endpoints/notificationevent.py index f1cbec42c..e393dc134 100644 --- a/endpoints/notificationevent.py +++ b/endpoints/notificationevent.py @@ -184,6 +184,8 @@ class BuildFailureEvent(NotificationEvent): return 'build_failure' def get_sample_data(self, repository): + build_uuid = 'fake-build-id' + return build_event_data(repository, { 'build_id': build_uuid, 'build_name': 'some-fake-build', diff --git a/endpoints/notificationmethod.py b/endpoints/notificationmethod.py index b49055157..56adcc0a5 100644 --- a/endpoints/notificationmethod.py +++ b/endpoints/notificationmethod.py @@ -4,9 +4,10 @@ import os.path import tarfile import base64 import json +import requests from flask.ext.mail import Message -from app import mail, app +from app import mail, app, get_app_url from data import model logger = logging.getLogger(__name__) @@ -187,3 +188,55 @@ class WebhookMethod(NotificationMethod): return False return True + + +class FlowdockMethod(NotificationMethod): + """ Method for sending notifications to Flowdock via the Team Inbox API: + https://www.flowdock.com/api/team-inbox + """ + @classmethod + def method_name(cls): + return 'flowdock' + + def validate(self, repository, config_data): + token = config_data.get('flow_api_token', '') + if not token: + raise CannotValidateNotificationMethodException('Missing Flowdock API Token') + + def perform(self, notification, event_handler, notification_data): + config_data = json.loads(notification.config_json) + token = config_data.get('flow_api_token', '') + if not token: + return False + + owner = model.get_user(notification.repository.namespace) + if not owner: + # Something went wrong. + return False + + url = 'https://api.flowdock.com/v1/messages/team_inbox/%s' % token + headers = {'Content-type': 'application/json'} + payload = { + 'source': 'Quay', + 'from_address': 'support@quay.io', + 'subject': event_handler.get_summary(notification_data['event_data'], notification_data), + 'content': event_handler.get_message(notification_data['event_data'], notification_data), + 'from_name': owner.username, + 'project': notification.repository.namespace + ' ' + notification.repository.name, + 'tags': ['#' + event_handler.event_name()], + 'link': notification_data['event_data']['homepage'] + } + + try: + resp = requests.post(url, data=json.dumps(payload), headers=headers) + if resp.status_code/100 != 2: + logger.error('%s response for flowdock to url: %s' % (resp.status_code, + url)) + logger.error(resp.content) + return False + + except requests.exceptions.RequestException as ex: + logger.exception('Flowdock method was unable to be sent: %s' % ex.message) + return False + + return True diff --git a/initdb.py b/initdb.py index 7e48ae3af..cb56d987e 100644 --- a/initdb.py +++ b/initdb.py @@ -251,6 +251,8 @@ def initialize_database(): ExternalNotificationMethod.create(name='email') ExternalNotificationMethod.create(name='webhook') + ExternalNotificationMethod.create(name='flowdock') + NotificationKind.create(name='repo_push') NotificationKind.create(name='build_queued') NotificationKind.create(name='build_start') diff --git a/static/css/quay.css b/static/css/quay.css index 01fe84e60..a5cdf019b 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -4559,6 +4559,13 @@ i.quay-icon { height: 16px; } +i.flowdock-icon { + background-image: url(/static/img/flowdock.ico); + background-size: 16px; + width: 16px; + height: 16px; +} + .external-notification-view-element { margin: 10px; padding: 6px; diff --git a/static/directives/create-external-notification-dialog.html b/static/directives/create-external-notification-dialog.html index d384f3f59..ba78a4ac9 100644 --- a/static/directives/create-external-notification-dialog.html +++ b/static/directives/create-external-notification-dialog.html @@ -73,7 +73,7 @@
    - {{ field.title }}: + {{ field.title }}:
    @@ -86,7 +86,11 @@ current-entity="currentConfig[field.name]" ng-model="currentConfig[field.name]" allowed-entities="['user', 'team', 'org']" - ng-switch-when="entity"> + ng-switch-when="entity">
    + +
    diff --git a/static/img/flowdock.ico b/static/img/flowdock.ico new file mode 100644 index 0000000000000000000000000000000000000000..e3d92799b7bfe01a0ae208fb9576467411a505d6 GIT binary patch literal 5558 zcmd^@c~Dc=9>?=Ko!4n=D=LdDN;E(Mgv|h930p`6lpP@;D99>HWR+EA$F?f1KGD(E zu}*;{12N2uKO)v5(J8K#EQ zv6?uW%s_dDHZE+@!PyK0xY-%W`3~l~ur+0Zw@l}M!f&swVIT5X+EMDQfPaUnqilmF z&ZTRiB1Z?8i}X;vO&=GFIB>H!mh<_RBoABz*qZ78!RO36|2;iD3Z-kfwWV%v;XCr2 ze@tAA3!50IEMnqnu|9q-F~Y5njd5)^7w&)X1w0P;Rwl5sFp~3aIJ4(pE>14_()l%< ziB`e6jq13VLr3*?ZNk+<%>hIFa@ZJkrOQxr$P(@j0?_s)XphC9jx-Qy~ybICyi#rDD{qUqI2t#dQ819b36X`~H zE;oalqZyn9_Hc5v!*b%sINy85@mKA(YnFbo2!p2<}7Bcq(0wk={5w?b!@ZCv!R9WjP-%LI=4Y6hFv&=6t2?kGlB#E+gZ!y*T+z9PXEU zV6a+%vD-q7)w@CVK!oAebr|l9hO951@N?ni#D$-$16H~SN!*kKas>s=od4#&v933c z0RKD&%sm0dACDfUW3(d~=t%^+v*GP*A?JI#t-y0pKE(L? z&Y5aYn`-=>gTsvqM~9(!Y6L1}GA#TFP_87p258&@^zX>Pzt@K~P0h$?tHno>>u`6m z!CHS$_0vDVVFVf% zMzG|H3|c?S!1`qrdUwa5_dCf;6ToT(bRGiEE9?=v+8e7yz7q=c_e0QX5!O%&^hbDT zFvQ{*@8_JUT7~1Xj}=Z5{u#nAAHkvu!mpA+oA7mS%fPN1h0(oHENdKvX*0lS9Ki}# zK4KyQu{LP+Bn4n?V1S$-wk{a)adGZbai5RRD}(>sZ)H&Yk?_xx_%DrsUOgh`vnYP8 z3`V~Z{{2yK9)PqXaCLJ;LTo4~#$PEkWG&W5h9fB{{-yjmyDF64Ju%p`;QT05Dr8Wv zltJ^F42+slFzd#kdw&f24P#&v88iY0buzfQ3*>x?@mGq92!}W}2I=W3UeDv4uAQ6s z$^NPU&@^G*~rkm!a*oU^+3Z%3dV{y=&h8%$V&pV00}JCwZb~89af=j@Niy^ zl%(~Dj~D+*ImyY2({ZMoQ!{_`zS5#bEHY>S!>SQ1VH4OM%`ooMF#l>dF#dgbk`cb&2Oq3w_jD|J^)?N1g#Yhq3hWU z13w9j10~=Dx56x}6~;kbSQDIy%~?rEPfMN9rmRdV7q{7LwiU%8tteg`cRL~?R4^U) z#X0?;J}p&?_7-)*Uh2~fZBYw!37Z|#3Zu|gm_)Xc>uz}X7b78N4YD#bkwv(2Wo95J zI~zGU*~rYyJeHT2i-P<-s((`~7QgW#XS!>nut5_w7iqIvKns?HN}v_d3T9L*^rG9q zj%$N{oD`hUCWxcskeic*EnBv{pv}n6-XixQTRy%S`NW40K6tNiI_Bg#^Q3+q&9&WC zDiQ5ioY01)N$t=|?tpem2bifHpvU*XGw~AA;=_@jmyO)q+`mwce5|mr0L8_{6_Xh+ z>l~=Z>o9Ql4rW?tpj^ib9<#q1>I2E+6|TWyP&eI8}kYVz{&Xy zv0INKAt4bP6E|S{jt@~-SU5nqM@vddcvG!A({cNQj~DVj8Cq>vGO(ZVQGey4;=V@J z?R}l|w>|DuE*NTH<#befrI&uM?XxSu-#>K9@8GG<1^!>gsdEx?bRs_?naw!~SAD+4 z{$QQ!`64!A-8u3aoT|fL_B_kBrM&&23w_ULp$y6KNIH%uuwL1|y}kYI<59e`#1@pQ zw=i&Z+pF_07su~EFIESoiWE&$ojRv^E|i^;t+?Pips<*mr%&cu3h&8oU{T zXLnPGHe$3P|CQ{2J?l06C;Pf&4A*Bsc5m}5*}r~Zu#0ix5!ffC5T1Ji-^)+2u6hU& zSD(NlGIPTJ)TAT}kx0at{2nNr7<-_2lGIm3mgO>dSB@f_)EShxVQCZgQ{`b^Y3FxJ zM@W54?3v%oU|Ti}ze_Usks9Si`+!wmpfs7kAgtJ2eS0r7vq()5(E{zTCOBpH!nUXn zJg0;Sep*@@Pb`l7FaN3a7V$dwFd{mjvq}P8vNxMYc7Piy{gXY1!v8*5NwtguCAktn!V*YG1F8 K=eB?M|L{K?9?(|+ literal 0 HcmV?d00001 diff --git a/static/js/app.js b/static/js/app.js index ad6527fc1..8676d7d99 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -1076,6 +1076,19 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading 'title': 'Webhook URL' } ] + }, + { + 'id': 'flowdock', + 'title': 'Flowdock Team Notification', + 'icon': 'flowdock-icon', + 'fields': [ + { + 'name': 'flow_api_token', + 'type': 'string', + 'title': 'Flow API Token', + 'help_url': 'https://www.flowdock.com/account/tokens' + } + ] } ]; diff --git a/test/data/test.db b/test/data/test.db index 4d04283311e6feb845dff3fde9a4d370858119be..a947e59643b1155787f4970e641fb95bf1b9aef7 100644 GIT binary patch delta 6225 zcmds*d302Dmd9&(m8zG83bGj>P=sV4F|YFW1yE8+Rb{JGr7Ec;6+n3J)q5c!3)x8! z!m~xXXU^#ns^!;%xUs0w&>(0cwyiicc8{nGwg~NU!Q)|OROmCO&(M7k!MP#ru(sOG ze^Y;?Uf%uvKEHdv_x_gpZ8(&(;ZV*)Gt4EMXBL}Fo?o#ml!`fjV{(4sJnekX`I`e1 zU8Byl6wGSM)LYv7;_d3H#Cyw0X!Bc>^Hb+4(@^I1XiO)NaU`ZD`h7gcMWM$YtgjccCYD zI@rW#-NTsWU$_1^k?0x1a&zbRCJKAEW7G1&mlCIY&tP}X{PSapf9re0y6;qSV#}Iy z>C?9jxQtfERf_QpP!9JGW7Y%PHYd6UhOnGRT0T#>)^5iN{-d`kacC`2F7PiWhVDCJ zpYh(_nMRux<==tdo!Gx_k3DJCYNzlr|Y(^rJ0nSfC5uj9it0lpy?DT(k*IagBYk5OT=sw(7-)ldP3jEPYnRaqSIdzolOfT|Bx z*9Z8@x{4|ieRu;zn4HYvLfsn5(8u5pU>8kpgki^!-D#Y?qk1xp7 zdSi8dHd-2^gW)o%JVXk$oR>ruUz=;WqNV{p+FaJ%S07=@8bW1_vBs`IPcPda=<-!{ zHz+zb{Dx3bIF{~$twqH0~M8IMMSQld_ptX=Rx|T++ zzpP7(HP^1LMlW49&ts!)LNrj(9#iYxo>-^S+1%e%&bfP3t*Ei1e03ko)D48&oBCV0 zQn%jXYl+7@+$+(fZ_Iq5UyMb(L0{BURbO6R$CXH4iuQ>j7l0&}mQ_V0Zy-|Kz%lia zk_wtGDWe<8#NtRpxPfQ=;f4|t{p1_-Os;sf$gYa|$f&=ihp&sSig!0Kawt?0u86iW zqA(y(p5~T7tlrbnP%;qXgXNwYy<_x)Z_Km{o3PQjV>I1mVJ8gUZe6GPFeAkcKaxpmHA1MuZi+uhPiDIisJ`yTn86hl1d}UrA8K9}EhCrl@<*U(a zpICBG=_i)Ze6l(cCd1)KO$kf$f%^J7UMljG$D#o?RLl6hK0ocLspjg1QRwpD1z|>t ztD;781Stp+0@qU!}FtB*hY>NKlfC zrWR1r0)}!+BrkH@NV@eyXZ8=lKIpQJxUi)3qrIat%9<-5QMPfw$3%qJHmE@0>dtl%O@_+;g~ zvbx)s$K`GY^?Pq{ykNp1d}zU1^3<*JjD^mjX`|_@>vvgWTB(k4xYko$q3n!JDr3 z)+-+N$}K%w)~)>jE>9+#OeTx-yvcdqdC_DVoluCqRZ;hINi13zq)+l~eg1@f7$OdeUb5Le@R^~{^Wt@Xt>Jm?gEYA_FEOB&P zQ%F{iTP+0^hshkpVF^rTApj|`+OUhO)(P9tFlbU zvH}h>5=BT1ABVc&X@;dWK@cQF6SljvNlj7WlE4rYErVU>I2c`s6FMU(B81Bbl!Ow5 zttcCGQsVKkx>95jv=V4SQdJUS(pibsw79~u=mKH8D_bFXF3yoUp-D1C&wvh)5(WxV z*IAW`i=w2VQn$^MO$(YX$Z=??i3*HP#R*xVMF@)$SSBuLlE$MwZrjXkM&=||0q+E! zBneg&Swf<~4^@;@p3xKrnxb=VTWPi!CnZTx1Ojr#Ld3cXdg(gBLmDK7*5ew~;}yhcN?5;c}qUK9yYW}zb}!cz)Ou^M`+z{bywb1=0yiX&t`4k=PN@Q?w`Xh{P( zRVglzqu&(Rc7L-Z5RF#x6i4|2o(3-|!f`s#5GMUK!J5j_8m^r8RWS@#R6$pj1|l)m z7Y=&qVu`KvlVt&pEb^B-Zkiq(2+t}?T#=~n6#}RTjLl-;Gi~jMFEj? znS@e>WOBU9(5gT(8Y_>!+MX1=chWU88GI2Li6hbMcaly`zQI6?lE9&qV@W4(v`_-a z@uPn_mejlUIuq;WKy!vc8!GHuLO;Z%taUXh$uJ{LW|PO%h$r8?nsEOIl>>I~t%v)# z(mo%Nm39oB3D|RP-3EG3M`ERY@vY5($VD$y+Nb_i^F3o0&NaRSUgyJM*&>kMMFgJAsf2SZNWY52~c}K`D+|n|7E@Xf9-oa~g`K^Mf zv#cKT&Gq=LIpw>}$=_|puQLxyHwNUm&VG~Gex3OynUk(F-z2l`M)Ruc(|}!Pze#NC zcbl)@=5Fdevd?~aZy6tvxGG<`q_R5dgIuCa41N8py`E_G#lXJ=tt>+P167R{}; zw-$M8N~(*iyv3x)6A4uZ$9LS5Cg(}#S=cF$I&&vm3G^bb3b1Iy5>L`&M+%B$cv?fNpKzST7VmlJ zeYE09$B=#A(R~?4W;QzRz!#yw4#zV4#Nmg}8~R+-f#Y|hb2}Wn?b7ar?S?-qF?`=5 zbYiFDK@98P!=UB69OtkFDX+YZs&)g?5^Vhx6+Q(>?BMLJM&>N^d>SD0p9Z9O|JHUx z&qUz~fPDLDKvI*47Y+YRG`tkry!Z?-GoSjr3@si4rt6(uUm)^XU~&WUuaWCHVA}Tn zJk`j&6PXV<7NOK(U}hnfG4yHZ$penN(Vk&oazj5JH2hOhfQC`F?s06y7Ehl2D4P8X zU}k)HIRmBdb)04Ky`Ndr;QThpwA$o!PVlEKOMNwUV#=Ik5^r>@w|{J>l03F5Y?Jjd z%VkU0EJHKTX3ymOf+%z{nQ$F;YDI#*TOQjuS)OGHk%A{xRs>04<2szMP{%&UIs0P% zSiaFJqD#}jpB>LThV8SG+*6D^0iC-OqTak8a+kN_{*Tb*{f_O}#O_`LJ$Arx#-6m{ zUt)%z9gAZTdgBGq#&YuGi>T_wF};8El^1zNKpT8r?IuKxI)z69073 z(jAfX)5gra04%<~>9dhTj;_LaG)?L}DZxP_&cn|dT7`3m!m&i0B^gN;RY8c0hCeXo z-NWzW4`L|=e^`iCnDKMiBy@NW3S02A77w<=Zu;SY>;zaX5qMu^; z8N2keRlhR){wrRL*Z^UQlWG#%fKWrQF33ayxkAHh;mPaQ?McYq`Fa|8@cp9GGir5>Dzk|*Os_M8)) zZyA{lc}j78J6Gv)M+$rHV*g8?wpDd7rt~Nw)kN9 zC|W^{y_*$!0hQ7C5xaB2R=d&Gj?T`2B8xEi9y_<<_mxI#8~SJ_yeVe!Vf$3EA8vYE z(c76YH)sxT#;}R0dFTla5|Z=Qe#BXe;KI6e6Y=Jw04iLGdu4E<~W4kU_P0u2NSkm|0>sT%}HC!J1rCw)tIC!KJu?ylmR1abp{ z8fr)IVQvfb=y6zd5d>j2sDP6&Ix4QKE4p5Xo9u|r?y$3?#C2w8Tt`RTH)L>tFzOE9 zHXrijsehf{dC$Mz_nbFp)A4DWj!)Y*-sssrq0;C%y!7Evj@fq7V0+*8p6%q(QT7*Y znUhOscy`KQ`-SZT+bMYV&$gqdTJJFulO`S>msz@Y7ctK8vSCNt1!CG$;q94Ux4l4& z{&c~2GDq46^7E$459rM!M;PMz3~sVM3qQ2iiZcJ+(Myb8JZD@c(|M2>Q#aM0Deu}v zT)R629;ju$M&rGN8@-eSh3qsh6MBX=IM%rfr(H@(?} ziwfYu-n)7&(|+I~^qEGSS4ft9Ye!H2jvnLKJIXmJ5p1lgZjx)|n8<_@^>L5S7mNFA z8W>-~)lh?Ep@MePjebECP$CkKx!iP9O_ST_^;V0Ou^RlrXGVK@G+Yy?^DqsSd}YGL z)_Wu28rjcCLLeFv{C-J{*GayF=&kjK{Y;|1ii>k~k{qtC6N7cW5EH1vHGeeL^UK=2 z+WNL&^@dgccxc%MUzMi1WJh;bWp~}G&bk#2r<0?*kkl1%3v1VFb*WV=gDutg^dF5S zyq~S>u61@bw8pw)+=`gsM%8XdDB+B?wmFiW65ZX@78NVPO>(R*u%fC)P}FuLVD58c zDW7nz40<}*$|jlRtGSw5SJN_wq^3ICovYK)XrfzP>vn}gF(lM`qU$?T&N}CY#wh;5 z;81ya<%X(G))8*g+PcEYcSeLW>bMZBWx9hc>*-GX z`_GL`59<>}p`P)3nmh@f_6xMHGUjpDhZ{px^(Ywd$Eq9rQk6f#1?%}}gH)4n31L?} zAu|4IN#f+_B4UJLlAbl4G+3=xtxauT-r26U6|+h)!xqa;{;C$Q;#}ca-rN#x_I0$d zK4-|0PF2Jj!5s`otKD%56b!hbN92B7Sd5u8y=;a$a2Ug;6M%M6QDIMSOLvCs^T*M?+kc zjs|K&l?kzdb~o`-03r{DSdnk?Rv}&vx;*{>6RN5X)&@|W*NeA)VVuA#@y__l7C+B- zaLuhk>kB!@$CjO@V?f;e2^qJ$Po$;Ep4MwA$ zH^TH+xzlr1*?Ubxs4UaXI^;DDkxZtq%R>9trD5MvQ=Z-Y6Wa_p1l}CkQ=J8CHJWZV zpNKzk{;!_(T)$PC{{*^O$4s8Vg^^$9*W|A)+rDk4&w?cZiS{z0nDF`GSZL(As!AWC zQKi%nW`hx-J|;$@^-R4G!Oy;HnufjannER!Xk7NhYGQ1p!P6A*MLdnc>IUSaJux?I zNo-Z1rZyIidg}UN$VbkIAV{>5W(A68xHN?{mZKCki6~A=(xN1#7+z%C)HSWMm2~rp zmJYSOqoZ||+QQNdqG*v~WjoExX6e~9av&ZF66(u0|J+vmO|V<+<~}=-ouB=V!M1yot6p-!1?pECSy?wYsn{Bl{6osotl2ZJ~y2nnOr z5I2%emsMrch>;|P64Ja|q)=K_AUaW_cunFpo>Mi2;d3@lX>V=5JZYD*x>KEUV>Bm9 zywq1tyy~0}UJjeoRAhFMH;n1>z#N0YV6r`Cusvow3-0Z;MM}(Z<2NzSG~FC0uU^Ps zT1Vd|V!f?LMoE@UG781;T#`bvEK-U<^OVHWDORKzl|ii83NcEWQe>o1ikL(~5-BW;IGmxfDvCKpNu|IdijfqWLJF@@GQ>tP z3?rl^H7#=zi~m4n%_`PlDnu(HrK*?X6nILZ6^7zuc)-dKi9}d!OLNSXF$0dQOD6~u=2%Caek`yCKv?RzPLMagsII_IO z0)sSg3ZhHG#7F_Uq=ErTI?b_y%F>7xaHBJ8=2V#$6*-v%NlOV7k{FGWkbHor+weO1siHNH*7z)Rjm=tdC zhnxIvAsX^lOLApYLeX$IDkS78ud6;P)cLAo-auUwAM#a1c-|vag+s2Gb$EFo2glKn zVK77XbGGuEouRKhd#AIQSJQ&1@+#P=z|v_J{z|DV1s^$yAXS-^ruIM6njKtRaCId^ zEYhHTlU~a{TX>xyB7tS_h}W~vT(1ZSc9{N;U(fE^c#R}FSVoo@32&;g>mI zz;f$fl;;g9=*qr(byVZ9KWMpqQ09iomqY6fT1sv#|7Xw=8C2L|10mj9a57{my|KI} zWD#$u^bdqAKU&;#^|!ndYwkp|%Q!qAugD|5TF&`unY>2s`SPr|LbqO{50fp|$ir;T zzD6EqbJq3ps-e^I%H+f~`Y^N2UoBsI%ncje_qgTx$9&-ixh7IkTaCQ&8c!_bnKjs( z@)T)W*`8Y7+SXQ{R=YZsd)zFJ}$hfc~f2HQp388|6lvCSwn zQ^xC&rUElXUO%*NjdkJV|DX32c*oycR}xbfJo&r(c3W$UVIyObg3430LJzir92{z} zMNvvJC2DDvXEj;DYj#^N5~iKSTk+C|tOqTnqnq;eqGJ4}l`O-xd#sBr`3*mOQP-y8 zwIn$g5A3n-vy5JF?rGgKCDVIH89uewx`hz8{c8_i^00M)80B8qiNpHL$#!LhiF?csnl72@j7fN{V!P{>QfC|n84M(+KxYIU1f{YX z9N;PvD49bNC9oU=eH5?4fr-~V4s&we-OX4zY`vI2iE2Bn&k%ElZo;OUGtahjc-s-{ zN^{|NkKjv3th)%?6MOH+4<5B%uoRZ=nxK2o;4;eai%){lWGdhm;IOVm%k1_ou5VK!dejZPL3W(@aa~~e{Q!xA11=A1eMKkel%n-rnKLxYL54?X! z*Jj}D1X%mP(_nV~-+h?TJtdicSyzTPKV!YeJm>xfY^p94FP|}=<|>uQ?#b?v?^(W%*nc^b}+1aPm^1Sl7FncgqIpgi0Z+fX*gmcFA`&8 zj}X{pCJz$aqxZ-0hh}mY;V|v_5PzQ_FIdLiy?%x6@m!9gFAEUz{O8`l<=KF+-F{&r zW-Ndxc(+Z!ldXWrH_ttXU$X*&rOIu%g#-lg^5*aBp7P7deP0eBinfeBjqM`i5sAPUZW>vr8UdnlQ^Y`~bi$N&5L^2z9Q z9{vkb80gsz&VBFLCg48n%~lknueYHmEjm

    &5}AXy37&*ghUuW8dDn1^;?Hu&CxuMtp7pu=1mYFX5MqfHm_scBuX!{zX4jYTra) zP5S8Pg02OyehezLVG^+Nzy08XK0CQ^6oF1>H{zuXd4ZVu!>xAgW62jRgni$$dP^(5 zI3AL%jw26QM(IUo_2w4*&IEW;iO60HKW6tw`pjnhY7wL;%abb!F88Anyqkv)GmAX_ zDJ~a)i5hQn;u#{uTvqc8<@WdJKtA9+b{PW~A-csY&D^8hx(WH^D3 z&I4HCS>1`3&Ief0)+KNBm6JVVE!l;4BE7l$@-;Mmz7bX=n{uba>&+eb^T8*3 h7Xy<%c~_%8vmFoI1}<%)$#VSG5^^Rn@AYuQ{{qGD78?Kn From 32ea1d194f1d97e68649b1848fdcf7787412c466 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 19 Aug 2014 17:40:36 -0400 Subject: [PATCH 014/160] Add support for the Hipchat room notification API --- endpoints/notificationevent.py | 22 ++++++ endpoints/notificationmethod.py | 62 +++++++++++++++++ initdb.py | 1 + static/css/quay.css | 7 ++ .../create-external-notification-dialog.html | 4 +- static/img/hipchat.png | Bin 0 -> 2828 bytes static/js/app.js | 63 +++++++++++++++++- 7 files changed, 156 insertions(+), 3 deletions(-) create mode 100644 static/img/hipchat.png diff --git a/endpoints/notificationevent.py b/endpoints/notificationevent.py index e393dc134..f3f4d6a77 100644 --- a/endpoints/notificationevent.py +++ b/endpoints/notificationevent.py @@ -15,6 +15,13 @@ class NotificationEvent(object): def __init__(self): pass + def get_level(self, event_data, notification_data): + """ + Returns a 'level' representing the severity of the event. + Valid values are: 'info', 'warning', 'error', 'primary' + """ + raise NotImplementedError + def get_summary(self, event_data, notification_data): """ Returns a human readable one-line summary for the given notification data. @@ -55,6 +62,9 @@ class RepoPushEvent(NotificationEvent): def event_name(cls): return 'repo_push' + def get_level(self, event_data, notification_data): + return 'info' + def get_summary(self, event_data, notification_data): return 'Repository %s updated' % (event_data['repository']) @@ -87,6 +97,9 @@ class BuildQueueEvent(NotificationEvent): @classmethod def event_name(cls): return 'build_queued' + + def get_level(self, event_data, notification_data): + return 'info' def get_sample_data(self, repository): build_uuid = 'fake-build-id' @@ -127,6 +140,9 @@ class BuildStartEvent(NotificationEvent): def event_name(cls): return 'build_start' + def get_level(self, event_data, notification_data): + return 'info' + def get_sample_data(self, repository): build_uuid = 'fake-build-id' @@ -155,6 +171,9 @@ class BuildSuccessEvent(NotificationEvent): def event_name(cls): return 'build_success' + def get_level(self, event_data, notification_data): + return 'primary' + def get_sample_data(self, repository): build_uuid = 'fake-build-id' @@ -183,6 +202,9 @@ class BuildFailureEvent(NotificationEvent): def event_name(cls): return 'build_failure' + def get_level(self, event_data, notification_data): + return 'error' + def get_sample_data(self, repository): build_uuid = 'fake-build-id' diff --git a/endpoints/notificationmethod.py b/endpoints/notificationmethod.py index 56adcc0a5..a6d958037 100644 --- a/endpoints/notificationmethod.py +++ b/endpoints/notificationmethod.py @@ -240,3 +240,65 @@ class FlowdockMethod(NotificationMethod): return False return True + + +class HipchatMethod(NotificationMethod): + """ Method for sending notifications to Hipchat via the API: + https://www.hipchat.com/docs/apiv2/method/send_room_notification + """ + @classmethod + def method_name(cls): + return 'hipchat' + + def validate(self, repository, config_data): + if not config_data.get('notification_token', ''): + raise CannotValidateNotificationMethodException('Missing Hipchat Room Notification Token') + + if not config_data.get('room_id', ''): + raise CannotValidateNotificationMethodException('Missing Hipchat Room ID') + + def perform(self, notification, event_handler, notification_data): + config_data = json.loads(notification.config_json) + + token = config_data.get('notification_token', '') + room_id = config_data.get('room_id', '') + + if not token or not room_id: + return False + + owner = model.get_user(notification.repository.namespace) + if not owner: + # Something went wrong. + return False + + url = 'https://api.hipchat.com/v2/room/%s/notification?auth_token=%s' % (room_id, token) + + level = event_handler.get_level(notification_data['event_data'], notification_data) + color = { + 'info': 'gray', + 'warning': 'yellow', + 'error': 'red', + 'primary': 'purple' + }.get(level, 'gray') + + headers = {'Content-type': 'application/json'} + payload = { + 'color': color, + 'message': event_handler.get_message(notification_data['event_data'], notification_data), + 'notify': level == 'error', + 'message_format': 'html', + } + + try: + resp = requests.post(url, data=json.dumps(payload), headers=headers) + if resp.status_code/100 != 2: + logger.error('%s response for hipchat to url: %s' % (resp.status_code, + url)) + logger.error(resp.content) + return False + + except requests.exceptions.RequestException as ex: + logger.exception('Hipchat method was unable to be sent: %s' % ex.message) + return False + + return True diff --git a/initdb.py b/initdb.py index cb56d987e..6b68cee85 100644 --- a/initdb.py +++ b/initdb.py @@ -252,6 +252,7 @@ def initialize_database(): ExternalNotificationMethod.create(name='webhook') ExternalNotificationMethod.create(name='flowdock') + ExternalNotificationMethod.create(name='hipchat') NotificationKind.create(name='repo_push') NotificationKind.create(name='build_queued') diff --git a/static/css/quay.css b/static/css/quay.css index a5cdf019b..bd8f571e8 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -4566,6 +4566,13 @@ i.flowdock-icon { height: 16px; } +i.hipchat-icon { + background-image: url(/static/img/hipchat.png); + background-size: 16px; + width: 16px; + height: 16px; +} + .external-notification-view-element { margin: 10px; padding: 6px; diff --git a/static/directives/create-external-notification-dialog.html b/static/directives/create-external-notification-dialog.html index ba78a4ac9..bf0c5da03 100644 --- a/static/directives/create-external-notification-dialog.html +++ b/static/directives/create-external-notification-dialog.html @@ -88,8 +88,8 @@ allowed-entities="['user', 'team', 'org']" ng-switch-when="entity">

    - diff --git a/static/img/hipchat.png b/static/img/hipchat.png new file mode 100644 index 0000000000000000000000000000000000000000..4b0500763a2546cb6a4f41f94d3b4cc0c14f27a3 GIT binary patch literal 2828 zcmV+n3-k1eP) zKOSs*0qtXRxLtxMcqIZ!!E-8}Gw9UqEoz5fqvdi7$Io6lnsfPNeo;|*&2^jI7Ig|A`l5Yhae6# zT|Y3Xnl$czqDOAXG%(h`Ce8&UzxbjUAfNzE<}6!snN!pZzfxEDNm? z3=J8OBzQ&md>{Y|5E>K(N`?%`1d zZoMK>9~$yVa^k?-Vj21dnE}W-SIT!~{=6w8`|`O$a5R)kurwqes%$+6#sBxCSEITb zT3y+?mc`~snzFp~Y$3w*plNtTIGo}Ax-Wfx!c*giurw36 zjA|zg8c;N9?R1#o!j?CCMRjcv*^1VHCzqZ(nhR4f09fr^dWP>?|MDGuqR|{B_w^=f2N{Q4blg*ai%VFWSAbvz!1#gax1f z`mM2(hT*yuGJ#1`eX(rJjI}MonrZDlp7-g-445>aDb&~!hV;uxU#wI%dmo*`-gUDd zd~^gX4iFgzZPvb%A8yHP8qn+_Mn5#a^l~Zm8rWRH(V?Zgmupl(0XaL3{*Ns=f9e7Z zTDa1mO25*cyA`OYSf8PsYuoJB_Ho@ zm}=BooqiCCAkY+??q{bwa8FX7)>3sQF%ib)vnRvl0wGYU(spJ!J)(cAUhCkG`NjDq zP$}RMD5GJ;tVwNW>rCcP8xs~Ei@G|fc<;5E%^5%V$LqDWXP$y6fdSm!XC~Yo7OZVM zRVVZEqr>5mAOkGD?NE+?uwLswKNZy9VR-hbaf8}U()m0wb|4HIh(2)avAm*My9a)) zVsp)vvg_a(ctvA3GVw z{+g2Yw~*L37NQ86h9Kr%sf1svvbq*t5flX?^@%jKm!$KFk2ckRorqj%t%m2|DvLdE{HMGUa4ZM`&&79-fL|*%JhVqt2z(M0?6s?w(*?yX zmZiS6G3LHmpX@jin6cwzX6JVs{o05Z-fJ;lWp$jmR058HPf{4P{bIYJ;a7gxfZp(m zU>JDaoBn;W#mX?F4(6H{URnR>oR2E4PTV9iF#p3HBd4vvRdY;NeT&)c2T!7^7CZ;R zHz+>FsMnxDYjX1KpcxPuyy73bj|hUV>B_XZQ^JS$2gr`ChoeT%d1LMNN{bC0Koq2p zwjYjoaNf#yw!rRT;$ps7_Lmkh?|+jCf5q&R{&au+$-A)(3?DnU;%WsnL9jR$&UL1%Q?Z%9w&(2IkhzcH&)~GE9RvYx{W?HMh+&gd4MuY}K^g+R1 z_;y*J$grj>0AmoA9ZDnR?Rj@ka zlj8EeS&RVYtlPF`<9^gSp;CZlArlY+AF1y|P!w1iG!2@DB*X22l7Bko-VF<$R`4y4 zGoxm&JGAFVgy`V$B8actx2B6p=bvf}rGX7^q`)IVlweTjXXicq>UspQdiLbY87rQ9 zW{k$9hszCz7hVZ81&#s7fTbW1xIJ*XST#R6W%$qAmVEKIX@O2NSEe7@c@)7K5Q19g zvgs2VoDg_UeB|}Com;aI77P$n+9pm({&vlDw1(4FxA%BK)~SNi1tn$X8mHR}89_=# zgh_ix-{@fpy~hvl-_{*==9(?**Kdbj3!a6=k$BH-r#CHZ8W4DVmAg+|Se#RcP(37q z>$X7;Bpq1ys$Sdpr4B@tB*_QJ;91b@jamUj#v^k!>`FfblO75V)egRkzC2@cH4aT=*k_BT{(1CW_-&lJP%>`Tx~hw12+@J1QR9M+Kk?P# zf$=ddB3o~bTq!drrLM4-RKTDEO~dJiMD81rv|`4jp#ypZ#&?jYadXOYi(%4(W?*w5 zSe=#j+P!zh1xB{nNGh+kjeP#S3)y)v>cO)ReQTR1m#}P~+iGUhChpm39rKo7g-m^!9%ROq$p!IJ))jPrj;K@awr*A$4O%N!$VE59v?%i75uA^E2B!cw4 z$G_N$18~ zC)_@`@6VeTwYt|$Xf;q~wq>0tIDGcfnS$anbFJCxl0*R#0DzNenhy?xx+XiE z5CNJ1Eb5$0R5$mLbv)O2n*aT@8n}ARdOE-KTv2Ipd5yWoMhG?M>5=!}*|%xT|3RxG ev@C=EAp8%NkGu3nbEE_S0000 Date: Thu, 21 Aug 2014 15:12:43 -0400 Subject: [PATCH 015/160] Fix some of the tools --- tools/emailinvoice.py | 2 +- tools/sendconfirmemail.py | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/emailinvoice.py b/tools/emailinvoice.py index 63a5bd712..e9c9d0861 100644 --- a/tools/emailinvoice.py +++ b/tools/emailinvoice.py @@ -1,4 +1,4 @@ -from app import stripe +import stripe from app import app from util.invoice import renderInvoiceToHtml diff --git a/tools/sendconfirmemail.py b/tools/sendconfirmemail.py index e9333a181..94345c573 100644 --- a/tools/sendconfirmemail.py +++ b/tools/sendconfirmemail.py @@ -1,4 +1,3 @@ -from app import stripe from app import app from util.useremails import send_confirmation_email From 8866b881dba44b97b789556e27791b3c0a3044ef Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 21 Aug 2014 17:44:56 -0400 Subject: [PATCH 016/160] Remove all license code --- .dockerignore | 4 +-- app.py | 10 -------- license.py | 13 ---------- license.pyc | Bin 895 -> 0 bytes tools/createlicense.py | 38 ---------------------------- util/expiration.py | 55 ----------------------------------------- 6 files changed, 2 insertions(+), 118 deletions(-) delete mode 100644 license.py delete mode 100644 license.pyc delete mode 100644 tools/createlicense.py delete mode 100644 util/expiration.py diff --git a/.dockerignore b/.dockerignore index fcc890f76..40ff6c49f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,11 +1,11 @@ conf/stack screenshots +tools test/data/registry venv .git .gitignore Bobfile README.md -license.py requirements-nover.txt -run-local.sh +run-local.sh \ No newline at end of file diff --git a/app.py b/app.py index 78746fbcf..92a2dacc1 100644 --- a/app.py +++ b/app.py @@ -21,7 +21,6 @@ from data.billing import Billing from data.buildlogs import BuildLogs from data.queue import WorkQueue from data.userevent import UserEventsBuilderModule -from license import load_license from datetime import datetime @@ -50,15 +49,6 @@ else: environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}')) app.config.update(environ_config) - logger.debug('Applying license config from: %s', LICENSE_FILENAME) - try: - app.config.update(load_license(LICENSE_FILENAME)) - except IOError: - raise RuntimeError('License file %s not found; please check your configuration' % LICENSE_FILENAME) - - if app.config.get('LICENSE_EXPIRATION', datetime.min) < datetime.utcnow(): - raise RuntimeError('License has expired, please contact support@quay.io') - features.import_features(app.config) Principal(app, use_sessions=False) diff --git a/license.py b/license.py deleted file mode 100644 index b45d90cf8..000000000 --- a/license.py +++ /dev/null @@ -1,13 +0,0 @@ -import pickle - -from Crypto.PublicKey import RSA - -n = 24311791124264168943780535074639421876317270880681911499019414944027362498498429776192966738844514582251884695124256895677070273097239290537016363098432785034818859765271229653729724078304186025013011992335454557504431888746007324285000011384941749613875855493086506022340155196030616409545906383713728780211095701026770053812741971198465120292345817928060114890913931047021503727972067476586739126160044293621653486418983183727572502888923949587290840425930251185737996066354726953382305020440374552871209809125535533731995494145421279907938079885061852265339259634996180877443852561265066616143910755505151318370667L -e = 65537L - -def load_license(license_path): - decryptor = RSA.construct((n, e)) - with open(license_path, 'rb') as encrypted_license: - decrypted_data = decryptor.encrypt(encrypted_license.read(), 0) - - return pickle.loads(decrypted_data[0]) diff --git a/license.pyc b/license.pyc deleted file mode 100644 index 83687adfa9c32d46b214c3197998c215e4e9fcfa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 895 zcma)4Z%9*76hH62ZMxF@mtm2!%-Mu=ff&m~C(0!MjC{kCh3WR*lWjit=6iR`)eK}3 z1c803AkmNIhbW4IC?bpKOC%H&8b%pX6n&}>iS*~(=c2D&-ud10&OPUM&OPVy-*PwI z&b{dqA+reXZWO%^LBfv%1;D?d6Hqu9A>b##Nj&&@kWAn=fn_tuMyRY{tU1zG= z6Q6?9vZzcIxg9}$d9={m<620>`3cvJtq+@4o1qZF*ea z(ppgQF0o?2MEQ}n+J2k8b4@*FjRv@zFpLNeD}ul@ z$}~}p>Qsx1l(MR#2FjQgK#j>!GvtiL$xJ!s4(ZQ!}cH8jy4c3!ype zH!R9gT^@)9Xvjz*$ws`Y(E>cqu*uRu#*uD8YsLqyQh){=XaNIs8*0uTUDkAGL>EJ< zra4FBfuu7NToX%fB*hy35@utF&H%V#u8^}4@TbjV4g8G`Y6 i*(C&4kCFTz{7)H-zhOj`;)>kJdTEr9L-L7*vyeZS$mU)E diff --git a/tools/createlicense.py b/tools/createlicense.py deleted file mode 100644 index 53700d4f4..000000000 --- a/tools/createlicense.py +++ /dev/null @@ -1,38 +0,0 @@ -import argparse -import pickle - -from Crypto.PublicKey import RSA -from datetime import datetime, timedelta - -def encrypt(message, output_filename): - private_key_file = 'conf/stack/license_key' - with open(private_key_file, 'r') as private_key: - encryptor = RSA.importKey(private_key) - - encrypted_data = encryptor.decrypt(message) - - with open(output_filename, 'wb') as encrypted_file: - encrypted_file.write(encrypted_data) - -parser = argparse.ArgumentParser(description='Create a license file.') -parser.add_argument('--users', type=int, default=20, - help='Number of users allowed by the license') -parser.add_argument('--days', type=int, default=30, - help='Number of days for which the license is valid') -parser.add_argument('--warn', type=int, default=7, - help='Number of days prior to expiration to warn users') -parser.add_argument('--output', type=str, required=True, - help='File in which to store the license') - -if __name__ == "__main__": - args = parser.parse_args() - print ('Creating license for %s users for %s days in file: %s' % - (args.users, args.days, args.output)) - - license_data = { - 'LICENSE_EXPIRATION': datetime.utcnow() + timedelta(days=args.days), - 'LICENSE_USER_LIMIT': args.users, - 'LICENSE_EXPIRATION_WARNING': datetime.utcnow() + timedelta(days=(args.days - args.warn)), - } - - encrypt(pickle.dumps(license_data, 2), args.output) diff --git a/util/expiration.py b/util/expiration.py deleted file mode 100644 index 3a58885c9..000000000 --- a/util/expiration.py +++ /dev/null @@ -1,55 +0,0 @@ -import calendar -import sys - -from email.utils import formatdate -from apscheduler.schedulers.background import BackgroundScheduler -from datetime import datetime, timedelta - -from data import model - - -class ExpirationScheduler(object): - def __init__(self, utc_create_notifications_date, utc_terminate_processes_date): - self._scheduler = BackgroundScheduler() - self._termination_date = utc_terminate_processes_date - - soon = datetime.now() + timedelta(seconds=1) - - if utc_create_notifications_date > datetime.utcnow(): - self._scheduler.add_job(model.delete_all_notifications_by_kind, 'date', run_date=soon, - args=['expiring_license']) - - local_notifications_date = self._utc_to_local(utc_create_notifications_date) - self._scheduler.add_job(self._generate_notifications, 'date', - run_date=local_notifications_date) - else: - self._scheduler.add_job(self._generate_notifications, 'date', run_date=soon) - - local_termination_date = self._utc_to_local(utc_terminate_processes_date) - self._scheduler.add_job(self._terminate, 'date', run_date=local_termination_date) - - @staticmethod - def _format_date(date): - """ Output an RFC822 date format. """ - if date is None: - return None - return formatdate(calendar.timegm(date.utctimetuple())) - - @staticmethod - def _utc_to_local(utc_dt): - # get integer timestamp to avoid precision lost - timestamp = calendar.timegm(utc_dt.timetuple()) - local_dt = datetime.fromtimestamp(timestamp) - return local_dt.replace(microsecond=utc_dt.microsecond) - - def _generate_notifications(self): - for user in model.get_active_users(): - model.create_unique_notification('expiring_license', user, - {'expires_at': self._format_date(self._termination_date)}) - - @staticmethod - def _terminate(): - sys.exit(1) - - def start(self): - self._scheduler.start() From d2880807b2369b8da4be20c7246f79fe4768ae3c Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 21 Aug 2014 19:21:20 -0400 Subject: [PATCH 017/160] - Further fixes for license stuff - Small fixes to ensure Quay works for Postgres --- data/database.py | 4 ++- ...670cbeced_migrate_existing_webhooks_to_.py | 8 ++--- .../5a07499ce53f_set_up_initial_database.py | 4 +-- data/model/legacy.py | 3 +- endpoints/api/superuser.py | 18 ----------- requirements-nover.txt | 1 + requirements.txt | 1 + static/js/controllers.js | 30 +------------------ static/partials/super-user.html | 16 +--------- test/test_api_security.py | 2 +- test/test_api_usage.py | 2 +- 11 files changed, 16 insertions(+), 73 deletions(-) diff --git a/data/database.py b/data/database.py index 76a0af9df..349ad1b58 100644 --- a/data/database.py +++ b/data/database.py @@ -17,6 +17,8 @@ SCHEME_DRIVERS = { 'mysql': MySQLDatabase, 'mysql+pymysql': MySQLDatabase, 'sqlite': SqliteDatabase, + 'postgresql': PostgresqlDatabase, + 'postgresql+psycopg2': PostgresqlDatabase, } db = Proxy() @@ -32,7 +34,7 @@ def _db_from_url(url, db_kwargs): if parsed_url.username: db_kwargs['user'] = parsed_url.username if parsed_url.password: - db_kwargs['passwd'] = parsed_url.password + db_kwargs['password'] = parsed_url.password return SCHEME_DRIVERS[parsed_url.drivername](parsed_url.database, **db_kwargs) diff --git a/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py b/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py index 6f516e9b9..726145167 100644 --- a/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py +++ b/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py @@ -20,12 +20,12 @@ def get_id(query): def upgrade(): conn = op.get_bind() - event_id = get_id('Select id From externalnotificationevent Where name="repo_push" Limit 1') - method_id = get_id('Select id From externalnotificationmethod Where name="webhook" Limit 1') + event_id = get_id('Select id From externalnotificationevent Where name=\'repo_push\' Limit 1') + method_id = get_id('Select id From externalnotificationmethod Where name=\'webhook\' Limit 1') conn.execute('Insert Into repositorynotification (uuid, repository_id, event_id, method_id, config_json) Select public_id, repository_id, %s, %s, parameters FROM webhook' % (event_id, method_id)) def downgrade(): conn = op.get_bind() - event_id = get_id('Select id From externalnotificationevent Where name="repo_push" Limit 1') - method_id = get_id('Select id From externalnotificationmethod Where name="webhook" Limit 1') + event_id = get_id('Select id From externalnotificationevent Where name=\'repo_push\' Limit 1') + method_id = get_id('Select id From externalnotificationmethod Where name=\'webhook\' Limit 1') conn.execute('Insert Into webhook (public_id, repository_id, parameters) Select uuid, repository_id, config_json FROM repositorynotification Where event_id=%s And method_id=%s' % (event_id, method_id)) diff --git a/data/migrations/versions/5a07499ce53f_set_up_initial_database.py b/data/migrations/versions/5a07499ce53f_set_up_initial_database.py index 23aaf506a..ffc9d28e6 100644 --- a/data/migrations/versions/5a07499ce53f_set_up_initial_database.py +++ b/data/migrations/versions/5a07499ce53f_set_up_initial_database.py @@ -203,7 +203,7 @@ def upgrade(): sa.Column('id', sa.Integer(), nullable=False), sa.Column('user_id', sa.Integer(), nullable=False), sa.Column('service_id', sa.Integer(), nullable=False), - sa.Column('service_ident', sa.String(length=255, collation='utf8_general_ci'), nullable=False), + sa.Column('service_ident', sa.String(length=255), nullable=False), sa.ForeignKeyConstraint(['service_id'], ['loginservice.id'], ), sa.ForeignKeyConstraint(['user_id'], ['user.id'], ), sa.PrimaryKeyConstraint('id') @@ -375,7 +375,7 @@ def upgrade(): sa.Column('command', sa.Text(), nullable=True), sa.Column('repository_id', sa.Integer(), nullable=False), sa.Column('image_size', sa.BigInteger(), nullable=True), - sa.Column('ancestors', sa.String(length=60535, collation='latin1_swedish_ci'), nullable=True), + sa.Column('ancestors', sa.String(length=60535), nullable=True), sa.Column('storage_id', sa.Integer(), nullable=True), sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ), sa.ForeignKeyConstraint(['storage_id'], ['imagestorage.id'], ), diff --git a/data/model/legacy.py b/data/model/legacy.py index 9feea0738..f415a9d38 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -69,8 +69,7 @@ class TooManyUsersException(DataModelException): def is_create_user_allowed(): - return get_active_user_count() < config.app_config['LICENSE_USER_LIMIT'] - + return True def create_user(username, password, email): """ Creates a regular user, if allowed. """ diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py index 3ade5f1ed..5a117289b 100644 --- a/endpoints/api/superuser.py +++ b/endpoints/api/superuser.py @@ -42,24 +42,6 @@ class SuperUserLogs(ApiResource): abort(403) -@resource('/v1/superuser/seats') -@internal_only -@show_if(features.SUPER_USERS) -@hide_if(features.BILLING) -class SeatUsage(ApiResource): - """ Resource for managing the seats granted in the license for the system. """ - @nickname('getSeatCount') - def get(self): - """ Returns the current number of seats being used in the system. """ - if SuperUserPermission().can(): - return { - 'count': model.get_active_user_count(), - 'allowed': app.config.get('LICENSE_USER_LIMIT', 0) - } - - abort(403) - - def user_view(user): return { 'username': user.username, diff --git a/requirements-nover.txt b/requirements-nover.txt index c0979629b..45a086a8d 100644 --- a/requirements-nover.txt +++ b/requirements-nover.txt @@ -32,5 +32,6 @@ raven python-ldap pycrypto logentries +psycopg2 git+https://github.com/DevTable/aniso8601-fake.git git+https://github.com/DevTable/anunidecode.git diff --git a/requirements.txt b/requirements.txt index 090ade690..4afd0e97b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -44,6 +44,7 @@ python-dateutil==2.2 python-ldap==2.4.15 python-magic==0.4.6 pytz==2014.4 +psycopg2==2.5.3 raven==5.0.0 redis==2.10.1 reportlab==2.7 diff --git a/static/js/controllers.js b/static/js/controllers.js index aa18c1b40..6c383d5d2 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -2699,35 +2699,7 @@ function SuperUserAdminCtrl($scope, ApiService, Features, UserService) { }, ApiService.errorDisplay('Cannot delete user')); }; - var seatUsageLoaded = function(usage) { - $scope.usageLoading = false; - - if (usage.count > usage.allowed) { - $scope.limit = 'over'; - } else if (usage.count == usage.allowed) { - $scope.limit = 'at'; - } else if (usage.count >= usage.allowed * 0.7) { - $scope.limit = 'near'; - } else { - $scope.limit = 'none'; - } - - if (!$scope.chart) { - $scope.chart = new UsageChart(); - $scope.chart.draw('seat-usage-chart'); - } - - $scope.chart.update(usage.count, usage.allowed); - }; - - var loadSeatUsage = function() { - $scope.usageLoading = true; - ApiService.getSeatCount().then(function(resp) { - seatUsageLoaded(resp); - }); - }; - - loadSeatUsage(); + $scope.loadUsers(); } function TourCtrl($scope, $location) { diff --git a/static/partials/super-user.html b/static/partials/super-user.html index 64b043331..bc21f5c94 100644 --- a/static/partials/super-user.html +++ b/static/partials/super-user.html @@ -8,9 +8,6 @@
    @@ -19,19 +16,8 @@
    - -
    - - -
    -
    - Seat Usage -
    - -
    - -
    +
    {{ usersError }} diff --git a/test/test_api_security.py b/test/test_api_security.py index 5b3e5612d..7f70d0af6 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -37,7 +37,7 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission, RepositoryTeamPermissionList, RepositoryUserPermissionList) -from endpoints.api.superuser import SuperUserLogs, SeatUsage, SuperUserList, SuperUserManagement +from endpoints.api.superuser import SuperUserLogs, SuperUserList, SuperUserManagement try: diff --git a/test/test_api_usage.py b/test/test_api_usage.py index c91005c5c..b113f27d0 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -40,7 +40,7 @@ from endpoints.api.organization import (OrganizationList, OrganizationMember, from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repository from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission, RepositoryTeamPermissionList, RepositoryUserPermissionList) -from endpoints.api.superuser import SuperUserLogs, SeatUsage, SuperUserList, SuperUserManagement +from endpoints.api.superuser import SuperUserLogs, SuperUserList, SuperUserManagement try: app.register_blueprint(api_bp, url_prefix='/api') From b51022c73945eedd70df4db70f1d8869b10c9f5e Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 21 Aug 2014 20:36:11 -0400 Subject: [PATCH 018/160] Add support for parsing YAML override config, in addition to Python config --- app.py | 42 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/app.py b/app.py index 92a2dacc1..81c59a30c 100644 --- a/app.py +++ b/app.py @@ -1,8 +1,9 @@ import logging import os import json +import yaml -from flask import Flask +from flask import Flask as BaseFlask, Config as BaseConfig from flask.ext.principal import Principal from flask.ext.login import LoginManager from flask.ext.mail import Mail @@ -24,7 +25,34 @@ from data.userevent import UserEventsBuilderModule from datetime import datetime -OVERRIDE_CONFIG_FILENAME = 'conf/stack/config.py' +class Config(BaseConfig): + """ Flask config enhanced with a `from_yamlfile` method """ + + def from_yamlfile(self, config_file): + with open(config_file) as f: + c = yaml.load(f) + if not c: + logger.debug('Empty YAML config file') + return + + if isinstance(c, str): + raise Exception('Invalid YAML config file: ' + str(c)) + + for key in c.iterkeys(): + if key.isupper(): + self[key] = c[key] + +class Flask(BaseFlask): + """ Extends the Flask class to implement our custom Config class. """ + + def make_config(self, instance_relative=False): + root_path = self.instance_path if instance_relative else self.root_path + return Config(root_path, self.default_config) + + +OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml' +OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py' + OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG' LICENSE_FILENAME = 'conf/stack/license.enc' @@ -42,9 +70,13 @@ else: logger.debug('Loading default config.') app.config.from_object(DefaultConfig()) - if os.path.exists(OVERRIDE_CONFIG_FILENAME): - logger.debug('Applying config file: %s', OVERRIDE_CONFIG_FILENAME) - app.config.from_pyfile(OVERRIDE_CONFIG_FILENAME) + if os.path.exists(OVERRIDE_CONFIG_PY_FILENAME): + logger.debug('Applying config file: %s', OVERRIDE_CONFIG_PY_FILENAME) + app.config.from_pyfile(OVERRIDE_CONFIG_PY_FILENAME) + + if os.path.exists(OVERRIDE_CONFIG_YAML_FILENAME): + logger.debug('Applying config file: %s', OVERRIDE_CONFIG_YAML_FILENAME) + app.config.from_yamlfile(OVERRIDE_CONFIG_YAML_FILENAME) environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}')) app.config.update(environ_config) From 5b3514b49cc8e5cc626f34e71a4bd2d956f87757 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 21 Aug 2014 20:38:30 -0400 Subject: [PATCH 019/160] Add missing pyyaml dependency --- requirements-nover.txt | 1 + requirements.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/requirements-nover.txt b/requirements-nover.txt index 45a086a8d..a3c74e89b 100644 --- a/requirements-nover.txt +++ b/requirements-nover.txt @@ -33,5 +33,6 @@ python-ldap pycrypto logentries psycopg2 +pyyaml git+https://github.com/DevTable/aniso8601-fake.git git+https://github.com/DevTable/anunidecode.git diff --git a/requirements.txt b/requirements.txt index 4afd0e97b..e454e6846 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,6 +12,7 @@ Pillow==2.5.1 PyGithub==1.25.0 PyMySQL==0.6.2 PyPDF2==1.22 +PyYAML==3.11 SQLAlchemy==0.9.7 Werkzeug==0.9.6 alembic==0.6.5 From 2a3094cfdef56718ff7bcd5bda3e3f7ca606da16 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Fri, 22 Aug 2014 15:24:56 -0400 Subject: [PATCH 020/160] - Fix zero clipboard integration to properly hide the clipboard controls when flash is not available. - Hide the download .dockercfg link in Safari, since it doesn't work there anyway --- static/css/quay.css | 8 +++ static/directives/copy-box.html | 2 +- static/directives/docker-auth-dialog.html | 2 +- static/js/app.js | 68 +++++++++++++++------- static/js/controllers.js | 27 --------- static/lib/ZeroClipboard.min.js | 17 +++--- static/lib/ZeroClipboard.swf | Bin 1635 -> 4036 bytes static/partials/view-repo.html | 9 +-- 8 files changed, 66 insertions(+), 67 deletions(-) mode change 100755 => 100644 static/lib/ZeroClipboard.min.js mode change 100755 => 100644 static/lib/ZeroClipboard.swf diff --git a/static/css/quay.css b/static/css/quay.css index 01fe84e60..e0f3d2a20 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -2257,6 +2257,14 @@ p.editable:hover i { position: relative; } +.copy-box-element.disabled .input-group-addon { + display: none; +} + +.copy-box-element.disabled input { + border-radius: 4px !important; +} + .global-zeroclipboard-container embed { cursor: pointer; } diff --git a/static/directives/copy-box.html b/static/directives/copy-box.html index 1d996cc31..07dea7407 100644 --- a/static/directives/copy-box.html +++ b/static/directives/copy-box.html @@ -1,4 +1,4 @@ -
    +
    diff --git a/static/directives/docker-auth-dialog.html b/static/directives/docker-auth-dialog.html index dcb71a25b..b7a414725 100644 --- a/static/directives/docker-auth-dialog.html +++ b/static/directives/docker-auth-dialog.html @@ -19,7 +19,7 @@ Download .dockercfg file -
    From 34c6d7f5b4d568ded05f432f80dd3a1701f98cb5 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Fri, 22 Aug 2014 16:54:53 -0400 Subject: [PATCH 021/160] Change the auth dialog to copy a full docker login command --- static/directives/docker-auth-dialog.html | 5 +++-- static/js/app.js | 10 +++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/static/directives/docker-auth-dialog.html b/static/directives/docker-auth-dialog.html index b7a414725..33b4af8cd 100644 --- a/static/directives/docker-auth-dialog.html +++ b/static/directives/docker-auth-dialog.html @@ -20,9 +20,10 @@ Download .dockercfg file - + +
    diff --git a/static/js/app.js b/static/js/app.js index 250665f60..aa9d8bcba 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -2383,7 +2383,15 @@ quayApp.directive('dockerAuthDialog', function (Config) { 'shown': '=shown', 'counter': '=counter' }, - controller: function($scope, $element) { + controller: function($scope, $element) { + var updateCommand = function() { + $scope.command = 'docker login -e="." -u="' + $scope.username + + '" -p="' + $scope.token + '" ' + Config['SERVER_HOSTNAME']; + }; + + $scope.$watch('username', updateCommand); + $scope.$watch('token', updateCommand); + $scope.isDownloadSupported = function() { var isSafari = /^((?!chrome).)*safari/i.test(navigator.userAgent); if (isSafari) { From 4140e115e532fcfe57f53faeea8accbfb10fe064 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Fri, 22 Aug 2014 18:03:22 -0400 Subject: [PATCH 022/160] Put building behind a feature flag --- config.py | 3 +++ static/partials/repo-admin.html | 5 +++-- static/partials/view-repo.html | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/config.py b/config.py index a903fa29a..3712055d2 100644 --- a/config.py +++ b/config.py @@ -153,6 +153,9 @@ class DefaultConfig(object): # Feature Flag: Whether to support GitHub build triggers. FEATURE_GITHUB_BUILD = False + # Feature Flag: Dockerfile build support. + FEATURE_BUILD_SUPPORT = True + DISTRIBUTED_STORAGE_CONFIG = { 'local_eu': ['LocalStorage', {'storage_path': 'test/data/registry/eu'}], 'local_us': ['LocalStorage', {'storage_path': 'test/data/registry/us'}], diff --git a/static/partials/repo-admin.html b/static/partials/repo-admin.html index b3ef4b51b..6bd329091 100644 --- a/static/partials/repo-admin.html +++ b/static/partials/repo-admin.html @@ -18,7 +18,8 @@
    -
    +
    Build Triggers diff --git a/static/partials/view-repo.html b/static/partials/view-repo.html index 03ce2909c..4f588ccf2 100644 --- a/static/partials/view-repo.html +++ b/static/partials/view-repo.html @@ -18,7 +18,7 @@
    + quay-show="Features.BUILD_SUPPORT && (repo.can_write || buildHistory.length)">
    +
    + + Invoice History + + +
    @@ -48,13 +55,6 @@
    -
    - - Invoice History - - -
    @@ -81,7 +81,7 @@
    -
    +
    @@ -93,9 +93,9 @@
    SSL Encryption
    Robot accounts
    Dockerfile Build
    +
    Invoice History
    Teams
    Logging
    -
    Invoice History
    Free Trial
    diff --git a/static/partials/user-admin.html b/static/partials/user-admin.html index 783c5f87a..1b2ad7fd1 100644 --- a/static/partials/user-admin.html +++ b/static/partials/user-admin.html @@ -25,7 +25,7 @@
  • Billing Options
    • -
  • +
  • Billing History
    • From 09a1c4d2b5d054e2185f5a09b8d5242c1cdd5c2f Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 25 Aug 2014 14:23:21 -0400 Subject: [PATCH 026/160] Add test fix and make sure Quay ups the connection count in its container --- Dockerfile.web | 1 + conf/init/doupdatelimits.sh | 5 +++++ endpoints/index.py | 6 +++++- test/specs.py | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) create mode 100755 conf/init/doupdatelimits.sh diff --git a/Dockerfile.web b/Dockerfile.web index 56b126d53..448a7f748 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -30,6 +30,7 @@ RUN cd grunt && npm install RUN cd grunt && grunt ADD conf/init/svlogd_config /svlogd_config +ADD conf/init/doupdatelimits.sh /etc/my_init.d/ ADD conf/init/preplogsdir.sh /etc/my_init.d/ ADD conf/init/runmigration.sh /etc/my_init.d/ diff --git a/conf/init/doupdatelimits.sh b/conf/init/doupdatelimits.sh new file mode 100755 index 000000000..603559de0 --- /dev/null +++ b/conf/init/doupdatelimits.sh @@ -0,0 +1,5 @@ +#! /bin/bash +set -e + +# Update the connection limit +sysctl -w net.core.somaxconn=1024 \ No newline at end of file diff --git a/endpoints/index.py b/endpoints/index.py index bf37e14b5..4017d47e9 100644 --- a/endpoints/index.py +++ b/endpoints/index.py @@ -428,7 +428,11 @@ def get_search(): if user is not None: username = user.username - matching = model.get_matching_repositories(query, username) + if query: + matching = model.get_matching_repositories(query, username) + else: + matching = [] + results = [result_view(repo) for repo in matching if (repo.visibility.name == 'public' or ReadRepositoryPermission(repo.namespace, repo.name).can())] diff --git a/test/specs.py b/test/specs.py index 33db0493e..8749a025e 100644 --- a/test/specs.py +++ b/test/specs.py @@ -196,7 +196,7 @@ def build_index_specs(): IndexTestSpec(url_for('index.put_repository_auth', repository=PUBLIC_REPO), NO_REPO, 501, 501, 501, 501).set_method('PUT'), - IndexTestSpec(url_for('index.get_search'), NO_REPO, 501, 501, 501, 501), + IndexTestSpec(url_for('index.get_search'), NO_REPO, 200, 200, 200, 200), IndexTestSpec(url_for('index.ping'), NO_REPO, 200, 200, 200, 200), From 99d75bede763f0f4daa2ff1f2383699752395366 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 25 Aug 2014 15:30:29 -0400 Subject: [PATCH 027/160] Handle error cases better for external services --- endpoints/api/billing.py | 32 ++++++++++++++++++++++++++------ endpoints/api/subscribe.py | 21 ++++++++++++++++++--- static/js/app.js | 4 ++-- templates/index.html | 11 +++-------- util/analytics.py | 6 +++++- 5 files changed, 54 insertions(+), 20 deletions(-) diff --git a/endpoints/api/billing.py b/endpoints/api/billing.py index 3e13df6b6..c41bcec77 100644 --- a/endpoints/api/billing.py +++ b/endpoints/api/billing.py @@ -4,7 +4,7 @@ from flask import request from app import billing from endpoints.api import (resource, nickname, ApiResource, validate_json_request, log_action, related_user_resource, internal_only, Unauthorized, NotFound, - require_user_admin, show_if, hide_if) + require_user_admin, show_if, hide_if, abort) from endpoints.api.subscribe import subscribe, subscription_view from auth.permissions import AdministerOrganizationPermission from auth.auth_context import get_authenticated_user @@ -23,7 +23,11 @@ def get_card(user): } if user.stripe_id: - cus = billing.Customer.retrieve(user.stripe_id) + try: + cus = billing.Customer.retrieve(user.stripe_id) + except stripe.APIConnectionError as e: + abort(503, message='Cannot contact Stripe') + if cus and cus.default_card: # Find the default card. default_card = None @@ -46,7 +50,11 @@ def get_card(user): def set_card(user, token): if user.stripe_id: - cus = billing.Customer.retrieve(user.stripe_id) + try: + cus = billing.Customer.retrieve(user.stripe_id) + except stripe.APIConnectionError as e: + abort(503, message='Cannot contact Stripe') + if cus: try: cus.card = token @@ -55,6 +63,8 @@ def set_card(user, token): return carderror_response(exc) except stripe.InvalidRequestError as exc: return carderror_response(exc) + except stripe.APIConnectionError as e: + return carderror_response(e) return get_card(user) @@ -75,7 +85,11 @@ def get_invoices(customer_id): 'plan': i.lines.data[0].plan.id if i.lines.data[0].plan else None } - invoices = billing.Invoice.all(customer=customer_id, count=12) + try: + invoices = billing.Invoice.all(customer=customer_id, count=12) + except stripe.APIConnectionError as e: + abort(503, message='Cannot contact Stripe') + return { 'invoices': [invoice_view(i) for i in invoices.data] } @@ -228,7 +242,10 @@ class UserPlan(ApiResource): private_repos = model.get_private_repo_count(user.username) if user.stripe_id: - cus = billing.Customer.retrieve(user.stripe_id) + try: + cus = billing.Customer.retrieve(user.stripe_id) + except stripe.APIConnectionError as e: + abort(503, message='Cannot contact Stripe') if cus.subscription: return subscription_view(cus.subscription, private_repos) @@ -291,7 +308,10 @@ class OrganizationPlan(ApiResource): private_repos = model.get_private_repo_count(orgname) organization = model.get_organization(orgname) if organization.stripe_id: - cus = billing.Customer.retrieve(organization.stripe_id) + try: + cus = billing.Customer.retrieve(organization.stripe_id) + except stripe.APIConnectionError as e: + abort(503, message='Cannot contact Stripe') if cus.subscription: return subscription_view(cus.subscription, private_repos) diff --git a/endpoints/api/subscribe.py b/endpoints/api/subscribe.py index dd6de9678..2c3fba359 100644 --- a/endpoints/api/subscribe.py +++ b/endpoints/api/subscribe.py @@ -15,6 +15,9 @@ logger = logging.getLogger(__name__) def carderror_response(exc): return {'carderror': exc.message}, 402 +def connection_response(exc): + return {'message': 'Could not contact Stripe. Please try again.'}, 503 + def subscription_view(stripe_subscription, used_repos): view = { @@ -74,19 +77,29 @@ def subscribe(user, plan, token, require_business_plan): log_action('account_change_plan', user.username, {'plan': plan}) except stripe.CardError as e: return carderror_response(e) + except stripe.APIConnectionError as e: + return connection_response(e) response_json = subscription_view(cus.subscription, private_repos) status_code = 201 else: # Change the plan - cus = billing.Customer.retrieve(user.stripe_id) + try: + cus = billing.Customer.retrieve(user.stripe_id) + except stripe.APIConnectionError as e: + return connection_response(e) if plan_found['price'] == 0: if cus.subscription is not None: # We only have to cancel the subscription if they actually have one - cus.cancel_subscription() - cus.save() + try: + cus.cancel_subscription() + cus.save() + except stripe.APIConnectionError as e: + return connection_response(e) + + check_repository_usage(user, plan_found) log_action('account_change_plan', user.username, {'plan': plan}) @@ -101,6 +114,8 @@ def subscribe(user, plan, token, require_business_plan): cus.save() except stripe.CardError as e: return carderror_response(e) + except stripe.APIConnectionError as e: + return connection_response(e) response_json = subscription_view(cus.subscription, private_repos) check_repository_usage(user, plan_found) diff --git a/static/js/app.js b/static/js/app.js index aa9d8bcba..c718375fe 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -5570,8 +5570,8 @@ quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', 'PlanServi } } - if (!Features.BILLING && response.status == 402) { - $('#overlicenseModal').modal({}); + if (response.status == 503) { + $('#cannotContactService').modal({}); return false; } diff --git a/templates/index.html b/templates/index.html index f69251514..51d687770 100644 --- a/templates/index.html +++ b/templates/index.html @@ -35,23 +35,18 @@ -{% if not has_billing %} -
    The docker username is {{ username }} and the password is the token below. You may use any value for email.
    -
    + +
    + Regenerating Token... + +
    + +
    +
    -
    +
    + +
    +
    Download .dockercfg file diff --git a/static/directives/robots-manager.html b/static/directives/robots-manager.html index c696937d2..c11c07cf8 100644 --- a/static/directives/robots-manager.html +++ b/static/directives/robots-manager.html @@ -31,7 +31,7 @@
    + shown="!!shownRobot" counter="showRobotCounter" supports-regenerate="true" regenerate="regenerateToken(username)"> {{ shownRobot.name }}
    diff --git a/static/js/app.js b/static/js/app.js index ba8eb8a8e..8844007a6 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -2385,7 +2385,9 @@ quayApp.directive('dockerAuthDialog', function (Config) { 'username': '=username', 'token': '=token', 'shown': '=shown', - 'counter': '=counter' + 'counter': '=counter', + 'supportsRegenerate': '@supportsRegenerate', + 'regenerate': '®enerate' }, controller: function($scope, $element) { var updateCommand = function() { @@ -2396,6 +2398,15 @@ quayApp.directive('dockerAuthDialog', function (Config) { $scope.$watch('username', updateCommand); $scope.$watch('token', updateCommand); + $scope.regenerating = true; + + $scope.askRegenerate = function() { + bootbox.confirm('Are you sure you want to regenerate the token? All existing login credentials will become invalid', function(resp) { + $scope.regenerating = true; + $scope.regenerate({'username': $scope.username, 'token': $scope.token}); + }); + }; + $scope.isDownloadSupported = function() { var isSafari = /^((?!chrome).)*safari/i.test(navigator.userAgent); if (isSafari) { @@ -2421,6 +2432,8 @@ quayApp.directive('dockerAuthDialog', function (Config) { }; var show = function(r) { + $scope.regenerating = false; + if (!$scope.shown || !$scope.username || !$scope.token) { $('#dockerauthmodal').modal('hide'); return; @@ -2661,6 +2674,8 @@ quayApp.directive('logsView', function () { return 'Delete notification of event "' + eventData['title'] + '" for repository {repo}'; }, + 'regenerate_robot_token': 'Regenerated token for robot {robot}', + // Note: These are deprecated. 'add_repo_webhook': 'Add webhook in repository {repo}', 'delete_repo_webhook': 'Delete webhook in repository {repo}' @@ -2704,6 +2719,7 @@ quayApp.directive('logsView', function () { 'reset_application_client_secret': 'Reset Client Secret', 'add_repo_notification': 'Add repository notification', 'delete_repo_notification': 'Delete repository notification', + 'regenerate_robot_token': 'Regenerate Robot Token', // Note: these are deprecated. 'add_repo_webhook': 'Add webhook', @@ -2875,6 +2891,20 @@ quayApp.directive('robotsManager', function () { $scope.shownRobot = null; $scope.showRobotCounter = 0; + $scope.regenerateToken = function(username) { + if (!username) { return; } + + var shortName = $scope.getShortenedName(username); + ApiService.regenerateRobotToken($scope.organization, null, {'robot_shortname': shortName}).then(function(updated) { + var index = $scope.findRobotIndexByName(username); + if (index >= 0) { + $scope.robots.splice(index, 1); + $scope.robots.push(updated); + } + $scope.shownRobot = updated; + }, ApiService.errorDisplay('Cannot regenerate robot account token')); + }; + $scope.showRobot = function(info) { $scope.shownRobot = info; $scope.showRobotCounter++; diff --git a/test/data/test.db b/test/data/test.db index 4d04283311e6feb845dff3fde9a4d370858119be..34882e11701b07d1a0e1ea1631cdc6636489f033 100644 GIT binary patch delta 6232 zcmds*eSB2ana49TH<`If$OH+3KwyZ2keHjfZ|A;*2+7Q3-ZL}FWG0y?kUMkl5FoFU z7v7}dZdbeA?ph`4*>%wc)M{!_1WnqlTGY~At>{))t!=GV7b{BqV7IlaV(Am2R0vhK z{I~gIlHBKfh_%9eHZ=5n^_F?Yfa&TPBO=?zNxRyDWdE z==TEU$*p5V$=sUvNBXyo5-9tl;St;R-Nb^m95-@!`!QnWAU`xRdhHQ2mEM%qyG^+A z67s5%gFE({SC-A6)VqwhbPhbY^J`<~)hnL3POmWFStVr6pW71QYxt=92+~|4{Vg9|{&O zFv*4s4=+EYp7Nfq6_Q-S9h71X^-*Ue?BnBXvdP^Th_*F`>$x_k+bz(Mu-BIq>zfa+)$!zW4A_{$y zqiZwT5LUNE@b~^`SdQH5eXUZPYm>9pzkY)l8S37WMQ$xP6ll_VI{F-(%0-juHom#4 z$0a+Z7B}0erCD5Z+JI{PbqvqRiTYR|>IYib9yI!e%erF%PU%K-DjmHifl%qX!v4NyRe?nXBqzL)HZ*X z+fP>+J8Ca>zj4-Kym*Bte&aBHTy@dP_)K{@27^AU!1!0GGyJ*A_Zg>AxyFlC$Y+=) z8I50-hqf+@`A4SdQ_#iA zX7o%2Mt+%SOTV;w$8R)#9A4paT)f#W{j+0=vb4VZVk8i*??Q3+mb$CKx#+^T)ws#f@TzKWdaetp>YDHoOCp* zA}`P?$5Axm(-bdf6iVhqjp7sziM%2RnxB9e~8Rs|dfkiYT-z9G_8CPNi5j zEm6FdQYlH|WJ=0NYD(c{nd3z~Yc(MZBU|0zdfSvYHkPSoq-svKQ8fINRoco1de*7X z*2}7GWeq*ul{WVCquFyt?>HL}vN7Vcsfy<%MwWHLK<2~^q@G)65fwHg%Obdw)-;OG zY~oW?ij@&1%RHN6=nN8QK7V^zPiiBqy1h(+PX;_m!Ebg4{GnvC@aNU=jIFeBYv4(L zPuCd_hm_7it?V!O!EzEmUP~NxtOm(vcxWs&)sYttU}|E1PEL-|`aq8LXVwQmDN=&glBOw;S#+i%` zqb0`>C*jD;=jarz@Q8Bh}1la!Shx6My_R5!r3$p?$J)hNeU$!&p_}DJcd2@*<;(q9RIa z8sWamT(_Oc$O@g2cuHmwj6^h|BpJyR%CH%lVbU6lQuvk1Tx3@SP7onXisRE9kkSgJ zh%Bt1P6-)^Uepv0vsCU?b{ZjpMH!hAGNMB9DKSM!oG4NZ(l}8{(>$*!c!bJzUe2Z& zNtHB-Qjo?|ydY~-iq`}RGD_wl|F{f?|Ch?Gv}>XQsiy!9T!Ie{(vF@Q2r?)Vrz#u- z_3lKlgBXBdF zl0a3O*SNHh%A{C4S(WRvrx^ips>o3c!-`Wb!0IA=2pXGK;6IgSG@NwgR@gz>6kNPS zI8rnfc2xo-5#ZdfG=zQ99mIC%IxxDC!ObTVgSvtHB?Oux=??*B~VPLb6SAhdptBBpwQj!Inl^ zXl>-fu~@xjMtSfE>Klo)G;!LI_qet8VpkZi&AZKE7Zpa;G7O?LMNLsWt3pH^KTPLT1=pm|s1tN2v5qq!g-N;1cgQ7dG#Un8gcPCMF~1@2(yG{4Rf{VBum@ondA|er7KCVsri% zo5^#`&>*MV*;%11=h$bM&F7eB$eeeMd4|ln=bJa3>7{2ECq8eVDYog0&FA#FnX|_a zn4f&W&o%LqFTu9dJ6l@n8J}?F)I}Ciq;X?^x}ztXtyQ(50VUO`Ri%5nT>c1O&-#;b zs4zz2KW&vS=U891o`6>Q6Ki>ii87pzG|n+mG+%SPhTSE_4n z-D3&aksxK#0?SirXzS1kp#RE>N>ePH>l{lF)y5{@Tf{*mfTxyYUla)S$qy zx|`}saIlypFK05msHkxLMFQN(X^o*24X)@sl2}z?MGo!{xbJ{va`viwzZ2IxrL(Wl zOt^O~$>DtuTE_A^9{v}-Ld28vA@rLL!Uh&U^7a+@j|VNg2|Fz!e8(ZnF|*-`_3gTc zp9-c1|M(#gC@*vENgRC`f+^_joR90qL7>W|ALe0Z!ZJ!&@_diuUrktcn~4V!C3?nz z7c2o89{U~$WAW{~N%vHZoXFPTyT1>piUZ|uVaLA#sz%>CAKQKasG9uxmCDSb@X?3Z2ci1 z=^qsA8b53qsJ%i&oS_z#a38KSk)y=C7dqd>@0rNm1WAk^E zi0bKF9KF2OJUOmWObD2{~%cdH=3|)Jxl@i|m6E za*dgI&=S=%$>}1)bEjCLp677wrNELzbP$vCfaU1u{CoV-JYW@-1&`u)<^!wx!r(pwV1!-AM{LYy0|tk0M@D(=iQHO3xQ=gw5kdpUkI$K?SB`3VCt%q@~08F|dQi;n&@U^n$X9w_aMRKy3T{X5$@9H>PkZ0bE z@NQd|4qEJdMZH<9tmOFN`PItZZCt$nyC%>@!`ez`5J(g{-X3< zy({%+*whPhY+3~{wES;t@S#-zTlwLS7UK5R04v$azB67+4qs-r#EvHQu5D*th2tla z5Yg&q#un-oThF`;#|PUWqJothUd6VnVV-4Wt`i@=8k|@p{dXFVUIQwXeEiOhdiNkM yoClg5TmvczZ@f34cMafArk>on7MPd3xqnix=$}4ecG6@metsQULGbxEaDM{%$U6l9 delta 6114 zcmds*Yj_mbdB^uM((VXJD?m2pB3M9x1e)EsoVkI3U1_!2T}gY)KngAR7I25~FjDc9#1{{glG2puN@uj}T_Xg~?p=liCI%(p%zCd3glK`T& z8@^Q^^yr!YoZorh|9Q_juV%}sSzAuc+BVtf-9Dw-=smLHi}l2`sYfPdS8UitOftM+ z*wJy0nDtb6d-m5Ir-^Z&E%|QtXy;H-!5sMkJySTw5ZBAO>H0jpXP*^i|F!F|dD((V z*=+YAVnXB0K-Sf>izw(=y&(HR&pAR!J+n0X{B5U+Ne}ECpWU%>sA!JgA?X?GpD6l4 zpgg;&pD0XE(6gPrhlt`mp_jAv&AW)o2IraVsmAA+C#Sl1W`bVNId5D(5-c?9>335D^|zq@NYgh+Fj9bT|=XnX|Cq06K=N2 z7YWzN0Y(xUq9Gv=ki>YSb%TI!dS)! z*v8&^XHRo`tT)E3jtL%A>v4n<&RBbgBiSv{y{#Qlu`1ju#~K?}*VGA$+KB|reQB)V z6V5e3Z#P@rDzkhoS6A~^r{;??ocR(geGrvV|U8g=-kv2#XlS# zDzB>ERMX8m!W~*iPdFK`-xN-Yp>>h8v$u!QL{F0^*y&lfG8S1E7lQRnZ?J76-Hre7 zrIG1l{h}x|F#&I@H^I{Zf%aF&yq>0TOQ@y^1sejf+U9^%6NqrZCO+CM)g|0Q*d0%Z zOrTbhI5~PNF~%@W&zVCStX8Ymp?0q7?o>NUS*4U=OXb!;O`A_~u6C@-v_&)it~S>1 z3^~%Ns#r@{Q`fGd#|M!dr>g>JHMb$iMmI4iso>)mjC1%5%SCHfCX_Wy%ld9_x>e@X zP1O#M$oi9hF@~aYN6^>hjicsBz?YJ1Bkk3kuMQVqH1aM<pFJfY5^>R^(fKHHepkZf~H03DwjF>l;v`&xh~1Xq>_;@$UGVwgAs} zahZ0ZWn(D8cdk{{=8%_Oxhc`s-p~@NyUkl44kp(})~1@e{hr>Hp~3eq8Xfjr8&$a2 zws)}5ZW0RnZnU)XYY4r-_-B{4<#KJm;4rOn-ROGb4yWnH9UlCZ)AYIHhMn=5a}7qL zUNFY=XSvgN#m@JcMo>AX8+FKM93h!Z-&BY8Zz{xr6(+0QYTHow&$gf1%Hgzpt+1~) z2NE`#ZnUU~uQ>l#KcZ2!)Es7m5uqt2MxsqjlYmdWZ<>vL@0&tpk!W1@#_D2hq}kir;E#A)g0;=a zPkUn?IGNa*hPwJ#IO=U2Jo&!qV`oGVBw9(c0>v|2nnD`OQHq*G6elHVQIb*&FR~r# z`u6!sI{h#Zz)s{A z<(@Iv9xgm{sV?y2i-`Qvl#Ij_%X5?<2q_AQLXt|Nq)eq1B&U-M%ckWt{$LRyjF;?z z?sfLzXzVOIpW`4DT)vo?+;^qGjROJi^9%-q$@ZAR_L%J*uxOtxQf7`Dzl}qtIp#R|Z4w#SLTt44 z$tcOPNk*Xm}KqcVs!o17-A!5Amuyvj>5v;_T(LTL;GtCZFd zmDFfNu`obJEI7m^O=c%}3ImJ=W1b?VRaHVFC8{i#s&X79sVE7*k{YtGtisWPGm zNvNH)02L{*oQO31Zbc4XDyGtiPiiV9Y7)#3OG!zZqFt&jF(n|GXK2h)ISWf!nbRbw zGl*1WD8wjfN|BL5DPj@{Nu;nW;&7JAshY_tN-6~wQH-R}6jFGNk|8#VVHhDTscD&$ z@TXKxMX3feAzBeBRlO9Zz*7pXFcc@l16GDWBpUl1Iqp)KgLG68Q3?y@Af(ci!VQ-q zC$nH5k2o3O!;YLOr7S`mmjtGw&@zP}Y6@OSQj93kk|2u+r9?dB$nlj54AQ_T2rdZ| zBL(P^3i&JPG{*`mOCwgmEzX>|r7|rlaxw{$mJ%o=F&ZTy1yN~^*66eVwE&&o0Vmj* zVrT~J)u=Q(Y?8_&N`|o%%Lp)+Bp`)R2I!oJE-pz#+||KQIL5@JaC0Es8t@3wkgryf ztD_Q%hQm=IA=miaO;MrIUmNo^G`8{~e^rF%y+Tbmh`G1uc4J+vK z>3C&SlW-ttnLR9XqvT7W^#?6w*O&i2Xo(Cf?5Ked?@c%vvQ%7O-W#%r*Hs3GLY5yd z>$`H5FUOic)$BHoF38LBn6H=fzFsD;lHnHn>V~>Zw_c@>k}X%sqioK-N*-l%&b9K| zk?ZmDcxri+u4qZ!F}UH{6Bt6lq%1nOfD} z(cwy~JzYw2o$5%nXL!20xupu#@E(S*m6(>1tMYAw?Y!-6xGGZb?Nl~pC2*sj=#08A!aUl^7r@cw$_)zNya1vm8WQh9&Y$JxYgi@qLgGx)Y2-? zYO;dY@3x*NOgl^O!7KJy4_PY4wHE0mrT8@~S&8fST5q)!HUH=zbZsWyK#~jb&|d3) z%eW=)J*|6ZWczQg#Bc7iZY9KR|I~+dT+sI6GVFR7kmU!z`}cau zRD7fWkQE02X?uO6q-!NOQV7VG4ghk}y~mH}-YK|$DZKNOgTNd|J=>2L9~x%fdiZTj z{}`BMEn98a{)qJu!Elq$;+Gz=?jj}>zxF$v>9?M-eTS`g6Vu1d zJBX(}3JlY<@BKF}ddzwr6+Qj#^99gojW=vC*ldN~f?M;S&Mz8c&vTNR^-jxK3zO^4 z2@~HjKWMsOYBVO{wW{szn<|`f7-TSzoC2*7v<#HWYH($%NT6g6NtD2H3^Y!>3O6KP z|G0I?!ufV*^o)eRoB;9cIb!WEnnraT(aXiWkl$>T@VCR#7 z%zbgyS!{m_kmxh>0519&tlZ5@<{Z*X=HlO)A%rh}1}ist=)=RhR*tt5kkbQC!^#!? z%|}_?TbBLD+bZ$hCjeQ#;QnT8I|<0*yUpYwf_wD-IR3~? z?jjtfy&vK46XZF|q`Nk**1g_KQ4Hh&LSFpLtJswb2;1y)Q!!%!#Q66+1U%geh$8dC z_wdVBK(Lg{hTBL$5HH;QeckK2RMq$80itB<#J8}03?RyaAH?z4d_a^ueEU*tEC9s# zZMB{F(E>o^J(}i=o}vY$x#?+-9!a?VJIMh zl9Fi&dM!;wlA@(0M%1 zdY1!#HUU`ET>sUGKfDE4IqAO+=_N7z>Lb=l{MJNZ$+!R8L%J5l>-((>@okfURkHv1 zPHdkHtcmaL+=_oa8CX^W6w*{|Y$aBQpAKhceewI9KA?*84>TT`#{A4J$Mvgpe z8LOAPqi5RinJMt38j<}Le!}jL^|=}RQVEnO%adyeF8|{)yqkxGnMa=b47&tiqLy2n zxLkyoD_x)7g?}fKLq){T@vC}f)#Y6>@{JnLl*xXgVC&FU{Bs#rdD_Gi^YE7W0GnEO z>>Rc)0GO=bdjXS`0Fw_>|A}9(1X!7R;5j{${1a^WQ#Cd(0$91p@H{@Y2w=tU=uW(1 zF~CahS^nyPi|m_d$t}JE>6zY3AEoiLEs&9H%AcXn-E`@zG(Or2897ScID+j22LOfB2X=dMmgz^*^LuJ<~OE@a$U#O!|#GTlBe| Xc<2^zX$wud@axOTxx}JZ!p;8!0)7n{ diff --git a/test/test_api_security.py b/test/test_api_security.py index 7f70d0af6..9a3bcfac3 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -14,7 +14,9 @@ from endpoints.api.search import FindRepositories, EntitySearch from endpoints.api.image import RepositoryImageChanges, RepositoryImage, RepositoryImageList from endpoints.api.build import (FileDropResource, RepositoryBuildStatus, RepositoryBuildLogs, RepositoryBuildList) -from endpoints.api.robot import UserRobotList, OrgRobot, OrgRobotList, UserRobot +from endpoints.api.robot import (UserRobotList, OrgRobot, OrgRobotList, UserRobot, + RegenerateOrgRobot, RegenerateUserRobot) + from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, BuildTriggerSubdirs, TriggerBuildList, ActivateBuildTrigger, BuildTrigger, BuildTriggerList, BuildTriggerAnalyze) @@ -1632,6 +1634,19 @@ class TestOrgRobotBuynlargeZ7pd(ApiTestCase): ApiTestCase.setUp(self) self._set_url(OrgRobot, orgname="buynlarge", robot_shortname="Z7PD") + def test_get_anonymous(self): + self._run_test('GET', 401, None, None) + + def test_get_freshuser(self): + self._run_test('GET', 403, 'freshuser', None) + + def test_get_reader(self): + self._run_test('GET', 403, 'reader', None) + + def test_get_devtable(self): + self._run_test('GET', 400, 'devtable', None) + + def test_put_anonymous(self): self._run_test('PUT', 401, None, None) @@ -1644,6 +1659,7 @@ class TestOrgRobotBuynlargeZ7pd(ApiTestCase): def test_put_devtable(self): self._run_test('PUT', 400, 'devtable', None) + def test_delete_anonymous(self): self._run_test('DELETE', 401, None, None) @@ -3040,6 +3056,19 @@ class TestUserRobot5vdy(ApiTestCase): ApiTestCase.setUp(self) self._set_url(UserRobot, robot_shortname="robotname") + def test_get_anonymous(self): + self._run_test('GET', 401, None, None) + + def test_get_freshuser(self): + self._run_test('GET', 400, 'freshuser', None) + + def test_get_reader(self): + self._run_test('GET', 400, 'reader', None) + + def test_get_devtable(self): + self._run_test('GET', 400, 'devtable', None) + + def test_put_anonymous(self): self._run_test('PUT', 401, None, None) @@ -3052,6 +3081,7 @@ class TestUserRobot5vdy(ApiTestCase): def test_put_devtable(self): self._run_test('PUT', 201, 'devtable', None) + def test_delete_anonymous(self): self._run_test('DELETE', 401, None, None) @@ -3065,6 +3095,42 @@ class TestUserRobot5vdy(ApiTestCase): self._run_test('DELETE', 400, 'devtable', None) +class TestRegenerateUserRobot(ApiTestCase): + def setUp(self): + ApiTestCase.setUp(self) + self._set_url(RegenerateUserRobot, robot_shortname="robotname") + + def test_post_anonymous(self): + self._run_test('POST', 401, None, None) + + def test_post_freshuser(self): + self._run_test('POST', 400, 'freshuser', None) + + def test_post_reader(self): + self._run_test('POST', 400, 'reader', None) + + def test_post_devtable(self): + self._run_test('POST', 400, 'devtable', None) + + +class TestRegenerateOrgRobot(ApiTestCase): + def setUp(self): + ApiTestCase.setUp(self) + self._set_url(RegenerateOrgRobot, orgname="buynlarge", robot_shortname="robotname") + + def test_post_anonymous(self): + self._run_test('POST', 401, None, None) + + def test_post_freshuser(self): + self._run_test('POST', 403, 'freshuser', None) + + def test_post_reader(self): + self._run_test('POST', 403, 'reader', None) + + def test_post_devtable(self): + self._run_test('POST', 400, 'devtable', None) + + class TestOrganizationBuynlarge(ApiTestCase): def setUp(self): ApiTestCase.setUp(self) diff --git a/test/test_api_usage.py b/test/test_api_usage.py index b113f27d0..bd8bb29cd 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -16,7 +16,8 @@ from endpoints.api.tag import RepositoryTagImages, RepositoryTag from endpoints.api.search import FindRepositories, EntitySearch from endpoints.api.image import RepositoryImage, RepositoryImageList from endpoints.api.build import RepositoryBuildStatus, RepositoryBuildLogs, RepositoryBuildList -from endpoints.api.robot import UserRobotList, OrgRobot, OrgRobotList, UserRobot +from endpoints.api.robot import (UserRobotList, OrgRobot, OrgRobotList, UserRobot, + RegenerateUserRobot, RegenerateOrgRobot) from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, BuildTriggerSubdirs, TriggerBuildList, ActivateBuildTrigger, BuildTrigger, BuildTriggerList, BuildTriggerAnalyze) @@ -1572,6 +1573,30 @@ class TestUserRobots(ApiTestCase): robots = self.getRobotNames() assert not NO_ACCESS_USER + '+bender' in robots + def test_regenerate(self): + self.login(NO_ACCESS_USER) + + # Create a robot. + json = self.putJsonResponse(UserRobot, + params=dict(robot_shortname='bender'), + expected_code=201) + + token = json['token'] + + # Regenerate the robot. + json = self.postJsonResponse(RegenerateUserRobot, + params=dict(robot_shortname='bender'), + expected_code=200) + + # Verify the token changed. + self.assertNotEquals(token, json['token']) + + json2 = self.getJsonResponse(UserRobot, + params=dict(robot_shortname='bender'), + expected_code=200) + + self.assertEquals(json['token'], json2['token']) + class TestOrgRobots(ApiTestCase): def getRobotNames(self): @@ -1601,6 +1626,31 @@ class TestOrgRobots(ApiTestCase): assert not ORGANIZATION + '+bender' in robots + def test_regenerate(self): + self.login(ADMIN_ACCESS_USER) + + # Create a robot. + json = self.putJsonResponse(OrgRobot, + params=dict(orgname=ORGANIZATION, robot_shortname='bender'), + expected_code=201) + + token = json['token'] + + # Regenerate the robot. + json = self.postJsonResponse(RegenerateOrgRobot, + params=dict(orgname=ORGANIZATION, robot_shortname='bender'), + expected_code=200) + + # Verify the token changed. + self.assertNotEquals(token, json['token']) + + json2 = self.getJsonResponse(OrgRobot, + params=dict(orgname=ORGANIZATION, robot_shortname='bender'), + expected_code=200) + + self.assertEquals(json['token'], json2['token']) + + class TestLogs(ApiTestCase): def test_user_logs(self): self.login(ADMIN_ACCESS_USER) From 67905c277eca5901124f54b75a36eef466329e91 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 25 Aug 2014 19:13:40 -0400 Subject: [PATCH 031/160] Remove webhook worker --- Dockerfile.web | 3 --- conf/init/webhookworker/log/run | 2 -- conf/init/webhookworker/run | 8 ------- workers/webhookworker.py | 41 --------------------------------- 4 files changed, 54 deletions(-) delete mode 100755 conf/init/webhookworker/log/run delete mode 100755 conf/init/webhookworker/run delete mode 100644 workers/webhookworker.py diff --git a/Dockerfile.web b/Dockerfile.web index 448a7f748..e1d253632 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -39,9 +39,6 @@ ADD conf/init/nginx /etc/service/nginx ADD conf/init/diffsworker /etc/service/diffsworker ADD conf/init/notificationworker /etc/service/notificationworker -# TODO: Remove this after the prod CL push -ADD conf/init/webhookworker /etc/service/webhookworker - # Download any external libs. RUN mkdir static/fonts static/ldn RUN venv/bin/python -m external_libraries diff --git a/conf/init/webhookworker/log/run b/conf/init/webhookworker/log/run deleted file mode 100755 index 6738f16f8..000000000 --- a/conf/init/webhookworker/log/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec svlogd -t /var/log/webhookworker/ \ No newline at end of file diff --git a/conf/init/webhookworker/run b/conf/init/webhookworker/run deleted file mode 100755 index 04521552a..000000000 --- a/conf/init/webhookworker/run +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash - -echo 'Starting webhook worker' - -cd / -venv/bin/python -m workers.webhookworker - -echo 'Webhook worker exited' \ No newline at end of file diff --git a/workers/webhookworker.py b/workers/webhookworker.py deleted file mode 100644 index ccff884c2..000000000 --- a/workers/webhookworker.py +++ /dev/null @@ -1,41 +0,0 @@ -import logging -import argparse -import requests -import json - -from app import webhook_queue -from workers.worker import Worker - - -root_logger = logging.getLogger('') -root_logger.setLevel(logging.DEBUG) - -FORMAT = '%(asctime)-15s - %(levelname)s - %(pathname)s - %(funcName)s - %(message)s' -formatter = logging.Formatter(FORMAT) - -logger = logging.getLogger(__name__) - - -class WebhookWorker(Worker): - def process_queue_item(self, job_details): - url = job_details['url'] - payload = job_details['payload'] - headers = {'Content-type': 'application/json'} - - try: - resp = requests.post(url, data=json.dumps(payload), headers=headers) - if resp.status_code/100 != 2: - logger.error('%s response for webhook to url: %s' % (resp.status_code, - url)) - return False - except requests.exceptions.RequestException as ex: - logger.exception('Webhook was unable to be sent: %s' % ex.message) - return False - - return True - -logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False) - -worker = WebhookWorker(webhook_queue, poll_period_seconds=15, - reservation_seconds=3600) -worker.start() \ No newline at end of file From 510bbe7889e8854ca591473d8d8be7f6aa4eff43 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 26 Aug 2014 12:41:43 -0400 Subject: [PATCH 032/160] Add more check conditions for unhealthy workers and make the messaging better. --- workers/dockerfilebuild.py | 10 ++++++---- workers/worker.py | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/workers/dockerfilebuild.py b/workers/dockerfilebuild.py index a4de1cc47..9d3e92ae7 100644 --- a/workers/dockerfilebuild.py +++ b/workers/dockerfilebuild.py @@ -41,12 +41,13 @@ def matches_system_error(status_str): """ Returns true if the given status string matches a known system error in the Docker builder. """ - KNOWN_MATCHES = ['lxc-start: invalid', 'lxc-start: failed to', 'lxc-start: Permission denied'] + KNOWN_MATCHES = ['lxc-start: invalid', 'lxc-start: failed to', 'lxc-start: Permission denied', + 'lxc-start: The container failed'] for match in KNOWN_MATCHES: - # 4 because we might have a Unix control code at the start. - found = status_str.find(match[0:len(match) + 4]) - if found >= 0 and found <= 4: + # 10 because we might have a Unix control code at the start. + found = status_str.find(match[0:len(match) + 10]) + if found >= 0 and found <= 10: return True return False @@ -613,6 +614,7 @@ class DockerfileBuildWorker(Worker): except WorkerUnhealthyException as exc: # Spawn a notification that the build has failed. + log_appender('Worker has become unhealthy. Will retry shortly.', build_logs.ERROR) spawn_failure(exc.message, event_data) # Raise the exception to the queue. diff --git a/workers/worker.py b/workers/worker.py index e7750c232..c29d10f41 100644 --- a/workers/worker.py +++ b/workers/worker.py @@ -135,8 +135,8 @@ class Worker(object): except WorkerUnhealthyException: logger.error('The worker has encountered an error and will not take new jobs. Job is being requeued.') - self._stop.set() self.mark_current_incomplete(restore_retry=True) + self._stop.set() finally: # Close the db handle periodically From c1b0b2383a9902f1366c6c1c8dd8b281505a1425 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 26 Aug 2014 15:18:59 -0400 Subject: [PATCH 033/160] Add missing dependency to the builder Dockerfile --- Dockerfile.buildworker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.buildworker b/Dockerfile.buildworker index c18c24589..04efe38f0 100644 --- a/Dockerfile.buildworker +++ b/Dockerfile.buildworker @@ -4,10 +4,10 @@ ENV DEBIAN_FRONTEND noninteractive ENV HOME /root # Install the dependencies. -RUN apt-get update # 06AUG2014 +RUN apt-get update # 21AUG2014 # New ubuntu packages should be added as their own apt-get install lines below the existing install commands -RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62-dev libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap2-dev libsasl2-dev +RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62-dev libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap2-dev libsasl2-dev libpq-dev # Build the python dependencies ADD requirements.txt requirements.txt From d76d4704a08501abb607d5e43e46c9b801c0f159 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 26 Aug 2014 15:19:39 -0400 Subject: [PATCH 034/160] Add pagination to the notifications API and make the UI only show a maximum of 5 notifications (beyond that, it shows "5+"). --- data/model/legacy.py | 12 +++++++--- endpoints/api/user.py | 24 +++++++++++++++----- endpoints/notificationevent.py | 2 ++ static/css/quay.css | 2 +- static/directives/header-bar.html | 16 ++----------- static/directives/notification-bar.html | 5 ++++- static/directives/notifications-bubble.html | 7 ++++++ static/js/app.js | 25 +++++++++++++++++++-- 8 files changed, 67 insertions(+), 26 deletions(-) create mode 100644 static/directives/notifications-bubble.html diff --git a/data/model/legacy.py b/data/model/legacy.py index 866587f7e..cc32b8979 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -1717,19 +1717,20 @@ def create_notification(kind_name, target, metadata={}): def create_unique_notification(kind_name, target, metadata={}): with config.app_config['DB_TRANSACTION_FACTORY'](db): - if list_notifications(target, kind_name).count() == 0: + if list_notifications(target, kind_name, limit=1).count() == 0: create_notification(kind_name, target, metadata) def lookup_notification(user, uuid): - results = list(list_notifications(user, id_filter=uuid, include_dismissed=True)) + results = list(list_notifications(user, id_filter=uuid, include_dismissed=True, limit=1)) if not results: return None return results[0] -def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=False): +def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=False, + page=None, limit=None): Org = User.alias() AdminTeam = Team.alias() AdminTeamMember = TeamMember.alias() @@ -1767,6 +1768,11 @@ def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=F .switch(Notification) .where(Notification.uuid == id_filter)) + if page: + query = query.paginate(page, limit) + elif limit: + query = query.limit(limit) + return query diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 3d79a806d..e2e6a0ff4 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -7,8 +7,9 @@ from flask.ext.principal import identity_changed, AnonymousIdentity from app import app, billing as stripe, authentication from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, - log_action, internal_only, NotFound, require_user_admin, - InvalidToken, require_scope, format_date, hide_if, show_if, license_error) + log_action, internal_only, NotFound, require_user_admin, parse_args, + query_param, InvalidToken, require_scope, format_date, hide_if, show_if, + license_error) from endpoints.api.subscribe import subscribe from endpoints.common import common_login from data import model @@ -403,11 +404,24 @@ class Recovery(ApiResource): @internal_only class UserNotificationList(ApiResource): @require_user_admin + @parse_args + @query_param('page', 'Offset page number. (int)', type=int, default=0) + @query_param('limit', 'Limit on the number of results (int)', type=int, default=5) @nickname('listUserNotifications') - def get(self): - notifications = model.list_notifications(get_authenticated_user()) + def get(self, args): + page = args['page'] + limit = args['limit'] + + notifications = list(model.list_notifications(get_authenticated_user(), page=page, limit=limit + 1)) + has_more = False + + if len(notifications) > limit: + has_more = True + notifications = notifications[0:limit] + return { - 'notifications': [notification_view(notification) for notification in notifications] + 'notifications': [notification_view(notification) for notification in notifications], + 'additional': has_more } diff --git a/endpoints/notificationevent.py b/endpoints/notificationevent.py index f1cbec42c..e393dc134 100644 --- a/endpoints/notificationevent.py +++ b/endpoints/notificationevent.py @@ -184,6 +184,8 @@ class BuildFailureEvent(NotificationEvent): return 'build_failure' def get_sample_data(self, repository): + build_uuid = 'fake-build-id' + return build_event_data(repository, { 'build_id': build_uuid, 'build_name': 'some-fake-build', diff --git a/static/css/quay.css b/static/css/quay.css index 721253ab9..224029444 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -745,7 +745,7 @@ i.toggle-icon:hover { } .user-notification.notification-animated { - width: 21px; + min-width: 21px; transform: scale(0); -moz-transform: scale(0); diff --git a/static/directives/header-bar.html b/static/directives/header-bar.html index d440e3a86..3f395b34d 100644 --- a/static/directives/header-bar.html +++ b/static/directives/header-bar.html @@ -37,15 +37,7 @@ {{ user.username }} - - {{ notificationService.notifications.length }} - +
    + +
    +
    +
    + + +
    + +
    +
    + + +
    + +
    + + +
    + + +
    + +
    + + + + + + + + + + + + +
    UsernameE-mail addressTemporary Password
    {{ created_user.username }}{{ created_user.email }}{{ created_user.password }}
    +
    +
    +
    {{ usersError }} -
    +
    @@ -37,8 +83,7 @@ Username E-mail address - - + {{ current_user.email }} - - Super user - - -
    + + +
    -
      +
      • Change Password + + Send Recovery Email + Delete User diff --git a/test/test_api_security.py b/test/test_api_security.py index 2ff92810c..b0d9c271c 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -1,5 +1,6 @@ import unittest import json +import datetime from urllib import urlencode from urlparse import urlparse, urlunparse, parse_qs @@ -41,7 +42,8 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission, RepositoryTeamPermissionList, RepositoryUserPermissionList) -from endpoints.api.superuser import SuperUserLogs, SuperUserList, SuperUserManagement +from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserManagement, + SuperUserSendRecoveryEmail) try: @@ -78,6 +80,7 @@ class ApiTestCase(unittest.TestCase): if auth_username: loaded = model.get_user(auth_username) sess['user_id'] = loaded.id + sess['login_time'] = datetime.datetime.now() sess[CSRF_TOKEN_KEY] = CSRF_TOKEN # Restore the teardown functions @@ -512,13 +515,13 @@ class TestUser(ApiTestCase): self._run_test('PUT', 401, None, {}) def test_put_freshuser(self): - self._run_test('PUT', 401, 'freshuser', {}) + self._run_test('PUT', 200, 'freshuser', {}) def test_put_reader(self): - self._run_test('PUT', 401, 'reader', {}) + self._run_test('PUT', 200, 'reader', {}) def test_put_devtable(self): - self._run_test('PUT', 401, 'devtable', {}) + self._run_test('PUT', 200, 'devtable', {}) def test_post_anonymous(self): self._run_test('POST', 400, None, {u'username': 'T946', u'password': '0SG4', u'email': 'MENT'}) @@ -3585,6 +3588,24 @@ class TestSuperUserLogs(ApiTestCase): self._run_test('GET', 200, 'devtable', None) +class TestSuperUserSendRecoveryEmail(ApiTestCase): + def setUp(self): + ApiTestCase.setUp(self) + self._set_url(SuperUserSendRecoveryEmail, username='someuser') + + def test_post_anonymous(self): + self._run_test('POST', 401, None, None) + + def test_post_freshuser(self): + self._run_test('POST', 403, 'freshuser', None) + + def test_post_reader(self): + self._run_test('POST', 403, 'reader', None) + + def test_post_devtable(self): + self._run_test('POST', 404, 'devtable', None) + + class TestTeamMemberInvite(ApiTestCase): def setUp(self): ApiTestCase.setUp(self) @@ -3621,7 +3642,7 @@ class TestSuperUserList(ApiTestCase): self._set_url(SuperUserList) def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -3639,7 +3660,7 @@ class TestSuperUserManagement(ApiTestCase): self._set_url(SuperUserManagement, username='freshuser') def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -3652,7 +3673,7 @@ class TestSuperUserManagement(ApiTestCase): def test_put_anonymous(self): - self._run_test('PUT', 403, None, {}) + self._run_test('PUT', 401, None, {}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {}) @@ -3665,7 +3686,7 @@ class TestSuperUserManagement(ApiTestCase): def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) From 2c5cc7990fb5e11324dac134ffade9ffd85c746a Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Wed, 1 Oct 2014 14:16:42 -0400 Subject: [PATCH 158/160] Allow for additional REDIS config such as password and port --- config.py | 4 ++-- data/buildlogs.py | 14 ++++++++++---- data/userevent.py | 26 ++++++++++++++++---------- test/testlogs.py | 4 ++-- 4 files changed, 30 insertions(+), 18 deletions(-) diff --git a/config.py b/config.py index df5a90a7b..4fe5b2cd5 100644 --- a/config.py +++ b/config.py @@ -80,11 +80,11 @@ class DefaultConfig(object): AUTHENTICATION_TYPE = 'Database' # Build logs - BUILDLOGS_REDIS_HOSTNAME = 'logs.quay.io' + BUILDLOGS_REDIS = {'host': 'logs.quay.io'} BUILDLOGS_OPTIONS = [] # Real-time user events - USER_EVENTS_REDIS_HOSTNAME = 'logs.quay.io' + USER_EVENTS_REDIS = {'host': 'logs.quay.io'} # Stripe config BILLING_TYPE = 'FakeStripe' diff --git a/data/buildlogs.py b/data/buildlogs.py index d2904fbc8..6e24f501b 100644 --- a/data/buildlogs.py +++ b/data/buildlogs.py @@ -16,8 +16,8 @@ class RedisBuildLogs(object): COMMAND = 'command' PHASE = 'phase' - def __init__(self, redis_host): - self._redis = redis.StrictRedis(host=redis_host, socket_connect_timeout=5) + def __init__(self, redis_config): + self._redis = redis.StrictRedis(socket_connect_timeout=5, **redis_config) @staticmethod def _logs_key(build_id): @@ -104,7 +104,13 @@ class BuildLogs(object): self.state = None def init_app(self, app): - buildlogs_hostname = app.config.get('BUILDLOGS_REDIS_HOSTNAME') + buildlogs_config = app.config.get('BUILDLOGS_REDIS') + if not buildlogs_config: + # This is the old key name. + buildlogs_config = { + 'host': app.config.get('BUILDLOGS_REDIS_HOSTNAME') + } + buildlogs_options = app.config.get('BUILDLOGS_OPTIONS', []) buildlogs_import = app.config.get('BUILDLOGS_MODULE_AND_CLASS', None) @@ -113,7 +119,7 @@ class BuildLogs(object): else: klass = import_class(buildlogs_import[0], buildlogs_import[1]) - buildlogs = klass(buildlogs_hostname, *buildlogs_options) + buildlogs = klass(buildlogs_config, *buildlogs_options) # register extension with app app.extensions = getattr(app, 'extensions', {}) diff --git a/data/userevent.py b/data/userevent.py index b732a6e12..b45d4e4fa 100644 --- a/data/userevent.py +++ b/data/userevent.py @@ -7,14 +7,14 @@ class UserEventBuilder(object): Defines a helper class for constructing UserEvent and UserEventListener instances. """ - def __init__(self, redis_host): - self._redis_host = redis_host + def __init__(self, redis_config): + self._redis_config = redis_config def get_event(self, username): - return UserEvent(self._redis_host, username) + return UserEvent(self._redis_config, username) def get_listener(self, username, events): - return UserEventListener(self._redis_host, username, events) + return UserEventListener(self._redis_config, username, events) class UserEventsBuilderModule(object): @@ -26,8 +26,14 @@ class UserEventsBuilderModule(object): self.state = None def init_app(self, app): - redis_hostname = app.config.get('USER_EVENTS_REDIS_HOSTNAME') - user_events = UserEventBuilder(redis_hostname) + redis_config = app.config.get('USER_EVENTS_REDIS') + if not redis_config: + # This is the old key name. + redis_config = { + 'host': app.config.get('USER_EVENTS_REDIS_HOSTNAME') + } + + user_events = UserEventBuilder(redis_config) # register extension with app app.extensions = getattr(app, 'extensions', {}) @@ -43,8 +49,8 @@ class UserEvent(object): Defines a helper class for publishing to realtime user events as backed by Redis. """ - def __init__(self, redis_host, username): - self._redis = redis.StrictRedis(host=redis_host, socket_connect_timeout=5) + def __init__(self, redis_config, username): + self._redis = redis.StrictRedis(socket_connect_timeout=5, **redis_config) self._username = username @staticmethod @@ -74,10 +80,10 @@ class UserEventListener(object): Defines a helper class for subscribing to realtime user events as backed by Redis. """ - def __init__(self, redis_host, username, events=set([])): + def __init__(self, redis_config, username, events=set([])): channels = [self._user_event_key(username, e) for e in events] - self._redis = redis.StrictRedis(host=redis_host, socket_connect_timeout=5) + self._redis = redis.StrictRedis(socket_connect_timeout=5, **redis_config) self._pubsub = self._redis.pubsub() self._pubsub.subscribe(channels) diff --git a/test/testlogs.py b/test/testlogs.py index 7fd9eac21..cd4ea6c9d 100644 --- a/test/testlogs.py +++ b/test/testlogs.py @@ -45,8 +45,8 @@ class TestBuildLogs(RedisBuildLogs): 'pull_completion': 0.0, } - def __init__(self, redis_host, namespace, repository, test_build_id, allow_delegate=True): - super(TestBuildLogs, self).__init__(redis_host) + def __init__(self, redis_config, namespace, repository, test_build_id, allow_delegate=True): + super(TestBuildLogs, self).__init__(redis_config) self.namespace = namespace self.repository = repository self.test_build_id = test_build_id From 5c18ffe67d664dcb8b7397d2759b9fc6ac4f6111 Mon Sep 17 00:00:00 2001 From: Jake Moshenko Date: Thu, 2 Oct 2014 10:46:20 -0400 Subject: [PATCH 159/160] Allow the namespace column to be null, and also non-unique. Fix the uncompressed size clobbering the size on the wire field. Add metadata constraints so that foreign key constraints get predictable names. Fix all downgrade migrations. --- ...4671_backfill_the_namespace_user_fields.py | 1 + ...0e7e6f_email_invites_for_joining_a_team.py | 3 -- ...b007d_allow_the_namespace_column_to_be_.py | 28 ++++++++++++++++++ data/model/legacy.py | 14 ++++----- data/model/sqlalchemybridge.py | 7 ++++- endpoints/registry.py | 8 +---- initdb.py | 5 ++-- test/data/test.db | Bin 630784 -> 626688 bytes util/gzipstream.py | 15 ++++++---- 9 files changed, 53 insertions(+), 28 deletions(-) create mode 100644 data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py diff --git a/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py b/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py index cf0b90199..6f40f4fc0 100644 --- a/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py +++ b/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py @@ -22,4 +22,5 @@ def upgrade(tables): def downgrade(tables): + op.drop_constraint('fk_repository_namespace_user_id_user', table_name='repository', type_='foreignkey') op.drop_index('repository_namespace_user_id_name', table_name='repository') diff --git a/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py b/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py index 2e4242d8a..c18335adb 100644 --- a/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py +++ b/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py @@ -74,8 +74,5 @@ def downgrade(tables): .where(tables.notificationkind.c.name == op.inline_literal('org_team_invite'))) ) - op.drop_index('teammemberinvite_user_id', table_name='teammemberinvite') - op.drop_index('teammemberinvite_team_id', table_name='teammemberinvite') - op.drop_index('teammemberinvite_inviter_id', table_name='teammemberinvite') op.drop_table('teammemberinvite') ### end Alembic commands ### diff --git a/data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py b/data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py new file mode 100644 index 000000000..9b63ae190 --- /dev/null +++ b/data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py @@ -0,0 +1,28 @@ +"""Allow the namespace column to be nullable. + +Revision ID: 9a1087b007d +Revises: 3f4fe1194671 +Create Date: 2014-10-01 16:11:21.277226 + +""" + +# revision identifiers, used by Alembic. +revision = '9a1087b007d' +down_revision = '3f4fe1194671' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(tables): + op.drop_index('repository_namespace_name', table_name='repository') + op.alter_column('repository', 'namespace', nullable=True, existing_type=sa.String(length=255), + server_default=sa.text('NULL')) + + +def downgrade(tables): + conn = op.get_bind() + conn.execute('update repository set namespace = (select username from user where user.id = repository.namespace_user_id) where namespace is NULL') + + op.create_index('repository_namespace_name', 'repository', ['namespace', 'name'], unique=True) + op.alter_column('repository', 'namespace', nullable=False, existing_type=sa.String(length=255)) diff --git a/data/model/legacy.py b/data/model/legacy.py index ba1fdd81f..87b4349fb 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -1223,8 +1223,7 @@ def get_storage_by_uuid(storage_uuid): return found -def set_image_size(docker_image_id, namespace_name, repository_name, - image_size): +def set_image_size(docker_image_id, namespace_name, repository_name, image_size, uncompressed_size): try: image = (Image .select(Image, ImageStorage) @@ -1233,18 +1232,15 @@ def set_image_size(docker_image_id, namespace_name, repository_name, .switch(Image) .join(ImageStorage, JOIN_LEFT_OUTER) .where(Repository.name == repository_name, Namespace.username == namespace_name, - Image.docker_image_id == docker_image_id) + Image.docker_image_id == docker_image_id) .get()) except Image.DoesNotExist: raise DataModelException('No image with specified id and repository') - if image.storage and image.storage.id: - image.storage.image_size = image_size - image.storage.save() - else: - image.image_size = image_size - image.save() + image.storage.image_size = image_size + image.storage.uncompressed_size = uncompressed_size + image.storage.save() return image diff --git a/data/model/sqlalchemybridge.py b/data/model/sqlalchemybridge.py index 46809fb21..8b7d8b664 100644 --- a/data/model/sqlalchemybridge.py +++ b/data/model/sqlalchemybridge.py @@ -17,7 +17,12 @@ OPTION_TRANSLATIONS = { def gen_sqlalchemy_metadata(peewee_model_list): - metadata = MetaData() + metadata = MetaData(naming_convention={ + "ix": 'ix_%(column_0_label)s', + "uq": "uq_%(table_name)s_%(column_0_name)s", + "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s", + "pk": "pk_%(table_name)s" + }) for model in peewee_model_list: meta = model._meta diff --git a/endpoints/registry.py b/endpoints/registry.py index 14bd88ce0..5699f0db2 100644 --- a/endpoints/registry.py +++ b/endpoints/registry.py @@ -220,7 +220,7 @@ def put_image_layer(namespace, repository, image_id): image_size = tmp.tell() # Save the size of the image. - model.set_image_size(image_id, namespace, repository, image_size) + model.set_image_size(image_id, namespace, repository, image_size, uncompressed_size_info.size) tmp.seek(0) csums.append(checksums.compute_tarsum(tmp, json_data)) @@ -229,12 +229,6 @@ def put_image_layer(namespace, repository, image_id): logger.debug('put_image_layer: Error when computing tarsum ' '{0}'.format(e)) - # Write the uncompressed image size, if any. - if uncompressed_size_info['size'] > 0: - profile.debug('Storing uncompressed layer size: %s' % uncompressed_size_info['size']) - repo_image.storage.uncompressed_size = uncompressed_size_info['size'] - repo_image.storage.save() - if repo_image.storage.checksum is None: # We don't have a checksum stored yet, that's fine skipping the check. # Not removing the mark though, image is not downloadable yet. diff --git a/initdb.py b/initdb.py index 6be72f6ff..6fa8efe98 100644 --- a/initdb.py +++ b/initdb.py @@ -82,8 +82,9 @@ def __create_subtree(repo, structure, creator_username, parent): new_image = model.set_image_metadata(docker_image_id, repo.namespace_user.username, repo.name, str(creation_time), 'no comment', command, parent) - model.set_image_size(docker_image_id, repo.namespace_user.username, repo.name, - random.randrange(1, 1024 * 1024 * 1024)) + compressed_size = random.randrange(1, 1024 * 1024 * 1024) + model.set_image_size(docker_image_id, repo.namespace_user.username, repo.name, compressed_size, + int(compressed_size * 1.4)) # Populate the diff file diff_path = store.image_file_diffs_path(new_image.storage.uuid) diff --git a/test/data/test.db b/test/data/test.db index af85d23e2016a9254ab3ad3b01876942f8d50c4f..4be5d0b90e533ee3120dc04b47e6b0836a596007 100644 GIT binary patch delta 11514 zcmeI2d3+OP{>L*(CX=*HQbaMQ3>bl6T2nqta;sJ$4QP>56-!myRQPg#R{Qlg&G$ixP z^E~hG=XpNQ^UOTY#^0xGyf5V^i|5%zBGK*e|4V<@ZONqIMf`&$D7++7e;_1W{bb*e z8td(YUst=Hno%dTaks0_s!ypuQ_n=K58o3`g#9v1qj*knm3&IB#TmMK6%=otBnD@-X+W0 zSMmDA7jxlKDYzd~WK8<|+qLY6i>*};KEIRK#av9zfXQu21wOf8z^%zGx9o2)-A=bH znk{)LEcu3kD$VklS24SF;%(c)+3O;B{rLKf$@zoP+T75BO;l(ORs=2!uVLYnh~E45_ib&HDj9RCNe*9KuHH}>I^<3k>;x^z>o*8Axj zye=w)wOR%<#|?WmY0qqQEn5?#Z_@->Nk2aM{BW|ygspkGBFt&A%@6XP7%tF;KXiH` zvU;hNkDV7}omHoIq*X(0)t$B&E~Jb{24Mr*C`NO&OB&xFp-Xcf;`Qnf*c%4$$!kYF z+W5G-r_<9Svw58=2piBSWvy2uedP&>?8#J9n=;6H=h`aGyyT~U8hy@HZi|@XoK;6Z z7Oh?USWQyO^Zr}-*zh21K%KQ?EgJkT&Cm1R<&TYr1z7{yM6O$@RX@D&O#3wDb z$%3#@os3C*eYAG@ug+q1=U;l8k3~aZZy3m!+_=6~6Z?5;bn10%;<$7U7HZR_<^H~P zdri3a170r);k0 zu=j#|VH9*17=a(RHo=dd}`IQ9)hJxlgtFg{h-%w^S+c}H1*g%jpP7*j_NF?cHH2jaq z;uzA%P~c~0kmP2zi6PhmLoG)XHX18vL%q>jYpAzWH`F&Z+w090#g@`iYf&R*vM?pp z1$Np}TV7DnTutUT+SvL!Gx4qEQ?!X@fc`9!r~PKtBuh~o7(I(5PLyW(>$^(boUf59 z?I`dx(Z1sBGEbq`Q&?mrZCwRf1~!Xw8C~Y0VHeqGtu_>oby<6ThLwXIj^3_;ESIn6 zvf3#wi!hi7)-)nliWc!`nnEOpfBF3$huhPyH#qd9LEky-DOf`{R5UhsnC({1&vd%7 z2Rf?S3kw}H9P@9g zpbfNv1xLO@lCH81vIX7M!+xf*yR*+w*gxVoHPvMqyNmpdU2E#<`bP=cUO<<#nk1k!)B2rN16=a<8w$NLvsUN4utORL}WFO*!)aMeRD@UQ&QPjJ7)3Mk{-(0>-3ga_`&k?Nc`8j6=lj| zNroUv;5(1RG1-o;I!m25f5hUeDe)Aznv6_&;gF@Otjg>i>n$!d5Pnx>t$nO=w0jL> zZ1Oa6S$&=04>0RQXlI3`LYuG#W<;zM;UZos7s(Z{C%HYtgAQl6C&NA1?{oSFO$A)F zxzY(K+Pm)BtiEDB!TgJvY3)l!je_gSld-yR+n9t?H$dkcQ^Mm4YKWpgRY^< zjtNa9#bT{n zZ0BGE0qowhFmO6Ecp)I(tdEyo<83y4o}3MQKzZi zSNorum$*wcQG&v_5y_QyIO)Z5{!{rTzBzqKE*5m9%8AWFV2bY&?UH6m|8_W-`ib~# zWol7tHnMafQ=M<5X?wN3u%eN!DXOPUCDSm=iR>Dh_Rt1{%Yhphj{~QT zloMx-ZVs;INy^}04NiyG*zf7{EpxbgI(r8_1A~LUE>CaBXhoWqQRFfMTu#8;q;V=z zvR|$LA;oS>ln^qtL_H+B20mdVtGoqRG?|3(SZA->GYXzdmgInYk|gJ@hac1TBuV32 z^aMqES+~oDJ7|*!r&*%|cX&w>CuyUXbGTrdhXaQ;NQsHMj-kv%xY((34JHb(7gs$L zmxvSaFF7+YdC=GDb_{xwmn9}&em5hmk>>7R9~v()o0LUS1jDkt6j6xmh=ND+ynr_~idq&37#C3Zznm+zKk>P_jWdctTh(wvcV;FQZj!3JhbIO}5FIBagl;9@;4 zsINqvEtZQAy8;fLVFtI?ZJ@n0?s7W}I88d;IBTL^xX0rr2$P#2DU(wy$wmSh5D^mQ zg5@(Fio~5RcrWcTdTcB`ZO^}3R`ustueB;6!MCu*tHENmaFRETus`53Z zUzr&3`-mIh7}gcBk_pE|iUdSt9~kQM^pAA9Jz}rXX{4QQH%>Tc2B&GxggaagLg)mv z!(%eAPS&(K3=XYnh|La$x=|RT%R_Ut3);?Qgpbn>2ZM7ixK`&l$Y(H7oQrZ*DPWex zNTD4Z>_+vt!A+80&S`+P2+}y=W4OcU^5PWdAXvgd7~L+WK@Q>Kgj%>BG!yrFX_BIZ zSP2KTIpKyC&>YOdx}CJiZDLFg&s7-AvIue5!JR!QIbq}of+ILswucd7aZ)(zb#gdk zaMNCfbvca;S0saAaY%+;;qv*qg>gb`^YwTVg_#lD;8lcc)9pSPfcw(WM^3#K0Z_9d6=CBUFd+;w%eCE0dF? zOCC zu`TdVAku-(L0|vcEW+i0ce^OuWT0878p*-PAv)o8cu234@ESa1r7*cBAvtzgzoXaf z>j~%vUh<&}bxtqsGEr{WUP8F=cHBv_1nx0WCXz4`UY4e&`cPTowCq0gO!h;E&`3fF z%|B1<7m5Aiqmq8>AHO#)%N(J1j%h0_<_M8$|W&JJ$+D{2CU zzoHr7*k92V$PX(4?06HEgI^z&%>%7(qv7DOJtziBccW?G{kPC$aLaCVF^J!d>cQW3 zqlCN(i>`qLB?3VVSo1cj1ipP}7+A3vemt=oT>`q^MswuNA)qlJelIL?=i6u$Fux58 z3j9>EJz@|MgK=@4ydcMRW zLHr(c0eEaL8l`N(qB#z^&KFqr1IK=N{lmTJ0>mXqxDa&hMxasqoWiP1nuCRjX3-`+I%+_;o za)HANd`sbBNt|Zj=+7}Uoa3ENrp7%A)Z&1azFn;z9IjY$3S!G?pykQ`5{%{Z)!F>=V5f9jQ5KV`xIoRa;52AX>wV7UU-}^Ea>7MOr|M*yj3WZ{T zI08R@b4d30>5o5~k91MrPW_7O~k-{ygLc0t2T z%!I@u1=~KBXzOlF9@H3G`UA%0MPSlu>FWELHKEs`=Fa(89B3M>=Y8=9a#W=%R%~td@R^;6yCjb zW;XiNsS`3q<)z2xz*i`~|kP>W6qBd3{}Y7+n2`5K+FUT@iNqN{yZ?)bS`*_#O2fcnnJg#ABEg9DWqj zf5%NQe+*zB!*ahP9Tt)Xo_-9|es_BQJT{S>RWB4P29!OHrOr2)E=vr6J^DD7{%wh$ zJdWAs8;qA_f}mR9d;-h*w#4mEVBEJ{pFZ{krdj#4d|UjbcRpXojEI-yBbSeTm!b&& z{^YRlPgaB`PY5q&zh1dKH2v~qY%ZDLaKmK^%f6O;na1chl41OTx5Ae~lYTAzGPNb& zpB#LA5ZEruE$mZ?)u)7~mTkhOlxn?dT9YXMNG;pi2(N9KzK|_PB57e|vq1E7k-SHK zQZW(!c0^vp`hQ5K;Nne+yiQf~m$b{(UaI7B==WBQw7TumF z-h_eAzQ7Vd&KDSt+T|hCFPTNDQLZb6(Rp~>Ao27w+k39 z-DKe<;F%Lx9&*#{_`Ci~OanHY#|}v1c`@*x!~f;v9JW9*%!@$wNjTU1Xcl1fB$ka#fJaVZOOflru9MhGKx{|iz%ysD zUrP9d4PeU|j6tpg{)dqmu>B02hc2AKNU>)%X88 z#4tg^OZ?!D85si#XW*!Id`3nh{UGs}%mj7{7nUEBMSxAmWNC1yee{?t78#p<6()+s z?StU{FCoi1@amV?N@NIxoq{I+)0c4Wvz~%V2By+jA-$?!0Uj(6y56Rb-_0fzJ9p;hSRoa6PWxLW|~?l z4^KpHn~rFcx2lm_K(|kBMJA_z?URRBFKXn<8yc-8l@@cMrL4S!%0OfyguxZ!z?;0- z!aBlSYHzH_Hy2bC5+zI+>~doD9+7%Ry$3$!y{=A+lHkZU3lVE1xZ;~xr{0uH6LaI> zhN=1<)jw4=%D*Y;h=c#xUMuXqy~_V?p8j|9G-N+g*joPY=IOuLJk^&giyYzew;nGL zCXIN}Dv|mZ>QdDM%CD3gpb2k`NDbcH`sD`;K71^gszm{E?o={ zJS-KzBu+p^MQ22-w&X`c7v_XC0_o2Hzd;nO8np98HFnFqsPSdNU17Kr4Qyh?O0E9M z=N_h7bK`hD7u*^aHluN{ORVr{nR7R=)@>;~uVX_thud0U`k+MN)@Y>W%$R#`?Q1gy zcZcD2G?*_{=ryS|8Mm|k2Yfc;Y~sc944_Y{h}I@Vo`}uZ5c>rm%Y;zFO=<9=6jHBf z{PiyT2X{4$({t3qo^+R1_w(BK$m4@zUQY#yXLqDgMY}eyXTcMVug~1f>kJ{laLay+ zCL#0lnv4f+xou>SRZwX$23cj9hg0MauKbIQ2(k()t;Ha#I&B2eE>j|WY<7@UQ0Yd^ z;@21aHs#ZVx5l%AoB?^-<%(P_UG#UN6wi(1^>_%ZAkh1A2uu6S#ibp$PV&0UAgpkl z0bHX{cr{T!?z<-TWy#UDj3BTekUk6o8y`7oEx-QyowoEjU_l@pTob0yY9nU0spl_5 zEqrWRkT{^y?l7pX*!f(aq#^9C@zfwS)CdQC;gFj6S(m9O{;Q3=erX6bJoN!)!eO6C zxOQ)OX40S5@Vb-`YIrmTY>t3kBKs9-0S5Ia7Sj;vPk z`lJwEcs2%nse-&qpLuJZ>FyUc@VdkxZ{UCf*rtXuC$^qGjN6vJ+mZ zte2#UUlu1KW1_D_EnD&zLGw0+#2qki4Q#0FjC+#`6bD`zZw$sAFmEl4JL$nK4`#<) zh~ae&m*SSdQ%DVhd21D(sLt2-if)N>@VfetxZBnX-nGGoN;&WT&7|EaBRF8F}peRa?e^cywjN@wzJ-WmcM@NOf7U5H(un)FlMJ-n_g2s`WDCfKPo`xow9{KjwX zt)&-%CDO@&cbgUZ`RgCWMNfPdZnMns3i?3nHbd*`HfV>)9oO{nu_Zy^S?e}Kaie~> zB_~edo*6d>p=YhT3PLMizB^e{THxgM#UapwQb$%n=-3N)`%`aML+GLqXhEwVUj?B} z-Y4I$*!F{ztZgAT}K83badJJQPPClx^l?^FxRQ zr4F<};)TQ?_a?n}$T7Zhj(FC)t6?9et4z|;oTs{ZeO?H#pw!9L5IDvDyH@5G%WHUD zZV-5OoV%?R_F?0yuI%zf+f;2U=7Tm8w?2_j+g1cKcHyW7k+$=rf};FAL|dHzH@ClcwrDyr^`|+mhJAk zXS{EY8jwTK!o*9r-c?kxYmnFbg2Yhrbg*Yg(V@*+Yj_|(Qu8FQ>kR>}9#(9fFGV(I z-^)1KdV;8eNHHT2HDljrQ!CmNNLzOhRS;=(M6oDp{Ucoo$94rt1&yGAr5){M z-0D-~Yl4&kaonR&Tn)avJLa7~x_NzP2&y2@p;3ssAoJDngz$}HysjgN8W8B}wNTn6 z;Dm|3|LTox?Ll5a9^Dw^U3g|+OY%Se{41Mxj#rQeI(Q5^SQaFBzO?>gwVSjSK|`c@|9L-mYI6y% zbB0g{96SykoPA*MXrXjPX`5q?dUis{UJo6dd~#|las1C-TU!tt4tNDx)ic9qqwZdr z$;Y;a5Cnz_Y{MZ4=PJxmmR<8k7&&+g8mH&pNmUIvDFXlo8f?-*Q`X5I7)JXAN}l zvS&r_)p7_kwNW9BjF2k7nwy2;gYb+}$?MmBjVK*_eh+MTop#Vi#w$8_-B>7*(0sSu z3yHWt{VJmR@M}eFYeR|Bfx-`4KBe%bt<2V_+ijyEM8h!a8b2h8{pnrrr!M+g@Bad! C7}|RP delta 11555 zcmeI2d3YP;oyRrO%xL6mEF8zqVM})G#Mjt!A0d}~AF}03@e$|HF>)N=w`@q1fo@^b zmLwSR!nPqmfx<3yDW!H>*g}t|TXuUSB#?w$9BnDxmKIt-*@!ByYF4O``MNImRUC%42FM#f0tjk>@VWrMe5aD3|_*?S9Qbg zZw-x;=D{)e@0P%~|3KQdx&Mj0K%OVxBL9$Zcl^8Yt#L2Kt+%{s*+;xd)R~W%Mf^AT zE!c0cQuJpiWjbxzWjt+EkY|t_!%@Sy?(vFO$gSmvFU;7dQ{%gAaR#@6%UXpJ@H+*x zOGGxAvGk{}x-#bt29y8|6_!Hq$|WMrn(xituBB(hhs$Ug(Dv3lMB&WuhPIN+Pc{BN zxO~3QR%qCJfuLq?8D3|NANbyTntjze!b9@XrrF+8y0GkN2x)m-vsNV6@9@`PJH^NaBSDg5ou_qtLdQ1i_m zp2#6nzT3LZbzPJy-0T-7Qmy7EUVBbUx5iLint)VGAKDO1j!?k{Q!~#^uCq#q$7(e@ z83Uy^yDHdijo&){s%A@yfeJVL&0v6B`>f-wuEYowY&JD>$5b|%d)Ifix)P#H;ijLT zO0^d5di$uB9v{PGpWZ_jzuJ`=jEgYMH~M$e8?5WVsZE;Q5`~&?_VydPtuR)gEC$N4 za}Swt-<{tGqEV=Dqb<8OSmSQVtCO&kZ9|o#qM}kMcQll;?bU6P zgBMuFS+}v(Q6_aXadLY{O>0NBv%Z>R>t*;ZaZO?=SIsw;x?3Arn&By0p;+F|GOGn~ zHOm$Yf=mkxc=&xJyHj*GvW<r+2kH7oEO2Z9$6d#I(SymwF%6}4UV z?PzQ6aZP#K$BRoGy%o;-DVi-&dKqbKV8FTECzrV;U#HYv+gmj-$ZitJL9_yDLR^g|ol7Q66p{9~urfz##J}HM6oJFdP{80I_$K(w?T# zvH&|i*;832m$#HPb5kYi#Nb4*vvhjIJuo#g-XYfc%Vl4Ehddgr9cUR2z$%1Ks)A99 z6`5ms@cR#ttS-Oe^~rr3D<|dNx^XApyS=5ee{6hQuB`S40-mbr_T~yFJ2m1iQ36fw z?xyzop6#u}1B3jh)F8?Nqk!%Yk(HfvYgvU-&Q?`9Y1&!mW}2Gal29tR8(bS}>+0%S z>lzzqcXMZHb%)g2R#{b6*U?zr-dXpovedx zW&QFLCrVNYGv2AXI-82U6K-c~X)hP>PB;0R`Rz@kjTOa}BbA*~lWkzlMI`fzu!3GW znNbu43|>Ssgo%<)Un?JI92HCJipMrKR8RLZ!zx?VOZPRk?`UtLTV$`lajdOk%u}M2 z);T9P)|R({AHt%c*kFZTX-VJ|Wzv{vpbT0fVIV9plKkq#n8(|v7W&6V2EBu0bshDt z+Ln4ncJQ=V*4F6WNY~Z6nwT=Nu3l+!ch)yL+Fa$eLY<3qmvT}?XG^(D6x(ZEOl32? z)e$2SIiI0=&7#cl0_eMh*o0C?S?PH5WP3@Kz?F-G1I4xes?y?~?#Y&t@ur?;|A4Qi zyL_a+y0x)m+&Sg0aW?SNDtPu1Qh23Gazio!ik&OlmVhsm7*|w$-VQRRnFNcj=b~BKc)a*? zi*>`!I+NLeAX=g|-t_lt7P@l$h2D${-Z0bWl@2;X7MvMPAER6TXO8T-i(8HHcJnZq zPkt}ym2X?^N0LHS7;HCU`n&;$F8KL-}X&9xmoTQ6{KuC#-7OVwOUv*6y?;i#E|MgCmUBncia;AbR?_DKrG zdj*M-8C9SHqQEO~R;ML4Frp3(uJ-u*dj`hT(Xp|?UUeWcS_yWVUd?l>X?;1tG9o>j zY&uQmd=|F{>?Ych^i}dM!x!LE2i#{jeF%o~O(-~&ZSqII-U7eQ9m+;Cx^j4r8emkJ zqh!D6rFhxTQC<)2r5MKNR|A5=(QvSQc^68D+Ejm$9jv(>GIt>BhBUQj5Kd5Rv3{{1Pw(j1~+2SFb5%swCdr#9HlH3 zd>q9qUWxLGT!4}wG|Tg%-=})PBO$bO(fkY(8dV7o+CWqzP%?%?ygFZ>t zf0lkQt}?kTQAIvpklDj%kPI<`-|yuD0wwzWD#fcFg;E5MkMenC7OtlxmSwyqV~LS4 zAZ`mBHRDvC5d$;>!@$q_C|+bm%FFsxiW4NS&o98WgwJC%l_22)hyfN*Jt`vz3>63n zJjHup4KfQC#XdFQ^O_ae?^OcQ+{JS!u{%B6Kt4!rOnM{f;Uq`mpA-KvaaF?46TAu8 zaPUGCTGquAh75}hF}N=;0!GJ&)RD;^ziNaj6JQkRJ3zyZhat*PiX<|WUr-pDVFj<( z!)}iw3^pVmX>ohUrv~~wBi$-^t`Fm+0Pj~6FU?Ub=MiE2NGeQ5kDrqH07FZ>pm=y+ zhea>E3@M8#oZpY-h)_OR@bP}iBluuppCrOG@h}u82B4<^&GY`iHbN)QfHhwx2h;sn z5e!U8_NuU~#4-W}7cf4`>!WpakJqQjj3A4=YSzmxK|Im2NBc2GW)&|l$q-fbGalFx zUWM`sF!FsIT;nmc>=!($3nvU&NCr~q9vmMVg*pw6bOUApTfz$r&--YVreOBM@dvKi zDaFUru=5o~daX&J=G1>_6&@Tdj^cGBFjEj^-w+-UKG!Iy_AO+1j@tsS)TE*0iTEO zHR%qPA-$1C!>5g*J~e0rX@givh!Opa0u!4Gz(*;H=UJXo6h1)FEXODkBl@7S^)P64 z;h2bz(H`B0u_gRr*N4~9p0UA^sbXH>y|5o(0QfoRj@5;rWjHv)z!6l*$HV^ZfFYfQ zWFgnPM?A!Uf3SaiR2>1|8^m%}h+;rwc#+})dR|D1K*^%4P=ZJDi*R(7MTMCi!f<;! zY9N=9GTA`>fP9GblSfIE43hiE*I|7BHYv0i&9EVt10)jK@yk(LJ`#yo&%of=c69`H zq|P6girSV%jSE*Tsc1$<#FKZtr_bLr&`qSE8A~EpN4I-MRKGb5&B{RLgCnFzhi`DO zPj`%`qD!)n`F@{&*RNt}Xhv4VMYK=RMQFyd$n}M;GF@5Uy!Pp6R+eSNb6LOn|H3UX z%o+D#7faYgII1o(TrwCgAyYM6jp?6 z1J;xHVzB-+tY+~Uc-49O3bf?YSTd-{CCE5!xyPJVuOQlbaPKKdw&o0GIdBGB44%}B z!EYkrHK*0V8?K+f0U9%r?I7zYmJa@O3VMC%4D1^pAkSjii9Kb_6^_;ld#j_=Spl9c zBo=|GpCR_Sk+WDX0-5hRhpj?(%)DYs1uvY#3XM0aAoCbbgP$J5mxCS0a0Us0uN}h+ zkUro#hA#uJ9>a4UdKODQ@T?h~Ltn=3J=ED)+fY%lk#kmYE>0G!7@?Fatra?}BsW95 z%UOpYRf%#7B~5NgH{ap&MqyD$_p{bpy)_xC|~H#|iM=!)A z8ws8}i>D$(;M`e!HF#9FUpR}Cpz0i6gbeGYmV^N3ZD_k129A=43T4AkWlV&<4R4Gy)p-VpvxqHnNU9T*## zy8L;=+@X9zGS0q?TN)OA3|Lrt!c{w*@nr>M7MqV>Wr9&5F(9twS|*WJ_KxLpbwf+ z@SCrhb3W!KSbiyx51Q9~j2$}32TvX}r+&QMVWlrW1jJ%31-18>^R8o*tBhf=NAEEg zT+8^od(17@G4fS~AZRM^9x@kS%Xt4GvvQ5=bALQ!PT3&p6ITjqHDHHu0-wa+Fni2D zByuf7mj8%b6?a=aozR=`>%{&flH7#;7PXp+j9)h*hVQ_14WTzxYbbann^+HaXA{I+ z-U#Zqq!Le*5wlE2m;!22^yfe zLumnbx925>kRhVrf9v;xU1i9A$m(#+tScA^E@t5;J3j@gNng~=%!7VOR+ZzZ&f6_jIdU zN8$Poeu95rMP!2NJR;Yq?gIa^ipWL22#%~G)|)h22*j;|dfoztzkw_TovR2JdXsdu zSnrx9w2x?-k7}6qnYv>!s%2`|?$8a_=zSw%%F-~fCYvY+hqDL*+?q|eXJ0lS$Xxi1 zbYU2|oCpb-CI@o$jCI)@|HfawrnC^j4TwNljNuCJOne6Jv^rvV64Y?6U-FFSWsaUh;m@ zkhD4RwZ!U#cmMuvVmKa^{QqXKzB&E>o5BCbHiN;jKM^_p_g!&Gv|KM^m-9gK6r6Bkb65u(I=hq(-%xG2N!#a5zULRZ5R7pslHn1S4cFtBhd zbaLe@a^eEOJ?Y$zG0({8cz+>$5@+GYu$Sfo@W%#5@p<9mU*g#S!!WYom;JKpV*>t9 zvv;k%VrLtKT$UVi#n`6vt~HUZ_Jso+E=!tKnRz-{OTRw4*{*NtQ{c`&6Pro?&3Z#{ zb#%*pZ=Hn#>|4Y-YteG<4$ZE_?772Deen2OM7P!U7W=4XlcO8&`o2DBdz%Q5#lxEh zx}+!`JkbCyyiMegC1LT3(ZdPxkLuE7iEAsX@aeW}6X2wGTyk#~s=)`XcYbDEus zA=5Q@`&~$;?92OsW-E#z3#)MV-ym7ebwo;6VT3HK!P@traJECQx?BZOy08ZKy$9(G zPnZ8fOV5v?(=|B%9;90-e*Z!+FG4r3z|8v)Z|R!2A8YniQM~Z^4v=yI@-1&CvNYSu z7(RHwV?U|fz4FGc+$b76$^*820M87qw%>cel@mdO8c^Uz9}tU^zj6W5(pSWQ=@O)U z2*Jz`=HvylqhMhHp8ODkT`x_+Gagw{F#Tu?5HAv{HT&cZH)=L}3>QqQ{b-(e#{*AV z@C}{+yV)yAD%>;<2myE~z{Ak+1VliP6qcn0zt77_@b$^|u1!%X^$rUS!t6yJdwZR$ zGa{wlVH9|6(2{Ch_Rz!$ExjWu=6r|UxxuoPG@N+qrC@th&Aq*_6z{OCv#x*Vm`$^{ z#i*%A?h_76x7GY#=_#6RV^qy>?6#L$0;HU9=GR^B2p%|6YH^W^geJw+8byO$2K&DZ zqOG0Qs<2`ORtI{3ukQ&BwPLTtt*0+5weA>t%YcK#yd}H z_KFy^@DQF_2hnWb|N3K^tvm(|4q*GqB9+G7|58e%Kh?32xZ9ODQZ^(XFv#*bmg*D(CV0Vg7DG8cwT?`l; zyY{1L-&j5}+i1a)Hy!(*&bl`vtl=0uk9gJV6Q^B~p?xa+jUVpPcop8y_-V-x_q=2e zuZjUqWk1c{H5FCUK3xEI?X~2R@jtw!#ubdHsrOj{czLfS-O3%VSf-^-UY64Y&rPZ@ zobKFa*_<@6wk9|cl@kuL1)#)ZaaffXMoww=@fbNTO%#BC^;ouB%^NnosoBP&a>AY~ z02{rQZc^GMe6edZO6S;F0N(dPI{db-CtM>@I@oUopvwp8)_zcUKuaIKOa~XiXGaUb zw|$mv=r-F-K=}?PR%|TL#OL-*bnLQs!Ap_+d!0VUWrN7vOQ_b z*&lcHN9c4JT;z2VtA6C_i;{&U*cq@aNml3Jpwb%yrYmqP0Ku+%`iUx}G+Yftt2b7K8`@}CbyDy5jFz5EdBq?bO z!O_?o!v_bk{iLN}mAlImMGI$dpFUCi`vJRaTLf)Bd;4JarUf6vwe+n~viZ?#Nxx+? zneyD7{}S91MS~JhV76bMCmO}aH2dZ#+I;#BK(e*>f8`F%))hkr2eJL=>Vw~%m>sg9 t$%HZKsc-_r$Jc*NO4RH(T;ZhvaJNDIx%@xDxqCX+%Wcrhy1!a7{~I@QlfVD~ diff --git a/util/gzipstream.py b/util/gzipstream.py index 7dbb2fc3e..8f5aa9f6d 100644 --- a/util/gzipstream.py +++ b/util/gzipstream.py @@ -9,17 +9,20 @@ import zlib # http://stackoverflow.com/questions/3122145/zlib-error-error-3-while-decompressing-incorrect-header-check/22310760#22310760 ZLIB_GZIP_WINDOW = zlib.MAX_WBITS | 32 +class SizeInfo(object): + def __init__(self): + self.size = 0 + def calculate_size_handler(): """ Returns an object and a SocketReader handler. The handler will gunzip the data it receives, adding the size found to the object. """ - uncompressed_size_info = { - 'size': 0 - } - + + size_info = SizeInfo() + decompressor = zlib.decompressobj(ZLIB_GZIP_WINDOW) def fn(buf): - uncompressed_size_info['size'] += len(decompressor.decompress(buf)) + size_info.size += len(decompressor.decompress(buf)) - return uncompressed_size_info, fn + return size_info, fn From c6828998616894d49591650820bd205ad04291ba Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 2 Oct 2014 14:49:18 -0400 Subject: [PATCH 160/160] Add a feature flag to disable user creation --- config.py | 3 +++ endpoints/api/user.py | 1 + endpoints/callbacks.py | 12 +++++++++--- endpoints/index.py | 4 ++++ static/directives/signup-form.html | 2 +- static/directives/user-setup.html | 2 +- templates/ologinerror.html | 4 +++- 7 files changed, 22 insertions(+), 6 deletions(-) diff --git a/config.py b/config.py index 4fe5b2cd5..6742d1a43 100644 --- a/config.py +++ b/config.py @@ -165,6 +165,9 @@ class DefaultConfig(object): # Feature Flag: Whether emails are enabled. FEATURE_MAILING = True + # Feature Flag: Whether users can be created (by non-super users). + FEATURE_USER_CREATION = True + DISTRIBUTED_STORAGE_CONFIG = { 'local_eu': ['LocalStorage', {'storage_path': 'test/data/registry/eu'}], 'local_us': ['LocalStorage', {'storage_path': 'test/data/registry/us'}], diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 7747addcc..130bb9124 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -195,6 +195,7 @@ class User(ApiResource): return user_view(user) + @show_if(features.USER_CREATION) @nickname('createNewUser') @parse_args @query_param('inviteCode', 'Invitation code given for creating the user.', type=str, diff --git a/endpoints/callbacks.py b/endpoints/callbacks.py index 1cbd46192..637033ab6 100644 --- a/endpoints/callbacks.py +++ b/endpoints/callbacks.py @@ -26,7 +26,8 @@ def render_ologin_error(service_name, error_message='Could not load user data. The token may have expired.'): return render_page_template('ologinerror.html', service_name=service_name, error_message=error_message, - service_url=get_app_url()) + service_url=get_app_url(), + user_creation=features.USER_CREATION) def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False, redirect_suffix=''): @@ -85,7 +86,12 @@ def get_google_user(token): def conduct_oauth_login(service_name, user_id, username, email, metadata={}): to_login = model.verify_federated_login(service_name.lower(), user_id) if not to_login: - # try to create the user + # See if we can create a new user. + if not features.USER_CREATION: + error_message = 'User creation is disabled. Please contact your administrator' + return render_ologin_error(service_name, error_message) + + # Try to create the user try: valid = next(generate_valid_usernames(username)) to_login = model.create_federated_user(valid, email, service_name.lower(), @@ -147,7 +153,7 @@ def github_oauth_callback(): token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB') user_data = get_github_user(token) - if not user_data: + if not user_data or not 'login' in user_data: return render_ologin_error('GitHub') username = user_data['login'] diff --git a/endpoints/index.py b/endpoints/index.py index 46c5b9771..5f0a88695 100644 --- a/endpoints/index.py +++ b/endpoints/index.py @@ -19,6 +19,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission, from util.http import abort from endpoints.notificationhelper import spawn_notification +import features logger = logging.getLogger(__name__) profile = logging.getLogger('application.profiler') @@ -65,6 +66,9 @@ def generate_headers(role='read'): @index.route('/users', methods=['POST']) @index.route('/users/', methods=['POST']) def create_user(): + if not features.USER_CREATION: + abort(400, 'User creation is disabled. Please speak to your administrator.') + user_data = request.get_json() if not 'username' in user_data: abort(400, 'Missing username') diff --git a/static/directives/signup-form.html b/static/directives/signup-form.html index ba4efe287..9117e880a 100644 --- a/static/directives/signup-form.html +++ b/static/directives/signup-form.html @@ -1,4 +1,4 @@ -
    -
    +
    diff --git a/templates/ologinerror.html b/templates/ologinerror.html index 304b7f554..74f51987e 100644 --- a/templates/ologinerror.html +++ b/templates/ologinerror.html @@ -8,17 +8,19 @@
    -

    There was an error logging in with {{ service_name }}.

    +

    There was an error logging in with {{ service_name }}.

    {% if error_message %}
    {{ error_message }}
    {% endif %} + {% if user_creation %}
    Please register using the registration form to continue. You will be able to connect your account to your Quay.io account in the user settings.
    + {% endif %}