From 204f58d95bd6435a30be613d544cc195dc2d820d Mon Sep 17 00:00:00 2001 From: Jake Moshenko Date: Tue, 24 Feb 2015 13:22:19 -0500 Subject: [PATCH] Switch temporary token to grants now that the production stack supports both. --- endpoints/index.py | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/endpoints/index.py b/endpoints/index.py index cf9169064..ca4b73362 100644 --- a/endpoints/index.py +++ b/endpoints/index.py @@ -54,30 +54,16 @@ def generate_headers(scope=GrantType.READ_REPOSITORY): if scope == GrantType.READ_REPOSITORY: permission = ReadRepositoryPermission(namespace, repository) grants.append(repository_read_grant(namespace, repository)) - - # TODO remove me when we we switch to signed grants - role = 'read' elif scope == GrantType.WRITE_REPOSITORY: permission = ModifyRepositoryPermission(namespace, repository) grants.append(repository_write_grant(namespace, repository)) - # TODO remove me when we we switch to signed grants - role = 'write' - if permission.can(): # Generate a signed grant which expires here - # user_context = get_authenticated_user() and get_authenticated_user().username - # signature = generate_signed_token(grants, user_context) - # response.headers['WWW-Authenticate'] = signature - # response.headers['X-Docker-Token'] = signature - - # TODO remove me when we switch to signed grants - repo = model.get_repository(namespace, repository) - if repo: - token = model.create_access_token(repo, role, 'pushpull-token') - token_str = 'signature=%s' % token.code - response.headers['WWW-Authenticate'] = token_str - response.headers['X-Docker-Token'] = token_str + user_context = get_authenticated_user() and get_authenticated_user().username + signature = generate_signed_token(grants, user_context) + response.headers['WWW-Authenticate'] = signature + response.headers['X-Docker-Token'] = signature else: logger.warning('Registry request with invalid credentials on repository: %s/%s', namespace, repository)