Switch temporary token to grants now that the production stack supports both.

endpoints/index.py

@@ -54,30 +54,16 @@ def generate_headers(scope=GrantType.READ_REPOSITORY):
         if scope == GrantType.READ_REPOSITORY:
           permission = ReadRepositoryPermission(namespace, repository)
           grants.append(repository_read_grant(namespace, repository))
-
-          # TODO remove me when we we switch to signed grants
-          role = 'read'
         elif scope == GrantType.WRITE_REPOSITORY:
           permission = ModifyRepositoryPermission(namespace, repository)
           grants.append(repository_write_grant(namespace, repository))
 
-          # TODO remove me when we we switch to signed grants
-          role = 'write'
-
         if permission.can():
           # Generate a signed grant which expires here
-          # user_context = get_authenticated_user() and get_authenticated_user().username
+          user_context = get_authenticated_user() and get_authenticated_user().username
-          # signature = generate_signed_token(grants, user_context)
+          signature = generate_signed_token(grants, user_context)
-          # response.headers['WWW-Authenticate'] = signature
+          response.headers['WWW-Authenticate'] = signature
-          # response.headers['X-Docker-Token'] = signature
+          response.headers['X-Docker-Token'] = signature
-
-          # TODO remove me when we switch to signed grants
-          repo = model.get_repository(namespace, repository)
-          if repo:
-            token = model.create_access_token(repo, role, 'pushpull-token')
-            token_str = 'signature=%s' % token.code
-            response.headers['WWW-Authenticate'] = token_str
-            response.headers['X-Docker-Token'] = token_str
         else:
           logger.warning('Registry request with invalid credentials on repository: %s/%s',
                          namespace, repository)