Joseph Schorr
parent
6fc7d2a230
commit
22b8a562be
1 changed files with 23 additions and 2 deletions
|
|
@ -6,7 +6,7 @@ import jwt
|
|||
from flask import request, jsonify, abort
|
||||
from cachetools import lru_cache
|
||||
|
||||
from app import app
|
||||
from app import app, userevents
|
||||
from data import model
|
||||
from auth.auth import process_auth
|
||||
from auth.registry_jwt_auth import build_context_and_subject
|
||||
|
|
@ -62,6 +62,9 @@ def generate_registry_jwt():
|
|||
logger.debug('Authenticated OAuth token: %s', oauthtoken)
|
||||
|
||||
access = []
|
||||
user_event_data = {
|
||||
'action': 'login',
|
||||
}
|
||||
|
||||
if len(scope_param) > 0:
|
||||
match = SCOPE_REGEX.match(scope_param)
|
||||
|
|
@ -116,17 +119,35 @@ def generate_registry_jwt():
|
|||
else:
|
||||
abort(403)
|
||||
|
||||
|
||||
# Add the access for the JWT.
|
||||
access.append({
|
||||
'type': 'repository',
|
||||
'name': namespace_and_repo,
|
||||
'actions': final_actions,
|
||||
})
|
||||
|
||||
# Set the user event data for the auth.
|
||||
if 'push' in final_actions:
|
||||
user_action = 'push_start'
|
||||
elif 'pull' in final_actions:
|
||||
user_action = 'pull_start'
|
||||
|
||||
user_event_data = {
|
||||
'action': user_action,
|
||||
'repository': reponame,
|
||||
'namespace': namespace,
|
||||
}
|
||||
|
||||
elif user is None and token is None:
|
||||
# In this case, we are doing an auth flow, and it's not an anonymous pull
|
||||
return abort(401)
|
||||
|
||||
# Send the user event.
|
||||
if user is not None:
|
||||
event = userevents.get_event(user.username)
|
||||
event.publish_event_data('docker-cli', user_event_data)
|
||||
|
||||
# Build the signed JWT.
|
||||
context, subject = build_context_and_subject(user, token, oauthtoken)
|
||||
token_data = {
|
||||
'iss': app.config['JWT_AUTH_TOKEN_ISSUER'],
|
||||
|
|
|
|||
Reference in a new issue