Add some sort of oauth.
This commit is contained in:
jakedt
parent
220649e579
commit
25ceb90fc6
13 changed files with 290 additions and 46 deletions
|
|
@ -9,12 +9,12 @@ from data import model
|
|||
from app import app
|
||||
from permissions import QuayDeferredPermissionUser
|
||||
|
||||
from util.names import parse_namespace_repository
|
||||
from util.http import abort
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def process_basic_auth(auth):
|
||||
normalized = [part.strip() for part in auth.split(' ') if part]
|
||||
if normalized[0].lower() != 'basic' or len(normalized) != 2:
|
||||
|
|
@ -87,7 +87,8 @@ def process_token(auth):
|
|||
(detail.split('=') for detail in token_details)}
|
||||
if 'signature' not in token_vals:
|
||||
logger.warning('Token does not contain signature: %s' % auth)
|
||||
abort(401, message="Token does not contain a valid signature: %(auth)", issue='invalid-auth-token', auth=auth)
|
||||
abort(401, message="Token does not contain a valid signature: %(auth)",
|
||||
issue='invalid-auth-token', auth=auth)
|
||||
|
||||
try:
|
||||
token_data = model.load_token_data(token_vals['signature'])
|
||||
|
|
@ -95,7 +96,8 @@ def process_token(auth):
|
|||
except model.InvalidTokenException:
|
||||
logger.warning('Token could not be validated: %s' %
|
||||
token_vals['signature'])
|
||||
abort(401, message="Token could not be validated: %(auth)", issue='invalid-auth-token', auth=auth)
|
||||
abort(401, message="Token could not be validated: %(auth)", issue='invalid-auth-token',
|
||||
auth=auth)
|
||||
|
||||
logger.debug('Successfully validated token: %s' % token_data.code)
|
||||
ctx = _request_ctx_stack.top
|
||||
|
|
|
|||
25
auth/scopes.py
Normal file
25
auth/scopes.py
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
READ_REPO = {
|
||||
'scope': 'repo:read',
|
||||
'description': ('Grants read-only access to all repositories for which the granting user or '
|
||||
' robot has access.')
|
||||
}
|
||||
|
||||
WRITE_REPO = {
|
||||
'scope': 'repo:write',
|
||||
'description': ('Grants read-write access to all repositories for which the granting user or '
|
||||
'robot has access, and is a superset of repo:read.')
|
||||
}
|
||||
|
||||
ADMIN_REPO = {
|
||||
'scope': 'repo:admin',
|
||||
'description': ('Grants administrator access to all repositories for which the granting user or '
|
||||
'robot has access, and is a superset of repo:read and repo:write.')
|
||||
}
|
||||
|
||||
CREATE_REPO = {
|
||||
'scope': 'repo:create',
|
||||
'description': ('Grants create repository access to all namespaces for which the granting user '
|
||||
'or robot is allowed to create repositories.')
|
||||
}
|
||||
|
||||
ALL_SCOPES = {scope['scope']:scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO)}
|
||||
Reference in a new issue