Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
This commit is contained in:
Joseph Schorr
commit
314710a716
3 changed files with 18 additions and 20 deletions
16
auth/auth.py
16
auth/auth.py
|
|
@ -84,13 +84,13 @@ def process_token(auth):
|
||||||
|
|
||||||
if len(token_details) != 1:
|
if len(token_details) != 1:
|
||||||
logger.warning('Invalid token format: %s' % auth)
|
logger.warning('Invalid token format: %s' % auth)
|
||||||
abort(401, message="Invalid token format: %(auth)", issue='invalid-auth-token', auth=auth)
|
abort(401, message='Invalid token format: %(auth)s', issue='invalid-auth-token', auth=auth)
|
||||||
|
|
||||||
token_vals = {val[0]: val[1] for val in
|
token_vals = {val[0]: val[1] for val in
|
||||||
(detail.split('=') for detail in token_details)}
|
(detail.split('=') for detail in token_details)}
|
||||||
if 'signature' not in token_vals:
|
if 'signature' not in token_vals:
|
||||||
logger.warning('Token does not contain signature: %s' % auth)
|
logger.warning('Token does not contain signature: %s' % auth)
|
||||||
abort(401, message="Token does not contain a valid signature: %(auth)",
|
abort(401, message='Token does not contain a valid signature: %(auth)s',
|
||||||
issue='invalid-auth-token', auth=auth)
|
issue='invalid-auth-token', auth=auth)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
@ -98,7 +98,7 @@ def process_token(auth):
|
||||||
|
|
||||||
except model.InvalidTokenException:
|
except model.InvalidTokenException:
|
||||||
logger.warning('Token could not be validated: %s', token_vals['signature'])
|
logger.warning('Token could not be validated: %s', token_vals['signature'])
|
||||||
abort(401, message="Token could not be validated: %(auth)", issue='invalid-auth-token',
|
abort(401, message='Token could not be validated: %(auth)s', issue='invalid-auth-token',
|
||||||
auth=auth)
|
auth=auth)
|
||||||
|
|
||||||
logger.debug('Successfully validated token: %s', token_data.code)
|
logger.debug('Successfully validated token: %s', token_data.code)
|
||||||
|
|
@ -125,7 +125,7 @@ def process_oauth(f):
|
||||||
'WWW-Authenticate': ('Bearer error="invalid_token", '
|
'WWW-Authenticate': ('Bearer error="invalid_token", '
|
||||||
'error_description="The access token is invalid"'),
|
'error_description="The access token is invalid"'),
|
||||||
}
|
}
|
||||||
abort(401, message="OAuth access token could not be validated: %(token)",
|
abort(401, message='OAuth access token could not be validated: %(token)s',
|
||||||
issue='invalid-oauth-token', token=token, header=authenticate_header)
|
issue='invalid-oauth-token', token=token, header=authenticate_header)
|
||||||
elif validated.expires_at <= datetime.now():
|
elif validated.expires_at <= datetime.now():
|
||||||
logger.info('OAuth access with an expired token: %s', token)
|
logger.info('OAuth access with an expired token: %s', token)
|
||||||
|
|
@ -133,8 +133,8 @@ def process_oauth(f):
|
||||||
'WWW-Authenticate': ('Bearer error="invalid_token", '
|
'WWW-Authenticate': ('Bearer error="invalid_token", '
|
||||||
'error_description="The access token expired"'),
|
'error_description="The access token expired"'),
|
||||||
}
|
}
|
||||||
abort(401, message="OAuth access token has expired: %(token)", issue='invalid-oauth-token',
|
abort(401, message='OAuth access token has expired: %(token)s',
|
||||||
token=token, headers=authenticate_header)
|
issue='invalid-oauth-token', token=token, headers=authenticate_header)
|
||||||
|
|
||||||
# We have a valid token
|
# We have a valid token
|
||||||
scope_set = scopes.scopes_from_scope_string(validated.scope)
|
scope_set = scopes.scopes_from_scope_string(validated.scope)
|
||||||
|
|
@ -151,7 +151,7 @@ def process_oauth(f):
|
||||||
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username')
|
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username')
|
||||||
identity_changed.send(app, identity=loaded)
|
identity_changed.send(app, identity=loaded)
|
||||||
else:
|
else:
|
||||||
logger.debug('No auth header or user session.')
|
logger.debug('No auth header or login cookie.')
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
||||||
|
|
@ -177,7 +177,7 @@ def extract_namespace_repo_from_session(f):
|
||||||
def wrapper(*args, **kwargs):
|
def wrapper(*args, **kwargs):
|
||||||
if 'namespace' not in session or 'repository' not in session:
|
if 'namespace' not in session or 'repository' not in session:
|
||||||
logger.error('Unable to load namespace or repository from session: %s' % session)
|
logger.error('Unable to load namespace or repository from session: %s' % session)
|
||||||
abort(400, message="Missing namespace in request")
|
abort(400, message='Missing namespace in request')
|
||||||
|
|
||||||
return f(session['namespace'], session['repository'], *args, **kwargs)
|
return f(session['namespace'], session['repository'], *args, **kwargs)
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
|
||||||
|
|
@ -35,10 +35,8 @@ class UserRobot(ApiResource):
|
||||||
""" Create a new user robot with the specified name. """
|
""" Create a new user robot with the specified name. """
|
||||||
parent = get_authenticated_user()
|
parent = get_authenticated_user()
|
||||||
robot, password = model.create_robot(robot_shortname, parent)
|
robot, password = model.create_robot(robot_shortname, parent)
|
||||||
resp = robot_view(robot.username, password)
|
|
||||||
log_action('create_robot', parent.username, {'robot': robot_shortname})
|
log_action('create_robot', parent.username, {'robot': robot_shortname})
|
||||||
resp.status_code = 201
|
return robot_view(robot.username, password), 201
|
||||||
return resp
|
|
||||||
|
|
||||||
@nickname('deleteUserRobot')
|
@nickname('deleteUserRobot')
|
||||||
def delete(self, robot_shortname):
|
def delete(self, robot_shortname):
|
||||||
|
|
|
||||||
|
|
@ -226,22 +226,22 @@ class ConvertToOrganization(ApiResource):
|
||||||
'type': 'object',
|
'type': 'object',
|
||||||
'description': 'Information required to convert a user to an organization.',
|
'description': 'Information required to convert a user to an organization.',
|
||||||
'required': [
|
'required': [
|
||||||
'username',
|
'adminUser',
|
||||||
'password',
|
'adminPassword',
|
||||||
'email',
|
'plan',
|
||||||
],
|
],
|
||||||
'properties': {
|
'properties': {
|
||||||
'username': {
|
'adminUser': {
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
'description': 'The user\'s username',
|
'description': 'The user who will become an org admin\'s username',
|
||||||
},
|
},
|
||||||
'password': {
|
'adminPassword': {
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
'description': 'The user\'s password',
|
'description': 'The user who will become an org admin\'s password',
|
||||||
},
|
},
|
||||||
'email': {
|
'plan': {
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
'description': 'The user\'s email address',
|
'description': 'The plan to which the organizatino should be subscribed',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Reference in a new issue