Merge pull request #1066 from coreos-inc/fixtokenjwt
Fix handling of tokens in the new context block of the JWT
This commit is contained in:
commit
4271cd0745
2 changed files with 34 additions and 2 deletions
|
@ -95,7 +95,11 @@ def get_granted_entity():
|
|||
return GrantedEntity(user=user)
|
||||
|
||||
if kind == 'token':
|
||||
return GrantedEntity(token=context.get('token'))
|
||||
token = model.token.load_token_data(context.get('token'))
|
||||
if not token:
|
||||
return None
|
||||
|
||||
return GrantedEntity(token=token)
|
||||
|
||||
if kind == 'oauth':
|
||||
user = model.user.get_user(context.get('user', ''))
|
||||
|
@ -142,7 +146,7 @@ def build_context_and_subject(user, token, oauthtoken):
|
|||
if token:
|
||||
context = {
|
||||
'kind': 'token',
|
||||
'token': token,
|
||||
'token': token.code,
|
||||
}
|
||||
return (context, None)
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ from flask.ext.testing import LiveServerTestCase
|
|||
|
||||
from app import app
|
||||
from data.database import close_db_filter, configure
|
||||
from data import model
|
||||
from endpoints.v1 import v1_bp
|
||||
from endpoints.v2 import v2_bp
|
||||
from endpoints.verbs import verbs
|
||||
|
@ -66,6 +67,14 @@ def set_feature(feature_name):
|
|||
features._FEATURES[feature_name].value = request.get_json()['value']
|
||||
return jsonify({'old_value': old_value})
|
||||
|
||||
@testbp.route('/addtoken', methods=['POST'])
|
||||
def addtoken():
|
||||
another_token = model.token.create_delegate_token('devtable', 'newrepo', 'my-new-token', 'write')
|
||||
another_token.code = 'somecooltokencode'
|
||||
another_token.save()
|
||||
return 'OK'
|
||||
|
||||
|
||||
@testbp.route('/reloadapp', methods=['POST'])
|
||||
def reload_app():
|
||||
# Close any existing connection.
|
||||
|
@ -597,6 +606,25 @@ class RegistryTestsMixin(object):
|
|||
self.assertEquals('buynlarge+ownerbot', logs[0]['performer']['name'])
|
||||
|
||||
|
||||
def test_push_pull_logging_bytoken(self):
|
||||
# Push the repository.
|
||||
self.do_push('devtable', 'newrepo', 'devtable', 'password')
|
||||
|
||||
# Add a token.
|
||||
self.conduct('POST', '/__test/addtoken')
|
||||
|
||||
# Pull the repository.
|
||||
self.do_pull('devtable', 'newrepo', '$token', 'somecooltokencode')
|
||||
|
||||
# Retrieve the logs and ensure the pull was added.
|
||||
self.conduct_api_login('devtable', 'password')
|
||||
result = self.conduct('GET', '/api/v1/repository/devtable/newrepo/logs')
|
||||
logs = result.json()['logs']
|
||||
|
||||
self.assertEquals('pull_repo', logs[0]['kind'])
|
||||
self.assertEquals('my-new-token', logs[0]['metadata']['token'])
|
||||
|
||||
|
||||
def test_push_pull_logging_byoauth(self):
|
||||
# Push the repository.
|
||||
self.do_push('devtable', 'newrepo', 'devtable', 'password')
|
||||
|
|
Reference in a new issue