Merge pull request #1066 from coreos-inc/fixtokenjwt

Fix handling of tokens in the new context block of the JWT
This commit is contained in:
josephschorr 2015-12-15 17:39:56 -05:00
commit 4271cd0745
2 changed files with 34 additions and 2 deletions

View file

@ -95,7 +95,11 @@ def get_granted_entity():
return GrantedEntity(user=user)
if kind == 'token':
return GrantedEntity(token=context.get('token'))
token = model.token.load_token_data(context.get('token'))
if not token:
return None
return GrantedEntity(token=token)
if kind == 'oauth':
user = model.user.get_user(context.get('user', ''))
@ -142,7 +146,7 @@ def build_context_and_subject(user, token, oauthtoken):
if token:
context = {
'kind': 'token',
'token': token,
'token': token.code,
}
return (context, None)

View file

@ -12,6 +12,7 @@ from flask.ext.testing import LiveServerTestCase
from app import app
from data.database import close_db_filter, configure
from data import model
from endpoints.v1 import v1_bp
from endpoints.v2 import v2_bp
from endpoints.verbs import verbs
@ -66,6 +67,14 @@ def set_feature(feature_name):
features._FEATURES[feature_name].value = request.get_json()['value']
return jsonify({'old_value': old_value})
@testbp.route('/addtoken', methods=['POST'])
def addtoken():
another_token = model.token.create_delegate_token('devtable', 'newrepo', 'my-new-token', 'write')
another_token.code = 'somecooltokencode'
another_token.save()
return 'OK'
@testbp.route('/reloadapp', methods=['POST'])
def reload_app():
# Close any existing connection.
@ -597,6 +606,25 @@ class RegistryTestsMixin(object):
self.assertEquals('buynlarge+ownerbot', logs[0]['performer']['name'])
def test_push_pull_logging_bytoken(self):
# Push the repository.
self.do_push('devtable', 'newrepo', 'devtable', 'password')
# Add a token.
self.conduct('POST', '/__test/addtoken')
# Pull the repository.
self.do_pull('devtable', 'newrepo', '$token', 'somecooltokencode')
# Retrieve the logs and ensure the pull was added.
self.conduct_api_login('devtable', 'password')
result = self.conduct('GET', '/api/v1/repository/devtable/newrepo/logs')
logs = result.json()['logs']
self.assertEquals('pull_repo', logs[0]['kind'])
self.assertEquals('my-new-token', logs[0]['metadata']['token'])
def test_push_pull_logging_byoauth(self):
# Push the repository.
self.do_push('devtable', 'newrepo', 'devtable', 'password')