Add a test to verify that all important blueprints have all their methods decorated
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
This commit is contained in:
Joseph Schorr
parent
075c75d031
commit
477a3fdcdc
6 changed files with 57 additions and 4 deletions
|
|
@ -20,7 +20,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
|
|||
from util.http import abort
|
||||
from endpoints.trackhelper import track_and_log
|
||||
from endpoints.notificationhelper import spawn_notification
|
||||
from endpoints.decorators import anon_protect
|
||||
from endpoints.decorators import anon_protect, anon_allowed
|
||||
|
||||
import features
|
||||
|
||||
|
|
@ -74,6 +74,7 @@ def generate_headers(scope=GrantType.READ_REPOSITORY):
|
|||
|
||||
@index.route('/users', methods=['POST'])
|
||||
@index.route('/users/', methods=['POST'])
|
||||
@anon_allowed
|
||||
def create_user():
|
||||
user_data = request.get_json()
|
||||
if not user_data or not 'username' in user_data:
|
||||
|
|
@ -146,6 +147,7 @@ def create_user():
|
|||
@index.route('/users', methods=['GET'])
|
||||
@index.route('/users/', methods=['GET'])
|
||||
@process_auth
|
||||
@anon_allowed
|
||||
def get_user():
|
||||
if get_validated_oauth_token():
|
||||
return jsonify({
|
||||
|
|
@ -167,6 +169,7 @@ def get_user():
|
|||
|
||||
@index.route('/users/<username>/', methods=['PUT'])
|
||||
@process_auth
|
||||
@anon_allowed
|
||||
def update_user(username):
|
||||
permission = UserAdminPermission(username)
|
||||
|
||||
|
|
@ -194,6 +197,7 @@ def update_user(username):
|
|||
@process_auth
|
||||
@parse_repository_name
|
||||
@generate_headers(scope=GrantType.WRITE_REPOSITORY)
|
||||
@anon_allowed
|
||||
def create_repository(namespace, repository):
|
||||
logger.debug('Parsing image descriptions')
|
||||
image_descriptions = json.loads(request.data.decode('utf8'))
|
||||
|
|
@ -246,6 +250,7 @@ def create_repository(namespace, repository):
|
|||
@process_auth
|
||||
@parse_repository_name
|
||||
@generate_headers(scope=GrantType.WRITE_REPOSITORY)
|
||||
@anon_allowed
|
||||
def update_images(namespace, repository):
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
|
||||
|
|
@ -304,12 +309,14 @@ def get_repository_images(namespace, repository):
|
|||
@process_auth
|
||||
@parse_repository_name
|
||||
@generate_headers(scope=GrantType.WRITE_REPOSITORY)
|
||||
@anon_allowed
|
||||
def delete_repository_images(namespace, repository):
|
||||
abort(501, 'Not Implemented', issue='not-implemented')
|
||||
|
||||
|
||||
@index.route('/repositories/<path:repository>/auth', methods=['PUT'])
|
||||
@parse_repository_name
|
||||
@anon_allowed
|
||||
def put_repository_auth(namespace, repository):
|
||||
abort(501, 'Not Implemented', issue='not-implemented')
|
||||
|
||||
|
|
@ -353,11 +360,13 @@ def get_search():
|
|||
# Note: This is *not* part of the Docker index spec. This is here for our own health check,
|
||||
# since we have nginx handle the _ping below.
|
||||
@index.route('/_internal_ping')
|
||||
@anon_allowed
|
||||
def internal_ping():
|
||||
return make_response('true', 200)
|
||||
|
||||
@index.route('/_ping')
|
||||
@index.route('/_ping')
|
||||
@anon_allowed
|
||||
def ping():
|
||||
# NOTE: any changes made here must also be reflected in the nginx config
|
||||
response = make_response('true', 200)
|
||||
|
|
|
|||
Reference in a new issue