Add a user info scope and thread it through the code. Protect the org modification API.

2014-03-18 19:21:27 -04:00 · 2014-03-18 19:21:27 -04:00 · 64071b9e8e
commit 64071b9e8e
parent 89556172d5
13 changed files with 144 additions and 115 deletions
--- a/auth/auth.py
+++ b/auth/auth.py
@ -53,7 +53,8 @@ def process_basic_auth(auth):
      logger.debug('Successfully validated robot: %s' % credentials[0])
      set_authenticated_user(robot)
      
-      deferred_robot = QuayDeferredPermissionUser(robot.username, 'username')
+      deferred_robot = QuayDeferredPermissionUser(robot.username, 'username',
+                                                  {'direct_user_login'})
      identity_changed.send(app, identity=deferred_robot)
      return
    except model.InvalidRobotException:
@ -66,7 +67,8 @@ def process_basic_auth(auth):
      logger.debug('Successfully validated user: %s' % authenticated.username)
      set_authenticated_user(authenticated)

-      new_identity = QuayDeferredPermissionUser(authenticated.username, 'username')
+      new_identity = QuayDeferredPermissionUser(authenticated.username, 'username',
+                                                {'direct_user_login'})
      identity_changed.send(app, identity=new_identity)
      return

@ -150,7 +152,7 @@ def process_oauth(f):
    elif not current_user.is_anonymous():
      logger.debug('Loading user from cookie: %s', current_user.get_id())
      set_authenticated_user_deferred(current_user.get_id())
-      loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username')
+      loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {'direct_user_login'})
      identity_changed.send(app, identity=loaded)
    else:
      logger.debug('No auth header or login cookie.')