vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Temporarily switch back to the old type of access tokens.

Browse source
This commit is contained in:
Jake Moshenko 2015-02-24 12:09:14 -05:00
parent c58c19db8a
commit 6601e98770
1 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
endpoints/index.py
View file

@ -54,16 +54,30 @@ def generate_headers(scope=GrantType.READ_REPOSITORY):
if scope == GrantType.READ_REPOSITORY: if scope == GrantType.READ_REPOSITORY:
permission = ReadRepositoryPermission(namespace, repository) permission = ReadRepositoryPermission(namespace, repository)
grants.append(repository_read_grant(namespace, repository)) grants.append(repository_read_grant(namespace, repository))
# TODO remove me when we we switch to signed grants
role = 'read'
elif scope == GrantType.WRITE_REPOSITORY: elif scope == GrantType.WRITE_REPOSITORY:
permission = ModifyRepositoryPermission(namespace, repository) permission = ModifyRepositoryPermission(namespace, repository)
grants.append(repository_write_grant(namespace, repository)) grants.append(repository_write_grant(namespace, repository))
# TODO remove me when we we switch to signed grants
role = 'write'
if permission.can(): if permission.can():
# Generate a signed grant which expires here # Generate a signed grant which expires here
user_context = get_authenticated_user() and get_authenticated_user().username # user_context = get_authenticated_user() and get_authenticated_user().username
signature = generate_signed_token(grants, user_context) # signature = generate_signed_token(grants, user_context)
response.headers['WWW-Authenticate'] = signature # response.headers['WWW-Authenticate'] = signature
response.headers['X-Docker-Token'] = signature # response.headers['X-Docker-Token'] = signature
# TODO remove me when we switch to signed grants
repo = model.get_repository(namespace, repository)
if repo:
token = model.create_access_token(repo, role, 'pushpull-token')
token_str = 'signature=%s' % token.code
response.headers['WWW-Authenticate'] = token_str
response.headers['X-Docker-Token'] = token_str
else: else:
logger.warning('Registry request with invalid credentials on repository: %s/%s', logger.warning('Registry request with invalid credentials on repository: %s/%s',
namespace, repository) namespace, repository)