Temporarily switch back to the old type of access tokens.
This commit is contained in:
Jake Moshenko
parent
c58c19db8a
commit
6601e98770
1 changed files with 18 additions and 4 deletions
|
|
@ -54,16 +54,30 @@ def generate_headers(scope=GrantType.READ_REPOSITORY):
|
|||
if scope == GrantType.READ_REPOSITORY:
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
grants.append(repository_read_grant(namespace, repository))
|
||||
|
||||
# TODO remove me when we we switch to signed grants
|
||||
role = 'read'
|
||||
elif scope == GrantType.WRITE_REPOSITORY:
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
grants.append(repository_write_grant(namespace, repository))
|
||||
|
||||
# TODO remove me when we we switch to signed grants
|
||||
role = 'write'
|
||||
|
||||
if permission.can():
|
||||
# Generate a signed grant which expires here
|
||||
user_context = get_authenticated_user() and get_authenticated_user().username
|
||||
signature = generate_signed_token(grants, user_context)
|
||||
response.headers['WWW-Authenticate'] = signature
|
||||
response.headers['X-Docker-Token'] = signature
|
||||
# user_context = get_authenticated_user() and get_authenticated_user().username
|
||||
# signature = generate_signed_token(grants, user_context)
|
||||
# response.headers['WWW-Authenticate'] = signature
|
||||
# response.headers['X-Docker-Token'] = signature
|
||||
|
||||
# TODO remove me when we switch to signed grants
|
||||
repo = model.get_repository(namespace, repository)
|
||||
if repo:
|
||||
token = model.create_access_token(repo, role, 'pushpull-token')
|
||||
token_str = 'signature=%s' % token.code
|
||||
response.headers['WWW-Authenticate'] = token_str
|
||||
response.headers['X-Docker-Token'] = token_str
|
||||
else:
|
||||
logger.warning('Registry request with invalid credentials on repository: %s/%s',
|
||||
namespace, repository)
|
||||
|
|
|
|||
Reference in a new issue