Allow for anonymous access tokens for public repositories.

2013-10-01 01:18:05 -04:00 · 2013-10-01 01:18:05 -04:00 · 891f992bf2
commit 891f992bf2
parent 0652636693
3 changed files with 13 additions and 13 deletions
--- a/auth/permissions.py
+++ b/auth/permissions.py
@ -67,12 +67,16 @@ def on_identity_loaded(sender, identity):
    logger.debug('Computing permissions for token: %s' % identity.id)

    token = model.get_token(identity.id)
-    query = model.get_user_repo_permissions(token.user, token.repository)
-    for permission in query:
-      t_grant = _RepositoryNeed(token.repository.namespace,
-                                token.repository.name, permission.role.name)
-      logger.debug('Token added permission: {0}'.format(t_grant))
-      identity.provides.add(t_grant)
+
+    if token.user:
+      query = model.get_user_repo_permissions(token.user, token.repository)
+      for permission in query:
+        t_grant = _RepositoryNeed(token.repository.namespace,
+                                  token.repository.name, permission.role.name)
+        logger.debug('Token added permission: {0}'.format(t_grant))
+        identity.provides.add(t_grant)
+    else:
+      logger.debug('Token was anonymous.')

  else:
    logger.error('Unknown identity auth type: %s' % identity.auth_type)
--- a/data/database.py
+++ b/data/database.py
@ -68,7 +68,7 @@ def random_string_generator(length=16):

 class AccessToken(BaseModel):
  code = CharField(default=random_string_generator(), unique=True, index=True)
-  user = ForeignKeyField(User)
+  user = ForeignKeyField(User, null=True)
  repository = ForeignKeyField(Repository)
  created = DateTimeField(default=datetime.now)

@ -124,7 +124,3 @@ def initialize_db():
  Role.create(name='read')
  Visibility.create(name='public')
  Visibility.create(name='private')
-
-
-if __name__ == '__main__':
-  initialize_db()
--- a/endpoints/index.py
+++ b/endpoints/index.py
@ -28,11 +28,11 @@ def generate_headers(f):

    has_token_request = request.headers.get('X-Docker-Token', '')

-    if has_token_request and get_authenticated_user():
+    if has_token_request:
      repo = model.get_repository(namespace, repository)
      token = model.create_access_token(get_authenticated_user(), repo)
      token_str = 'signature=%s,repository="%s/%s"' % (token.code, namespace,
-                                                     repository)
+                                                       repository)
      response.headers['WWW-Authenticate'] = token_str
      response.headers['X-Docker-Token'] = token_str