Use the registry API for security scanning

when the storage engine doesn't support direct download url
2016-05-04 17:40:09 -04:00 · 2016-05-04 17:40:09 -04:00 · 9221a515de
commit 9221a515de
parent 1ef7008d85
9 changed files with 149 additions and 106 deletions
--- a/auth/registry_jwt_auth.py
+++ b/auth/registry_jwt_auth.py
@ -16,6 +16,7 @@ from .permissions import repository_read_grant, repository_write_grant
 from util.names import parse_namespace_repository
 from util.http import abort
 from util.security import strictjwt
+from util.security.registry_jwt import ANONYMOUS_SUB
 from data import model


@ -23,7 +24,6 @@ logger = logging.getLogger(__name__)


 TOKEN_REGEX = re.compile(r'^Bearer (([a-zA-Z0-9+/]+\.)+[a-zA-Z0-9+-_/]+)$')
-ANONYMOUS_SUB = '(anonymous)'
 CONTEXT_KINDS = ['user', 'token', 'oauth']

 ACCESS_SCHEMA = {
@ -125,38 +125,6 @@ def get_granted_username():
  return granted.user.username


-def build_context_and_subject(user, token, oauthtoken):
-  """ Builds the custom context field for the JWT signed token and returns it,
-      along with the subject for the JWT signed token. """
-  if oauthtoken:
-    context = {
-      'kind': 'oauth',
-      'user': user.username,
-      'oauth': oauthtoken.uuid,
-    }
-
-    return (context, user.username)
-
-  if user:
-    context = {
-      'kind': 'user',
-      'user': user.username,
-    }
-    return (context, user.username)
-
-  if token:
-    context = {
-      'kind': 'token',
-      'token': token.code,
-    }
-    return (context, None)
-
-  context = {
-    'kind': 'anonymous',
-  }
-  return (context, ANONYMOUS_SUB)
-
-
 def get_auth_headers(repository=None, scopes=None):
  """ Returns a dictionary of headers for auth responses. """
  headers = {}