From a516c08deba590b8007173d360746a326183fa8c Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie+git@gmail.com>
Date: Mon, 1 Aug 2016 20:59:39 -0400
Subject: [PATCH] v2: refactor auth to use data.types

---
 data/model/v2.py       |  8 ++++++++
 endpoints/v2/v2auth.py | 16 +++++++---------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/data/model/v2.py b/data/model/v2.py
index 6e9e570f8..52a4d1e3d 100644
--- a/data/model/v2.py
+++ b/data/model/v2.py
@@ -7,6 +7,14 @@ from data.types import (
   Tag,
 )
 
+def create_repository(namespace_name, repo_name, user):
+  model.repository.create_repository(namespace, reponame, user)
+
+
+def repository_is_public(namespace_name, repo_name):
+  model.repository.repository_is_public(namespace, reponame)):
+
+
 def get_repository(namespace_name, repo_name):
   repo = model.repository.get_repository(namespace_name, repo_name)
   if repo is None:
diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py
index 91de73fa4..e5a617df8 100644
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@@ -5,7 +5,6 @@ from cachetools import lru_cache
 from flask import request, jsonify, abort
 
 from app import app, userevents, instance_keys
-from data import model
 from auth.auth import process_auth
 from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
@@ -21,9 +20,7 @@ logger = logging.getLogger(__name__)
 
 
 TOKEN_VALIDITY_LIFETIME_S = 60 * 60  # 1 hour
-SCOPE_REGEX_TEMPLATE = (
-  r'^repository:((?:{}\/)?((?:[\.a-zA-Z0-9_\-]+\/)?[\.a-zA-Z0-9_\-]+)):((?:push|pull|\*)(?:,(?:push|pull|\*))*)$'
-)
+SCOPE_REGEX_TEMPLATE = r'^repository:((?:{}\/)?((?:[\.a-zA-Z0-9_\-]+\/)?[\.a-zA-Z0-9_\-]+)):((?:push|pull|\*)(?:,(?:push|pull|\*))*)$'
 
 
 @lru_cache(maxsize=1)
@@ -38,8 +35,9 @@ def get_scope_regex():
 @no_cache
 @anon_protect
 def generate_registry_jwt():
-  """ This endpoint will generate a JWT conforming to the Docker registry v2 auth spec:
-      https://docs.docker.com/registry/spec/auth/token/
+  """
+  This endpoint will generate a JWT conforming to the Docker Registry v2 Auth Spec:
+  https://docs.docker.com/registry/spec/auth/token/
   """
   audience_param = request.args.get('service')
   logger.debug('Request audience: %s', audience_param)
@@ -97,7 +95,7 @@ def generate_registry_jwt():
       if user is not None or token is not None:
         # Lookup the repository. If it exists, make sure the entity has modify
         # permission. Otherwise, make sure the entity has create permission.
-        repo = model.repository.get_repository(namespace, reponame)
+        repo = v2.get_repository(namespace, reponame)
         if repo:
           if ModifyRepositoryPermission(namespace, reponame).can():
             final_actions.append('push')
@@ -106,7 +104,7 @@ def generate_registry_jwt():
         else:
           if CreateRepositoryPermission(namespace).can() and user is not None:
             logger.debug('Creating repository: %s/%s', namespace, reponame)
-            model.repository.create_repository(namespace, reponame, user)
+            v2.create_repository(namespace, reponame, user)
             final_actions.append('push')
           else:
             logger.debug('No permission to create repository %s/%s', namespace, reponame)
@@ -114,7 +112,7 @@ def generate_registry_jwt():
     if 'pull' in actions:
       # Grant pull if the user can read the repo or it is public.
       if (ReadRepositoryPermission(namespace, reponame).can() or
-          model.repository.repository_is_public(namespace, reponame)):
+          v2.repository_is_public(namespace, reponame)):
         final_actions.append('pull')
       else:
         logger.debug('No permission to pull repository %s/%s', namespace, reponame)