Change Docker V1 index to use verify_credentials
This commit is contained in:
		
							parent
							
								
									0bcda90c6e
								
							
						
					
					
						commit
						aa49b37ad2
					
				
					 1 changed files with 17 additions and 22 deletions
				
			
		|  | @ -8,6 +8,7 @@ from flask import request, make_response, jsonify, session | |||
| 
 | ||||
| from app import authentication, userevents, metric_queue | ||||
| from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token | ||||
| from auth.credentials import validate_credentials, CredentialKind | ||||
| from auth.decorators import process_auth | ||||
| from auth.permissions import ( | ||||
|   ModifyRepositoryPermission, UserAdminPermission, ReadRepositoryPermission, | ||||
|  | @ -84,34 +85,28 @@ def create_user(): | |||
|   # UGH! we have to use this response when the login actually worked, in order | ||||
|   # to get the CLI to try again with a get, and then tell us login succeeded. | ||||
|   success = make_response('"Username or email already exists"', 400) | ||||
|   result, kind = validate_credentials(username, password) | ||||
|   if not result.auth_valid: | ||||
|     if kind == CredentialKind.token: | ||||
|       abort(400, 'Invalid access token.', issue='invalid-access-token') | ||||
| 
 | ||||
|   if username == '$token': | ||||
|     if model.load_token(password): | ||||
|       return success | ||||
|     abort(400, 'Invalid access token.', issue='invalid-access-token') | ||||
|     if kind == CredentialKind.robot: | ||||
|       abort(400, 'Invalid robot account or password.', issue='robot-login-failure') | ||||
| 
 | ||||
|   elif username == '$oauthtoken': | ||||
|     if model.validate_oauth_token(password): | ||||
|       return success | ||||
|     abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token') | ||||
|     if kind == CredentialKind.oauth_token: | ||||
|       abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token') | ||||
| 
 | ||||
|   elif '+' in username: | ||||
|     if model.verify_robot(username, password): | ||||
|       return success | ||||
|     abort(400, 'Invalid robot account or password.', issue='robot-login-failure') | ||||
| 
 | ||||
|   (verified, error_message) = authentication.verify_and_link_user(username, password, | ||||
|                                                                   basic_auth=True) | ||||
|   if verified: | ||||
|     # Mark that the user was logged in. | ||||
|     event = userevents.get_event(username) | ||||
|     event.publish_event_data('docker-cli', {'action': 'login'}) | ||||
|     return success | ||||
|   else: | ||||
|     # Mark that the login failed. | ||||
|     event = userevents.get_event(username) | ||||
|     event.publish_event_data('docker-cli', {'action': 'loginfailure'}) | ||||
|     abort(400, error_message, issue='login-failure') | ||||
|     abort(400, result.error_message, issue='login-failure') | ||||
| 
 | ||||
|   if result.has_user: | ||||
|     # Mark that the user was logged in. | ||||
|     event = userevents.get_event(username) | ||||
|     event.publish_event_data('docker-cli', {'action': 'login'}) | ||||
| 
 | ||||
|   return success | ||||
| 
 | ||||
| 
 | ||||
| @v1_bp.route('/users', methods=['GET']) | ||||
|  |  | |||
		Reference in a new issue