vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Change Docker V1 index to use verify_credentials

Browse source
This commit is contained in:
Joseph Schorr 2017-10-27 14:37:23 -04:00 committed by Joseph Schorr
parent 0bcda90c6e
commit aa49b37ad2
1 changed files with 17 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
endpoints/v1/index.py
View file

@ -8,6 +8,7 @@ from flask import request, make_response, jsonify, session
from app import authentication, userevents, metric_queue from app import authentication, userevents, metric_queue
from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
from auth.credentials import validate_credentials, CredentialKind
from auth.decorators import process_auth from auth.decorators import process_auth
from auth.permissions import ( from auth.permissions import (
ModifyRepositoryPermission, UserAdminPermission, ReadRepositoryPermission, ModifyRepositoryPermission, UserAdminPermission, ReadRepositoryPermission,
@ -84,34 +85,28 @@ def create_user():
# UGH! we have to use this response when the login actually worked, in order # UGH! we have to use this response when the login actually worked, in order
# to get the CLI to try again with a get, and then tell us login succeeded. # to get the CLI to try again with a get, and then tell us login succeeded.
success = make_response('"Username or email already exists"', 400) success = make_response('"Username or email already exists"', 400)
result, kind = validate_credentials(username, password)
if not result.auth_valid:
if kind == CredentialKind.token:
abort(400, 'Invalid access token.', issue='invalid-access-token')
if username == '$token': if kind == CredentialKind.robot:
if model.load_token(password): abort(400, 'Invalid robot account or password.', issue='robot-login-failure')
return success
abort(400, 'Invalid access token.', issue='invalid-access-token')
elif username == '$oauthtoken': if kind == CredentialKind.oauth_token:
if model.validate_oauth_token(password): abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token')
return success
abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token')
elif '+' in username:
if model.verify_robot(username, password):
return success
abort(400, 'Invalid robot account or password.', issue='robot-login-failure')
(verified, error_message) = authentication.verify_and_link_user(username, password,
basic_auth=True)
if verified:
# Mark that the user was logged in.
event = userevents.get_event(username)
event.publish_event_data('docker-cli', {'action': 'login'})
return success
else:
# Mark that the login failed. # Mark that the login failed.
event = userevents.get_event(username) event = userevents.get_event(username)
event.publish_event_data('docker-cli', {'action': 'loginfailure'}) event.publish_event_data('docker-cli', {'action': 'loginfailure'})
abort(400, error_message, issue='login-failure') abort(400, result.error_message, issue='login-failure')
if result.has_user:
# Mark that the user was logged in.
event = userevents.get_event(username)
event.publish_event_data('docker-cli', {'action': 'login'})
return success
@v1_bp.route('/users', methods=['GET']) @v1_bp.route('/users', methods=['GET'])