vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix token pushes for v2 auth, tokens have no user

Browse source
This commit is contained in:
Jake Moshenko 2015-11-18 19:04:40 -05:00
parent 4c0e215c2f
commit c27f91f7cf
1 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
endpoints/v2/v2auth.py
View file

@ -9,7 +9,7 @@ from cachetools import lru_cache
from app import app from app import app
from data import model from data import model
from auth.auth import process_auth from auth.auth import process_auth
from auth.auth_context import get_authenticated_user from auth.auth_context import get_authenticated_user, get_validated_token
from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission, from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
CreateRepositoryPermission) CreateRepositoryPermission)
from endpoints.v2 import v2_bp from endpoints.v2 import v2_bp
@ -54,6 +54,10 @@ def generate_registry_jwt():
logger.debug('Scope request: %s', scope_param) logger.debug('Scope request: %s', scope_param)
user = get_authenticated_user() user = get_authenticated_user()
logger.debug('Authenticated user: %s', user)
token = get_validated_token()
logger.debug('Authenticated token: %s', token)
access = [] access = []
if scope_param is not None: if scope_param is not None:
match = SCOPE_REGEX.match(scope_param) match = SCOPE_REGEX.match(scope_param)
@ -74,17 +78,19 @@ def generate_registry_jwt():
if not REPOSITORY_NAME_REGEX.match(reponame): if not REPOSITORY_NAME_REGEX.match(reponame):
abort(400) abort(400)
if 'pull' in actions and 'push' in actions: if ('pull' in actions or 'push' in actions) and user is None and token is None:
if user is None: # We are trying to perform a registry action without auth
abort(401) abort(401)
if 'pull' in actions and 'push' in actions:
repo = model.repository.get_repository(namespace, reponame) repo = model.repository.get_repository(namespace, reponame)
if repo: if repo:
if not ModifyRepositoryPermission(namespace, reponame).can(): if not ModifyRepositoryPermission(namespace, reponame).can():
abort(403) abort(403)
else: else:
if not CreateRepositoryPermission(namespace).can(): if not CreateRepositoryPermission(namespace).can() or user is None:
abort(403) abort(403)
logger.debug('Creating repository: %s/%s', namespace, reponame) logger.debug('Creating repository: %s/%s', namespace, reponame)
model.repository.create_repository(namespace, reponame, user) model.repository.create_repository(namespace, reponame, user)
elif 'pull' in actions: elif 'pull' in actions: