Merge branch 'master' of https://bitbucket.org/yackob03/quay

endpoints/api.py

@@ -1192,7 +1192,8 @@ def subscribe_api():
   token = request_data['token'] if 'token' in request_data else None
   user = current_user.db_user()
   return subscribe(user, plan, token, USER_PLANS)
-  
+
+
 def subscribe(user, plan, token, accepted_plans):
   plan_found = None
   for plan_obj in accepted_plans:
@@ -1204,16 +1205,25 @@ def subscribe(user, plan, token, accepted_plans):
 
   private_repos = model.get_private_repo_count(user.username)
 
-  if not user.stripe_id:
+  # This is the default response
-    # Create the customer and plan simultaneously
+  response_json = {
-    card = token
+    'plan': plan,
-    cus = stripe.Customer.create(email=user.email, plan=plan, card=card)
+    'usedPrivateRepos': private_repos,
-    user.stripe_id = cus.id
+  }
-    user.save()
+  status_code = 200
 
-    resp = jsonify(subscription_view(cus.subscription, private_repos))
+  if not user.stripe_id:
-    resp.status_code = 201
+    # Check if a non-paying user is trying to subscribe to a free plan
-    return resp
+    if not plan_found['price'] == 0:
+      # They want a real paying plan, create the customerand plan
+      # simultaneously
+      card = token
+      cus = stripe.Customer.create(email=user.email, plan=plan, card=card)
+      user.stripe_id = cus.id
+      user.save()
+
+      response_json = subscription_view(cus.subscription, private_repos)
+      status_code = 201
 
   else:
     # Change the plan
@@ -1225,11 +1235,6 @@ def subscribe(user, plan, token, accepted_plans):
         cus.cancel_subscription()
         cus.save()
 
-      response_json = {
-        'plan': plan,
-        'usedPrivateRepos': private_repos,
-      }
-
     else:
       cus.plan = plan
       # User may have been a previous customer who is resubscribing
@@ -1239,7 +1244,9 @@ def subscribe(user, plan, token, accepted_plans):
       cus.save()
       response_json = subscription_view(cus.subscription, private_repos)
 
-    return jsonify(response_json)
+  resp = jsonify(response_json)
+  resp.status_code = status_code
+  return resp
 
 
 @app.route('/api/organization/<orgname>/plan', methods=['PUT'])

endpoints/index.py

@@ -174,6 +174,10 @@ def update_images(namespace, repository):
 
   if permission.can():
     repository = model.get_repository(namespace, repository)
+    if not repository:
+      # Make sure the repo actually exists.
+      abort(404)
+
     image_with_checksums = json.loads(request.data)
 
     for image in image_with_checksums:
@@ -196,6 +200,11 @@ def get_repository_images(namespace, repository):
   # TODO invalidate token?
 
   if permission.can() or model.repository_is_public(namespace, repository):
+    # We can't rely on permissions to tell us if a repo exists anymore
+    repo = model.get_repository(namespace, repository)
+    if not repo:
+      abort(404)
+
     all_images = []
     for image in model.get_repository_images(namespace, repository):
       new_image_view = {
@@ -215,8 +224,7 @@ def get_repository_images(namespace, repository):
 
     return resp
 
-  # TODO Submit a pull to docker CLI to get it to accept 403s
+  abort(403)
-  abort(404)
 
 
 @app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])