Adding in what metadata_root_name to JWT
This commit is contained in:
Charlton Austin
parent
deb2b1b003
commit
e87404c327
2 changed files with 40 additions and 0 deletions
|
|
@ -16,6 +16,7 @@ from util.cache import no_cache
|
|||
from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
|
||||
from util.security.registry_jwt import generate_bearer_token, build_context_and_subject
|
||||
|
||||
CLAIM_APOSTILLE_ROOT = 'com.apostille.root'
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -158,6 +159,27 @@ def generate_registry_jwt():
|
|||
|
||||
# Build the signed JWT.
|
||||
context, subject = build_context_and_subject(user, token, oauthtoken)
|
||||
context = attach_metadata_root_name(context, access)
|
||||
token = generate_bearer_token(audience_param, subject, context, access,
|
||||
TOKEN_VALIDITY_LIFETIME_S, instance_keys)
|
||||
return jsonify({'token': token})
|
||||
|
||||
|
||||
def attach_metadata_root_name(context, access):
|
||||
"""
|
||||
Adds in metadata_root_name into JWT context when appropriate
|
||||
"""
|
||||
try:
|
||||
actions = access[0]["actions"]
|
||||
except(TypeError, IndexError, KeyError):
|
||||
return context
|
||||
|
||||
if not actions:
|
||||
return context
|
||||
|
||||
if "push" in actions:
|
||||
context[CLAIM_APOSTILLE_ROOT] = 'signer'
|
||||
else:
|
||||
context[CLAIM_APOSTILLE_ROOT] = 'quay'
|
||||
|
||||
return context
|
||||
|
|
|
|||
Reference in a new issue