Commit graph

6566 commits

Author SHA1 Message Date
josephschorr
648fed769b Merge pull request #2224 from coreos-inc/oauth-state
Have Quay always use an OAuth-specific CSRF token
2016-12-09 15:16:01 -05:00
Joseph Schorr
fd364ccca3 Remove unneeded exception var 2016-12-09 14:52:49 -05:00
Joseph Schorr
1e5b97318a Fix loading of public keys for OIDC under Linux
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
2016-12-09 14:26:56 -05:00
Joseph Schorr
1302fd2fbd Switch csrf token check to use compare_digest to prevent timing attacks
Also adds some additional tests for CSRF tokens
2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db Fix small pylint issues 2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
Charlton Austin
ec6ecc02ed Merge pull request #2223 from charltonaustin/removing_unused_imports
Removing an unused import.
2016-12-08 15:31:36 -05:00
Charlton Austin
0b8c2ef92f Removing an unused import. 2016-12-08 13:53:52 -05:00
josephschorr
34f2ddce87 Merge pull request #2222 from coreos-inc/bust-apt-cache
Bust apt cache
2016-12-07 18:10:26 -05:00
Joseph Schorr
1fdca26632 Bust apt cache 2016-12-07 18:09:33 -05:00
josephschorr
410b9d74fc Merge pull request #2214 from coreos-inc/clair-gc
Add GC of layers in Clair
2016-12-07 17:58:21 -05:00
josephschorr
543d86ae10 Merge pull request #2221 from coreos-inc/fix-error-pages
Have all error pages be rendered by Angular
2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788 Merge pull request #2206 from coreos-inc/ldap-user-search-fix
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
josephschorr
c5111d7930 Merge pull request #2144 from coreos-inc/buildlogs-improvements
Change the append build log method to execute the two calls via one pipelined connection
2016-12-07 17:52:22 -05:00
Joseph Schorr
c06bba38de Have all error pages be rendered by Angular
Fixes #2198

Fixes https://www.pivotaltracker.com/story/show/135724483
2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1 Fix external auth returns for query_user calls
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Charlton Austin
9720efbdb6 Merge pull request #2218 from charltonaustin/fix_set_to_Set
Fixing api usage.
2016-12-07 13:28:01 -05:00
Jimmy Zelinskie
b671ee938a Merge pull request #2174 from jzelinskie/pngcrush
dockerfile: optimize static images
2016-12-07 13:04:28 -05:00
Jimmy Zelinskie
ebbe58d311 replace prefix w/ canonical name list 2016-12-07 12:56:56 -05:00
Charlton Austin
9e25fde3a0 Fixing api usage. 2016-12-07 12:53:07 -05:00
Ian Minoso
548bae0384 Merge pull request #2215 from iminoso/services
Inject ApiService to be accessible in the body react component
2016-12-07 12:01:32 -05:00
josephschorr
57ace09a97 Merge pull request #2217 from coreos-inc/comment-fix
Fix doc comment on security scan API endpoint
2016-12-07 11:53:40 -05:00
Joseph Schorr
d349e1639a Fix doc comment on security scan API endpoint
Fixes #2216
2016-12-07 11:50:22 -05:00
Ian Minoso
a7594d6e57 Inject ApiService to be accessible in the body react component 2016-12-07 03:29:29 -05:00
Jimmy Zelinskie
c41de8ded6 build queue rate limiting: address PR comments 2016-12-06 20:40:54 -05:00
Joseph Schorr
49872838ab Add GC of layers in Clair
Fixes https://www.pivotaltracker.com/story/show/135583207
2016-12-06 19:52:56 -05:00
Ben Spoon
1d0aff9906 Merge pull request #2205 from spoonben/update-landing-css
landing: remove gray background
2016-12-06 14:03:03 -08:00
Jimmy Zelinskie
eb69abff8b build rate limiting: tests 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
57770493fa build rate limiting: use a rate 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94 add rate limiting to build queues 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
1d5de937c6 dockerfile: optimize static images 2016-12-06 15:03:11 -05:00
Charlton Austin
0aa6e6cd58 Merge pull request #2203 from charltonaustin/fix_build_component_cleanup
Adding in a cancel method to the build component so we can properly c…
2016-12-06 14:13:10 -05:00
Jake Moshenko
ce0ba3f68f Merge pull request #2211 from jakedt/bulkqueue
Bulk queue methods
2016-12-06 14:02:38 -05:00
Jake Moshenko
d656e54d99 Fix unsafe mutable default params. 2016-12-06 14:00:16 -05:00
Jake Moshenko
21e3001446 Add a bulk insert for queue and notifications.
Use it for Clair spawned notifications.
2016-12-06 14:00:16 -05:00
Charlton Austin
c6be12e31e Adding in a cancel method to the build component so we can properly clean up the job task. 2016-12-06 13:37:49 -05:00
Erica
eb363876cd Merge pull request #2212 from coreos-inc/add-evb-builder-key
chore(buildman): add EvB's ssh key to cloudconfig
2016-12-06 11:43:05 -05:00
EvB
b85a3b47ae chore(buildman): add EvB's ssh key to cloudconfig
Add ssh public key for new team member, Erica, to cloudconfig.yml.
2016-12-06 11:18:47 -05:00
Ian Minoso
a2cbcf837d Merge pull request #2210 from iminoso/tabbing
Fix repo view tabbing styles and prevent auto scroll on tab click
2016-12-05 21:50:16 -05:00
Ian Minoso
c7d02c3506 Fix repo view tabbing styles and prevent auto scroll on tab click 2016-12-05 20:29:40 -05:00
Jimmy Zelinskie
3a7119d499 Merge pull request #2209 from coreos-inc/clair-notification-read
Clair notification read and queue fixes
2016-12-05 19:36:59 -05:00
Joseph Schorr
9f0ce7c634 Have the security worker remove failed notifications from Clair 2016-12-05 19:08:52 -05:00
josephschorr
8870fe837c Merge pull request #2208 from coreos-inc/revert-2191-update_signin_form
Revert "static: change login input type to email"
2016-12-05 19:08:34 -05:00
Joseph Schorr
97d150e281 Have QSS only add security scanner notifications once 2016-12-05 19:08:20 -05:00
josephschorr
80bb0c7449 Revert "static: change login input type to email" 2016-12-05 19:07:10 -05:00
Jake Moshenko
6456e95b24 Merge pull request #2207 from jakedt/queueisslow
Improve queue performance hopefully
2016-12-05 18:39:41 -05:00
Jake Moshenko
c263772703 Do not extend processing immediately after taking queue item. 2016-12-05 18:12:14 -05:00
Jake Moshenko
709edd7eb6 Reduce the update period on queue worker metrics. 2016-12-05 18:12:14 -05:00