Joseph Schorr
a706d99849
Add additional logs and an additional test for verbs
2017-12-07 15:22:20 -05:00
josephschorr
b2db266747
Merge pull request #2935 from coreos-inc/joseph.schorr/QS-80/password-reset-expire
...
Add maximum lifetime of 30m on password recovery tokens
2017-12-07 14:21:32 -05:00
josephschorr
a21dad3e07
Merge pull request #2937 from coreos-inc/joseph.schorr/QS-83/hide-aws-metadata
...
Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1
2017-12-07 14:11:20 -05:00
Joseph Schorr
2ffdfa1434
Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1
...
While this isn't strictly a security issue, it *appears* to be and we got audited as such, so just turn it off
Fixes https://jira.coreos.com/browse/QS-83
2017-12-07 13:29:14 -05:00
josephschorr
6db2ecc19f
Merge pull request #2928 from coreos-inc/joseph.schorr/QS-74/fix-restart
...
Have Quay lookup the sbin/my_init PID to kill
2017-12-07 13:25:16 -05:00
josephschorr
1861d7dee9
Merge pull request #2938 from coreos-inc/joseph.schorr/QS-85/signout-all
...
Invalidate all session tokens when a user signs out
2017-12-07 13:25:00 -05:00
Joseph Schorr
1d1c6f0606
Invalidate all session tokens when a user signs out
...
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
josephschorr
6c12cb8328
Merge pull request #2936 from coreos-inc/joseph.schorr/QS-84/content-disposition
...
Ensure user files are always sent with the Content-Disposition header
2017-12-07 11:42:10 -05:00
Joseph Schorr
d38a1fc851
Ensure user files are always sent with the Content-Disposition header
...
This prevents them from being executed in the browser directly
Fixes https://jira.coreos.com/browse/QS-84
2017-12-06 17:12:00 -05:00
Joseph Schorr
5dd95038cf
Add maximum lifetime of 30m on password recovery tokens
...
Fixes https://jira.coreos.com/browse/QS-80
2017-12-06 17:06:03 -05:00
Joseph Schorr
c55ad59f1f
Allow admins to configure the login scopes for OIDC login
...
Some OIDC implementations return a larger set of scopes than is necessary, so we allow admins to override.
2017-12-06 15:54:26 -05:00
josephschorr
d405f6f158
Merge pull request #2899 from coreos-inc/joseph.schorr/QS-36/appr-auth-improvement
...
Allow app registry to use robots and tokens to login
2017-12-06 15:04:22 -05:00
josephschorr
b9ad8bbb5d
Merge pull request #2934 from coreos-inc/joseph.schorr/QS-78/email-recovery
...
Security fixes for password recovery
2017-12-06 14:53:02 -05:00
Joseph Schorr
a204dc20fb
Require CAPTCHA for password recovery
...
https://jira.coreos.com/browse/QS-79
2017-12-06 14:25:34 -05:00
josephschorr
8d7381336a
Merge pull request #2910 from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug
...
Don't add a "password required" notification for non-database auth via OIDC
2017-12-06 14:19:49 -05:00
Joseph Schorr
927d469db0
In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address)
2017-12-06 14:07:38 -05:00
josephschorr
10ddf98e0c
Merge pull request #2930 from coreos-inc/joseph.schorr/QS-68/squashed-image-postgres
...
Make sure to close the database connection before forking in verbs
2017-12-06 14:03:17 -05:00
Joseph Schorr
3bf8973fd9
Change app registry to use the credentials verification system
...
Allows for tokens, OAuth tokens and robot accounts to be used as well
Fixes https://jira.prod.coreos.systems/browse/QS-36
2017-12-06 13:52:25 -05:00
Joseph Schorr
aa49b37ad2
Change Docker V1 index to use verify_credentials
2017-12-06 13:52:25 -05:00
Joseph Schorr
0bcda90c6e
Add kind to credentials validate call
2017-12-06 13:52:24 -05:00
Joseph Schorr
6f3d9a6fce
Extract credential handling into its own module
...
Will be used in Docker V1 and APPR protocols
2017-12-06 13:52:24 -05:00
josephschorr
afbb2d2168
Merge pull request #2933 from coreos-inc/joseph.schorr/QS-82/xss-fix
...
Fix XSS in usage log viewer
2017-12-06 13:51:30 -05:00
josephschorr
a1595cd723
Merge pull request #2932 from coreos-inc/joseph.schorr/QS-81/xss-fix
...
Fix XSS in access token display page
2017-12-06 13:49:37 -05:00
Joseph Schorr
a2caebbb62
Fix XSS in usage log viewer
...
Fixes https://jira.coreos.com/browse/QS-82
2017-12-06 13:49:02 -05:00
Joseph Schorr
f9219721a2
Fix XSS in access token display page
...
Fixes https://jira.coreos.com/browse/QS-81
2017-12-06 13:40:31 -05:00
Joseph Schorr
25248a8c35
Make sure to close the database connection before forking in verbs
...
This prevents a bug with the postgres driver from breaking the verbs
Fixes https://jira.coreos.com/browse/QS-68
2017-12-04 16:33:24 -05:00
josephschorr
4a5626e64b
Merge pull request #2929 from coreos-inc/joseph.schorr/QS-72/oidc-name-issue
...
Fix bugs in updateuser
2017-12-01 22:23:56 +02:00
Joseph Schorr
4db1615d94
Fix bugs in updateuser
...
1) Also check for matching organization names
2) Ensure that errors don't leave the throbber
2017-12-01 14:58:29 -05:00
Joseph Schorr
874a7b0c41
Have Quay lookup the sbin/my_init PID to kill
...
We changed the entry point in Quay to be a shell script that calls `my_init`, which means the init no longer has PID 1. We therefore need to look up the correct PID to kill it.
Fixes https://jira.coreos.com/browse/QS-74
2017-12-01 14:04:43 -05:00
IvanCherepov
c383ac1f9d
Add config validation on startup ( #2903 )
...
* WIP
* Finish schema
Add three sections: security scanning, bittorrent support and feature flags.
2017-12-01 10:46:39 -05:00
josephschorr
1882545c69
Merge pull request #2927 from coreos-inc/unfiltered-search-opt
...
Simplify and further optimize handling of unfiltered search results
2017-12-01 00:23:15 +02:00
Joseph Schorr
32255f122b
Simplify and further optimize handling of unfiltered search results
...
Using the DB-side limit is much faster
2017-11-30 16:56:01 -05:00
josephschorr
8ede3084d8
Merge pull request #2926 from coreos-inc/further-search-opt
...
Fix bug around search pagination with non-filtered searches
2017-11-30 23:36:19 +02:00
Joseph Schorr
eea026be52
Fix bug around search pagination with non-filtered searches
...
Also further optimizes the queries
2017-11-30 16:13:42 -05:00
josephschorr
dfd736c4c5
Merge pull request #2925 from coreos-inc/fix-search-ordering
...
Fix typo in how we order search results
2017-11-30 22:01:42 +02:00
Joseph Schorr
0440cca3ef
Fix typo in how we order search results
...
`.desc()` needs to be on the field
2017-11-30 14:53:23 -05:00
josephschorr
3b8feeba4c
Merge pull request #2924 from coreos-inc/search-opt
...
Optimize searching of repositories when there is no query
2017-11-30 21:41:06 +02:00
Joseph Schorr
c767c88b82
Optimize searching of repositories when there is no query
2017-11-30 14:10:22 -05:00
josephschorr
b69015f349
Merge pull request #2923 from coreos-inc/rev
...
Rev our dependencies
2017-11-30 20:44:21 +02:00
Joseph Schorr
07ffdf1fd9
Rev our dependencies
2017-11-30 13:35:59 -05:00
josephschorr
8f2d800ade
Merge pull request #2922 from coreos-inc/fix-ci
...
Fix Quay CI
2017-11-30 20:07:45 +02:00
Joseph Schorr
45931dc856
Add --no-sandbox flag to Karma test
2017-11-30 11:57:51 -05:00
Joseph Schorr
c168413a8e
Fix bug when running ipresolver under Gitlab CI
...
Since the container does contain IP data, this would fail
2017-11-30 10:23:58 -05:00
josephschorr
51b043bd23
Merge pull request #2921 from coreos-inc/joseph.schorr/QS-63/public-browse
...
Browse/exploration of repositories
2017-11-28 18:19:28 +02:00
josephschorr
a918339c90
Merge pull request #2920 from coreos-inc/joseph.schorr/QS-69/swift-chunk-test
...
Additional testing and a fix for Swift segmenting
2017-11-28 18:14:23 +02:00
Joseph Schorr
2ced523313
Add Explore tab and query-less searching
...
Allows for exploration of all visible repositories, in paginated form.
This change also fixes the layout of the header on different viewport sizes to be consistently a single line in height.
Fixes https://jira.coreos.com/browse/QS-63
2017-11-28 16:50:23 +02:00
Joseph Schorr
c7e439f593
Set a default error message for resource views
...
Ensures that we don't display an empty error box
2017-11-28 15:38:48 +02:00
Joseph Schorr
6cd8140c34
Pad out the segment identifier for Swift segments and change test back to string comparison
...
Makes us follow the docs closer
2017-11-28 09:46:40 +02:00
Joseph Schorr
3bbcb93977
Add additional Swift chunking tests
2017-11-28 09:46:40 +02:00
josephschorr
773ea9fc65
Merge pull request #2915 from coreos-inc/joseph.schorr/QS-41/build-man-alarms
...
Add additional metrics on executor start and failure
2017-11-27 18:14:19 +02:00