Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								1e041fcad2 
								
							 
						 
						
							
							
								
								Merge pull request  #2454  from coreos-inc/fix-take-ownership  
							
							... 
							
							
							
							Fix take ownership of organizations 
							
						 
						
							2017-03-27 14:30:22 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								8931609775 
								
							 
						 
						
							
							
								
								Merge pull request  #2469  from coreos-inc/appr_403_vs_401  
							
							... 
							
							
							
							Use 401 for bad or missing credentials, 403 for forbidden access 
							
						 
						
							2017-03-27 11:39:23 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								024f73ecd4 
								
							 
						 
						
							
							
								
								Merge pull request  #2476  from coreos-inc/fix_bug_force_push  
							
							... 
							
							
							
							Fix force push causing duplicated entries 
							
						 
						
							2017-03-27 11:39:12 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								1016641f8d 
								
							 
						 
						
							
							
								
								refactor jwt context building  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								4c94d2c760 
								
							 
						 
						
							
							
								
								Fix xAuth test  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								abd78bce56 
								
							 
						 
						
							
							
								
								Use constants for TUF roots  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								6ad107709c 
								
							 
						 
						
							
							
								
								Change build_context_and_subject to take kwargs  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								21d969d309 
								
							 
						 
						
							
							
								
								Refactor tests, no g required  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								43dd974dca 
								
							 
						 
						
							
							
								
								Determine which TUF root to show based on actual access, not requested  
							
							... 
							
							
							
							access 
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Legrand 
								
							 
						 
						
							
							
							
							
								
							
							
								d2ed37e158 
								
							 
						 
						
							
							
								
								Fix force push causing duplicated entries  
							
							
							
						 
						
							2017-03-27 15:39:57 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7b411b2c25 
								
							 
						 
						
							
							
								
								Merge pull request  #2474  from coreos-inc/fix-log  
							
							... 
							
							
							
							Fix logger statement in new auth code 
							
						 
						
							2017-03-24 17:46:10 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								40f936c053 
								
							 
						 
						
							
							
								
								Fix logger statement in new auth code  
							
							
							
						 
						
							2017-03-24 17:43:00 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b017133cc6 
								
							 
						 
						
							
							
								
								Make QSS validation errors more descriptive  
							
							
							
						 
						
							2017-03-24 17:28:16 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								de07dc1a78 
								
							 
						 
						
							
							
								
								Clarify that a custom SSL cert might be needed for QSS  
							
							
							
						 
						
							2017-03-24 17:18:27 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e509eb4cba 
								
							 
						 
						
							
							
								
								Better custom cert handling in the superuser tool  
							
							... 
							
							
							
							We now only allow certificates ending in .crt to be uploaded and we automatically install the certificate once it has been validated 
							
						 
						
							2017-03-24 17:15:26 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								da8032fe61 
								
							 
						 
						
							
							
								
								Fix SSL custom certs installation file for bash shell scripting bug  
							
							... 
							
							
							
							The missing quotes caused the script to fail with a bash error 
							
						 
						
							2017-03-24 16:39:28 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								90b130fe16 
								
							 
						 
						
							
							
								
								Merge pull request  #2472  from coreos-inc/fix_lstrip_digest  
							
							... 
							
							
							
							add test for strip_sha 
							
						 
						
							2017-03-24 14:58:49 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Legrand 
								
							 
						 
						
							
							
							
							
								
							
							
								22c1a29892 
								
							 
						 
						
							
							
								
								fix strip_sha256  
							
							
							
						 
						
							2017-03-24 19:49:52 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Legrand 
								
							 
						 
						
							
							
							
							
								
							
							
								35bebf9e99 
								
							 
						 
						
							
							
								
								Use 401 for bad or missing credentials, 403 for forbidden access  
							
							
							
						 
						
							2017-03-24 18:46:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4a64ddc86e 
								
							 
						 
						
							
							
								
								Merge pull request  #2468  from coreos-inc/fix-all-fixable-vulns  
							
							... 
							
							
							
							Fix all fixable vulnerabilities in the Quay image 
							
						 
						
							2017-03-23 23:40:48 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0897198e78 
								
							 
						 
						
							
							
								
								Fix all fixable vulnerabilities in the Quay image  
							
							... 
							
							
							
							There are now only 39 vulns, and none are fixable according to QSS 
							
						 
						
							2017-03-23 22:50:38 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								470ed6a99a 
								
							 
						 
						
							
							
								
								Merge pull request  #2467  from coreos-inc/cnr-public-api-auth-tests  
							
							... 
							
							
							
							Add CNR API auth tests for public repos 
							
						 
						
							2017-03-23 21:22:32 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								94c5eca286 
								
							 
						 
						
							
							
								
								Add CNR API auth tests for public repos  
							
							
							
						 
						
							2017-03-23 21:19:56 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								0ce68706ee 
								
							 
						 
						
							
							
								
								Merge pull request  #2465  from coreos-inc/force_push  
							
							... 
							
							
							
							Allow force push for app 
							
						 
						
							2017-03-23 21:05:08 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								fee9e5b8ec 
								
							 
						 
						
							
							
								
								Merge pull request  #2466  from coreos-inc/push_same_blob  
							
							... 
							
							
							
							test: push twice same blob from different package 
							
						 
						
							2017-03-23 21:04:36 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Alec Merdler 
								
							 
						 
						
							
							
							
							
								
							
							
								e1eb383215 
								
							 
						 
						
							
							
								
								Merge pull request  #2464  from alecmerdler/issue-2460  
							
							... 
							
							
							
							Fix Security Scan Status UI for Safari 
							
						 
						
							2017-03-23 17:42:30 -07:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Legrand 
								
							 
						 
						
							
							
							
							
								
							
							
								16f2479a96 
								
							 
						 
						
							
							
								
								test: push twice same blob from different package  
							
							
							
						 
						
							2017-03-24 00:39:04 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Legrand 
								
							 
						 
						
							
							
							
							
								
							
							
								bbd74eabd1 
								
							 
						 
						
							
							
								
								Allow force push for app  
							
							
							
						 
						
							2017-03-23 22:50:07 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3976735230 
								
							 
						 
						
							
							
								
								Merge pull request  #2428  from coreos-inc/auth-cleanup-and-messaging  
							
							... 
							
							
							
							Auth cleanup and messaging 
							
						 
						
							2017-03-23 15:58:08 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ac4a79ae01 
								
							 
						 
						
							
							
								
								Update PR for rebase  
							
							
							
						 
						
							2017-03-23 15:57:49 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								08673a03e2 
								
							 
						 
						
							
							
								
								Rename cookie header parameter to make it clear it is unused  
							
							... 
							
							
							
							The parameter is necessary to match the auth handler interface, but is unused inside the method 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								95e1cf6673 
								
							 
						 
						
							
							
								
								Make V2 login errors more descriptive  
							
							... 
							
							
							
							If login fails, we now call validate again to get the reason for the failure, and then surface it to the user of the CLI. This allows for more actionable responses, such as:
$ docker login 10.0.2.2:5000
Username (devtable): devtable
Password:
Error response from daemon: Get http://10.0.2.2:5000/v2/ : unauthorized: Client login with unencrypted passwords is disabled. Please generate an encrypted password in the user admin panel for use here. 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								651666b60b 
								
							 
						 
						
							
							
								
								Refactor our auth handling code to be cleaner  
							
							... 
							
							
							
							Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change. 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1bd4422da9 
								
							 
						 
						
							
							
								
								Move auth decorators into a decorators module  
							
							... 
							
							
							
							The non-decorators will be broken out in the followup change 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								abf179eb09 
								
							 
						 
						
							
							
								
								Move fixtures under test, since they are shared globally  
							
							
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								295b09a201 
								
							 
						 
						
							
							
								
								Merge pull request  #2462  from coreos-inc/cnr-login  
							
							... 
							
							
							
							Start validating login in CNR 
							
						 
						
							2017-03-23 15:27:15 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									alecmerdler 
								
							 
						 
						
							
							
							
							
								
							
							
								5805b80f1c 
								
							 
						 
						
							
							
								
								use flexbox to fix safari alignment issue  
							
							
							
						 
						
							2017-03-23 12:21:38 -07:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c9a5ce6701 
								
							 
						 
						
							
							
								
								Start validating login in CNR  
							
							... 
							
							
							
							Fixes https://www.pivotaltracker.com/story/show/142342305  
							
						 
						
							2017-03-23 15:07:46 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								71e27496db 
								
							 
						 
						
							
							
								
								Merge pull request  #2461  from coreos-inc/oci-blob-fix  
							
							... 
							
							
							
							Remove transaction around OCI blobs 
							
						 
						
							2017-03-23 15:04:57 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dd9e4bf3e7 
								
							 
						 
						
							
							
								
								Remove transaction around OCI blobs  
							
							... 
							
							
							
							Fixes https://www.pivotaltracker.com/story/show/142341399  
							
						 
						
							2017-03-23 14:51:37 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								20306ef0f6 
								
							 
						 
						
							
							
								
								Merge pull request  #2459  from coreos-inc/cnr-api-security-tests  
							
							... 
							
							
							
							Add very basic security tests for CNR APIs 
							
						 
						
							2017-03-23 14:25:52 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ef4569f2c5 
								
							 
						 
						
							
							
								
								Add very basic security tests for CNR APIs  
							
							
							
						 
						
							2017-03-23 13:14:12 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								63e38ba9e0 
								
							 
						 
						
							
							
								
								Merge pull request  #2458  from jzelinskie/nginx  
							
							... 
							
							
							
							conf/nginx: add cnr path 
							
						 
						
							2017-03-23 13:07:59 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								f6a785c1b5 
								
							 
						 
						
							
							
								
								conf/nginx: add cnr path  
							
							
							
						 
						
							2017-03-23 13:06:22 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								f1dccc9554 
								
							 
						 
						
							
							
								
								Merge pull request  #2456  from jzelinskie/digest-format  
							
							... 
							
							
							
							data.oci_model: sloppily rewrite digest format 
							
						 
						
							2017-03-23 12:43:26 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								14e5a6d8fb 
								
							 
						 
						
							
							
								
								Merge pull request  #2457  from coreos-inc/cnr-auth-fix  
							
							... 
							
							
							
							Make sure blobs in CNR are auth checked 
							
						 
						
							2017-03-23 12:43:13 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b765836cfd 
								
							 
						 
						
							
							
								
								Make sure blobs in CNR are auth checked  
							
							
							
						 
						
							2017-03-23 12:41:56 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								9c0cbbf57c 
								
							 
						 
						
							
							
								
								data.oci_model: sloppily rewrite digest format  
							
							... 
							
							
							
							We expect digests to be in the form 'sha256:digest' 
							
						 
						
							2017-03-23 12:37:32 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								2c8930c912 
								
							 
						 
						
							
							
								
								Merge pull request  #2455  from jzelinskie/cnr-step3  
							
							... 
							
							
							
							CNR Step 3 
							
						 
						
							2017-03-23 12:05:38 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e204f7784c 
								
							 
						 
						
							
							
								
								Make app registry off by default  
							
							
							
						 
						
							2017-03-23 12:01:59 -04:00