Commit graph

1512 commits

Author SHA1 Message Date
jakedt
669ec9c382 Change the token expiration time to 10 years. 2014-03-25 15:38:16 -04:00
jakedt
f39793b3ac Check CSRF after processing the oauth token. 2014-03-25 15:37:58 -04:00
Joseph Schorr
7befc04809 Fix API usage tests to send the proper CSRF token and add a "invalid CSRF token" test 2014-03-25 15:17:02 -04:00
jakedt
26a57d0c21 Fix the test_api_security tests for csrf. 2014-03-25 14:53:27 -04:00
jakedt
219fbd6950 Make the CSRF checks mandatory. 2014-03-25 14:35:19 -04:00
jakedt
f060fd6ae0 Fix and unify CSRF support across web and API endpoints. 2014-03-25 14:32:26 -04:00
jakedt
0097daebc2 Formatting changes. 2014-03-25 14:32:02 -04:00
Joseph Schorr
99cdc0402a Fix mobile menu button 2014-03-25 14:05:39 -04:00
Joseph Schorr
16d3ddd8cc Nicely handle the case where we cannot connect to Redis 2014-03-25 13:29:06 -04:00
jakedt
7a580e6036 Tweak the text on the authorizations page. 2014-03-25 13:13:29 -04:00
jakedt
b81e48cb41 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
	test/data/test.db
2014-03-25 12:43:09 -04:00
jakedt
cbc40588cb Finally figure out what the data field is supposed to be for and use it to implement and fix 3LO. 2014-03-25 12:42:40 -04:00
Joseph Schorr
c82d1ffe98 Add ability for users to see their authorized applications and revoke the access 2014-03-24 20:57:02 -04:00
Joseph Schorr
e92cf37583 Add cancel button to the oauth authorization page, add the org icon to said page, and fix some other minor bugs 2014-03-24 18:30:22 -04:00
Joseph Schorr
acac2a7fa7 Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-24 18:18:40 -04:00
Joseph Schorr
10004192d7 Don't send null fields in app management and clarify the fields 2014-03-24 18:18:35 -04:00
jakedt
283ce5e1c3 Make the new app management APIs internal and fix the schemas to work with swagger. 2014-03-24 18:16:46 -04:00
Joseph Schorr
b252520ab0 Add the mix panel badge to the landing page 2014-03-24 14:10:55 -04:00
Joseph Schorr
f7c27f250b Add full application management API, UI and test cases 2014-03-20 15:46:13 -04:00
jakedt
a3eff7a2e8 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-20 12:09:31 -04:00
jakedt
a9c0e016f3 Add the ability to use an oauth token to interact with the index and registry. 2014-03-20 12:09:25 -04:00
Joseph Schorr
e07670613e Get app information dialog working 2014-03-20 12:06:29 -04:00
jakedt
0992c8a47e Fix some permissions problems still around due to some usage of scopes as strings. 2014-03-19 18:21:58 -04:00
jakedt
3b7b12085d User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens. 2014-03-19 18:09:09 -04:00
jakedt
c93c62600d Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	data/database.py
	endpoints/api.py
	endpoints/common.py
	templates/base.html
	test/data/test.db
	test/specs.py
2014-03-19 15:39:44 -04:00
jakedt
9859929d93 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-19 14:37:04 -04:00
jakedt
f2d0a2f479 Split out organization repo roles and org management roles. 2014-03-19 14:36:56 -04:00
Joseph Schorr
8f3b87c866 - Handle the case when the user is not logged in on the oath form
- Have the sign in form properly redirect back to the current page for GitHub login
2014-03-19 14:27:33 -04:00
Joseph Schorr
8ac67e3061 Fix handling of retrieving the user information and session expiration 2014-03-19 14:04:42 -04:00
jakedt
6fc369bed2 Change non logged in 403s to 401s. 2014-03-19 13:57:36 -04:00
jakedt
7bd4b9a71c Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
	endpoints/api/trigger.py
2014-03-19 12:13:07 -04:00
jakedt
6267275d6f Mark a whole slew of APIs as internal only. 2014-03-19 12:09:07 -04:00
Joseph Schorr
807fa68fe4 Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own 2014-03-18 20:32:37 -04:00
jakedt
5e7ffd95ca Update the api usage test to use the new url_for resources. 2014-03-18 19:34:26 -04:00
jakedt
19c7453f99 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 19:21:53 -04:00
jakedt
1757a122fe Update the security tests with the proper response codes for everything. 2014-03-18 19:21:46 -04:00
jakedt
64071b9e8e Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 19:21:27 -04:00
Joseph Schorr
d502602b38 Change oauth authorization page to use a drop down arrow 2014-03-18 17:55:52 -04:00
Joseph Schorr
d24f1faf44 Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 17:05:59 -04:00
Joseph Schorr
d7a59ef0c2 Add checks for invalid scopes in the auth approval process 2014-03-18 17:05:27 -04:00
jakedt
89556172d5 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 16:48:24 -04:00
jakedt
0c4c4c78c7 Switch the security tests over to the new test format which is generated. 2014-03-18 16:48:09 -04:00
Joseph Schorr
b0dcb5d7e3 Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 16:46:28 -04:00
Joseph Schorr
9ae4506a0d Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display 2014-03-18 16:45:18 -04:00
jakedt
6f39e158d6 Eliminate all of the exceptions when running the tests. 2014-03-18 15:58:37 -04:00
Joseph Schorr
877427378d Fix the log view performance issues in the build history view by creating a specialized collection class that asynchronously adds the items to be displayed in a batch-like manner. 2014-03-18 15:08:46 -04:00
jakedt
e1b704bdac We must check repository permissions before parsing args. 2014-03-18 14:45:14 -04:00
jakedt
7d163833bd Some small fixes in the API. 2014-03-18 14:22:14 -04:00
Joseph Schorr
a727717add Fix tooltip in create new repo 2014-03-17 22:46:54 -04:00
jakedt
eef17ae7d4 Merge remote-tracking branch 'origin/heyyouthere' 2014-03-17 22:33:27 -04:00