jakedt
|
669ec9c382
|
Change the token expiration time to 10 years.
|
2014-03-25 15:38:16 -04:00 |
|
jakedt
|
f39793b3ac
|
Check CSRF after processing the oauth token.
|
2014-03-25 15:37:58 -04:00 |
|
Joseph Schorr
|
7befc04809
|
Fix API usage tests to send the proper CSRF token and add a "invalid CSRF token" test
|
2014-03-25 15:17:02 -04:00 |
|
jakedt
|
26a57d0c21
|
Fix the test_api_security tests for csrf.
|
2014-03-25 14:53:27 -04:00 |
|
jakedt
|
219fbd6950
|
Make the CSRF checks mandatory.
|
2014-03-25 14:35:19 -04:00 |
|
jakedt
|
f060fd6ae0
|
Fix and unify CSRF support across web and API endpoints.
|
2014-03-25 14:32:26 -04:00 |
|
jakedt
|
0097daebc2
|
Formatting changes.
|
2014-03-25 14:32:02 -04:00 |
|
Joseph Schorr
|
99cdc0402a
|
Fix mobile menu button
|
2014-03-25 14:05:39 -04:00 |
|
Joseph Schorr
|
16d3ddd8cc
|
Nicely handle the case where we cannot connect to Redis
|
2014-03-25 13:29:06 -04:00 |
|
jakedt
|
7a580e6036
|
Tweak the text on the authorizations page.
|
2014-03-25 13:13:29 -04:00 |
|
jakedt
|
b81e48cb41
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
test/data/test.db
|
2014-03-25 12:43:09 -04:00 |
|
jakedt
|
cbc40588cb
|
Finally figure out what the data field is supposed to be for and use it to implement and fix 3LO.
|
2014-03-25 12:42:40 -04:00 |
|
Joseph Schorr
|
c82d1ffe98
|
Add ability for users to see their authorized applications and revoke the access
|
2014-03-24 20:57:02 -04:00 |
|
Joseph Schorr
|
e92cf37583
|
Add cancel button to the oauth authorization page, add the org icon to said page, and fix some other minor bugs
|
2014-03-24 18:30:22 -04:00 |
|
Joseph Schorr
|
acac2a7fa7
|
Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-24 18:18:40 -04:00 |
|
Joseph Schorr
|
10004192d7
|
Don't send null fields in app management and clarify the fields
|
2014-03-24 18:18:35 -04:00 |
|
jakedt
|
283ce5e1c3
|
Make the new app management APIs internal and fix the schemas to work with swagger.
|
2014-03-24 18:16:46 -04:00 |
|
Joseph Schorr
|
b252520ab0
|
Add the mix panel badge to the landing page
|
2014-03-24 14:10:55 -04:00 |
|
Joseph Schorr
|
f7c27f250b
|
Add full application management API, UI and test cases
|
2014-03-20 15:46:13 -04:00 |
|
jakedt
|
a3eff7a2e8
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-20 12:09:31 -04:00 |
|
jakedt
|
a9c0e016f3
|
Add the ability to use an oauth token to interact with the index and registry.
|
2014-03-20 12:09:25 -04:00 |
|
Joseph Schorr
|
e07670613e
|
Get app information dialog working
|
2014-03-20 12:06:29 -04:00 |
|
jakedt
|
0992c8a47e
|
Fix some permissions problems still around due to some usage of scopes as strings.
|
2014-03-19 18:21:58 -04:00 |
|
jakedt
|
3b7b12085d
|
User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.
|
2014-03-19 18:09:09 -04:00 |
|
jakedt
|
c93c62600d
|
Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
data/database.py
endpoints/api.py
endpoints/common.py
templates/base.html
test/data/test.db
test/specs.py
|
2014-03-19 15:39:44 -04:00 |
|
jakedt
|
9859929d93
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-19 14:37:04 -04:00 |
|
jakedt
|
f2d0a2f479
|
Split out organization repo roles and org management roles.
|
2014-03-19 14:36:56 -04:00 |
|
Joseph Schorr
|
8f3b87c866
|
- Handle the case when the user is not logged in on the oath form
- Have the sign in form properly redirect back to the current page for GitHub login
|
2014-03-19 14:27:33 -04:00 |
|
Joseph Schorr
|
8ac67e3061
|
Fix handling of retrieving the user information and session expiration
|
2014-03-19 14:04:42 -04:00 |
|
jakedt
|
6fc369bed2
|
Change non logged in 403s to 401s.
|
2014-03-19 13:57:36 -04:00 |
|
jakedt
|
7bd4b9a71c
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
endpoints/api/trigger.py
|
2014-03-19 12:13:07 -04:00 |
|
jakedt
|
6267275d6f
|
Mark a whole slew of APIs as internal only.
|
2014-03-19 12:09:07 -04:00 |
|
Joseph Schorr
|
807fa68fe4
|
Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own
|
2014-03-18 20:32:37 -04:00 |
|
jakedt
|
5e7ffd95ca
|
Update the api usage test to use the new url_for resources.
|
2014-03-18 19:34:26 -04:00 |
|
jakedt
|
19c7453f99
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-18 19:21:53 -04:00 |
|
jakedt
|
1757a122fe
|
Update the security tests with the proper response codes for everything.
|
2014-03-18 19:21:46 -04:00 |
|
jakedt
|
64071b9e8e
|
Add a user info scope and thread it through the code. Protect the org modification API.
|
2014-03-18 19:21:27 -04:00 |
|
Joseph Schorr
|
d502602b38
|
Change oauth authorization page to use a drop down arrow
|
2014-03-18 17:55:52 -04:00 |
|
Joseph Schorr
|
d24f1faf44
|
Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-18 17:05:59 -04:00 |
|
Joseph Schorr
|
d7a59ef0c2
|
Add checks for invalid scopes in the auth approval process
|
2014-03-18 17:05:27 -04:00 |
|
jakedt
|
89556172d5
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-18 16:48:24 -04:00 |
|
jakedt
|
0c4c4c78c7
|
Switch the security tests over to the new test format which is generated.
|
2014-03-18 16:48:09 -04:00 |
|
Joseph Schorr
|
b0dcb5d7e3
|
Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-18 16:46:28 -04:00 |
|
Joseph Schorr
|
9ae4506a0d
|
Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display
|
2014-03-18 16:45:18 -04:00 |
|
jakedt
|
6f39e158d6
|
Eliminate all of the exceptions when running the tests.
|
2014-03-18 15:58:37 -04:00 |
|
Joseph Schorr
|
877427378d
|
Fix the log view performance issues in the build history view by creating a specialized collection class that asynchronously adds the items to be displayed in a batch-like manner.
|
2014-03-18 15:08:46 -04:00 |
|
jakedt
|
e1b704bdac
|
We must check repository permissions before parsing args.
|
2014-03-18 14:45:14 -04:00 |
|
jakedt
|
7d163833bd
|
Some small fixes in the API.
|
2014-03-18 14:22:14 -04:00 |
|
Joseph Schorr
|
a727717add
|
Fix tooltip in create new repo
|
2014-03-17 22:46:54 -04:00 |
|
jakedt
|
eef17ae7d4
|
Merge remote-tracking branch 'origin/heyyouthere'
|
2014-03-17 22:33:27 -04:00 |
|