Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
3e1abba284
Add ability for super users to rename and delete organizations
2015-05-11 18:03:25 -04:00
Joseph Schorr
e16657ed0e
Add security tests for the new revert endpoint
2015-04-19 15:25:33 -04:00
Joseph Schorr
f8c80f7d11
Add a history view to the tags page. Next step will add the ability to revert back in time
2015-04-15 15:21:09 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Joseph Schorr
1f5e6df678
- Fix tests
...
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Joseph Schorr
e4b659f107
Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords
2015-03-25 18:43:12 -04:00
Jimmy Zelinskie
fb0d3d69c2
changes to reflect PR comments (not finished)
2015-02-24 17:50:54 -05:00
Jimmy Zelinskie
35a2414d85
tests: star security tests
2015-02-23 14:23:32 -05:00
Joseph Schorr
81ce4c771e
Add ability to cancel builds that are in the waiting state
2015-02-13 15:54:01 -05:00
Joseph Schorr
508bc10a58
Fix broken test due to the permissions change
2015-01-07 16:31:16 -05:00
Jimmy Zelinskie
dee4c389a8
Base sessions on UUIDs.
...
Now that a backfill has been applied, sessions can now be based on UUIDs
because all users will have one.
2014-11-20 18:44:36 -05:00
Jimmy Zelinskie
12ff4b107c
Undo sessions being driven by UUID.
...
Basing sessions on UUIDs must be done in phases. First all users
must obtain an UUID. Once a backfill has given all previous users
UUIDs and new users are being generated with UUIDs, then we can
actually change the session to be based on that value.
2014-11-20 12:57:17 -05:00
Jimmy Zelinskie
faeb3b9a10
Update tests to use uuid in session
2014-11-19 13:28:16 -05:00
Joseph Schorr
c1398c6d2b
- Add a log entry for repo verb handling and make the container usage calculation take it into account
...
- Move all the repo push/pull/verb logging into a central track_and_log method
- Readd images accidentally deleted in the last CL
- Make the uncompressed size migration script better handle exceptions
2014-10-29 15:42:44 -04:00
Joseph Schorr
b234019a02
Fix tests
2014-10-14 16:23:01 -04:00
Joseph Schorr
d9c7e92637
Add superuser abilities: create user, show logs. Also fix the super users UI to show the user drop down and make all superuser API calls require fresh login
2014-10-01 13:55:09 -04:00
Joseph Schorr
039d53ea6c
- Fix initdb
...
- Add ability to specific custom fields for manual running of build triggers and add a "branch name" selector for running github builds
2014-09-30 16:29:32 -04:00
Jake Moshenko
3259cda000
The new strategy is to do a three phase migration. This is the first phase: getting the namespace user in the db and written for all new repositories.
2014-09-22 17:27:02 -04:00
Jake Moshenko
75d2ef377e
Merge remote-tracking branch 'origin/master' into comewithmeifyouwanttowork
...
Conflicts:
data/model/legacy.py
2014-09-15 17:52:17 -04:00
Joseph Schorr
913b3e472f
Add ability to detach external login services
2014-09-15 12:01:02 -04:00
Joseph Schorr
10faa7de84
Only allow users matching the team invite to accept, if the invite was specified for a user (rather than an email)
2014-09-12 14:29:01 -04:00
Jake Moshenko
c5ca46a14b
Merge remote-tracking branch 'origin/master' into comewithmeifyouwanttowork
...
Conflicts:
data/model/legacy.py
static/js/app.js
2014-09-12 11:03:30 -04:00
Joseph Schorr
e783df31e0
Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.
2014-09-04 14:24:20 -04:00
Joseph Schorr
3b72b26836
Merge branch 'master' into comewithmeifyouwanttowork
2014-08-28 20:50:13 -04:00
Joseph Schorr
a129aac94b
Add ability to regenerate robot account credentials
2014-08-25 17:19:23 -04:00
Joseph Schorr
d2880807b2
- Further fixes for license stuff
...
- Small fixes to ensure Quay works for Postgres
2014-08-21 19:21:20 -04:00
Joseph Schorr
43b6695f9c
Get team invite confirmation working and fully tested
2014-08-18 17:24:00 -04:00
Joseph Schorr
32b2ecdfa6
Add ability to dismiss notifications
2014-07-28 18:23:46 -04:00
Joseph Schorr
34fc279092
Add e-mail authorization to the repository notification flow. Also validates the creation of the other notification methods.
2014-07-28 14:58:12 -04:00
Joseph Schorr
8d7493cb86
Convert over to notifications system. Note this is incomplete
2014-07-17 22:51:58 -04:00
Joseph Schorr
f12970469b
Add security tests for the superuser API
2014-05-12 14:45:19 -04:00
Joseph Schorr
d8efb399b0
Merge branch 'tagyourit'
2014-04-17 14:20:28 -04:00
Joseph Schorr
2ae48f7c15
Fix test multiple import issue
2014-04-15 18:51:12 -04:00
jakedt
3f42d15335
Merge remote-tracking branch 'origin/master' into tagyourit
...
Conflicts:
static/css/quay.css
static/js/graphing.js
static/partials/view-repo.html
test/data/test.db
2014-04-15 15:58:30 -04:00
Joseph Schorr
7c466dab7d
- Add an analyze method on triggers that, when given trigger config, will attempt to analyze the trigger's Dockerfile and determine what pull credentials, if any, are needed and available
...
- Move the build trigger setup UI into its own directive (makes things cleaner)
- Fix a bug in the entitySearch directive around setting the current entity
- Change the build trigger setup UI to use the new analyze method and flow better
2014-04-02 23:33:58 -04:00
Joseph Schorr
2006917e03
Add support for pull credentials on builds and build triggers
2014-03-27 18:33:13 -04:00
jakedt
302bfb27ae
Merge remote-tracking branch 'origin/master' into tagyourit
...
Conflicts:
endpoints/api.py
static/js/app.js
static/partials/view-repo.html
test/data/test.db
test/specs.py
test/test_api_usage.py
2014-03-26 19:42:29 -04:00
jakedt
26a57d0c21
Fix the test_api_security tests for csrf.
2014-03-25 14:53:27 -04:00
Joseph Schorr
c82d1ffe98
Add ability for users to see their authorized applications and revoke the access
2014-03-24 20:57:02 -04:00
Joseph Schorr
f7c27f250b
Add full application management API, UI and test cases
2014-03-20 15:46:13 -04:00
jakedt
6fc369bed2
Change non logged in 403s to 401s.
2014-03-19 13:57:36 -04:00
jakedt
1757a122fe
Update the security tests with the proper response codes for everything.
2014-03-18 19:21:46 -04:00
jakedt
0c4c4c78c7
Switch the security tests over to the new test format which is generated.
2014-03-18 16:48:09 -04:00
Joseph Schorr
0833c88065
Make testing much faster by using a save point, rather than recreating the database every test
2014-01-30 20:57:40 -05:00
yackob03
7412fae9dc
Fix the tests to use blueprints.
2014-01-30 19:06:26 -05:00
yackob03
8a738c2bf9
Add some tests to make sure our docker API is properly respecting auth.
2013-11-07 17:10:57 -05:00
yackob03
161a6284f0
Refactor the tests to be less ugly.
2013-11-07 12:54:44 -05:00
yackob03
babc6fa867
We were asking for too many parameters for changing the plan, token is not always necessary.
2013-11-06 23:35:37 -05:00
yackob03
2cd98fc58e
Make the app config more powerful in terms of injecting fake dependencies. Refactor the tests to use metaclasses and to actually all run.
2013-11-06 23:21:12 -05:00
yackob03
2a849f631b
Add the next batch of tests and fixes.
2013-11-06 17:56:31 -05:00
yackob03
db59b5bf9c
Add some tests to verify we're not leaking anything to completely public users (we're not)
2013-11-06 17:09:22 -05:00