jakedt
|
8538455cef
|
Fix the user API to throw the nicer 401 that the FE can handle.
|
2014-03-25 17:58:19 -04:00 |
|
jakedt
|
f1a7f86780
|
Fix CSRF token generation.
|
2014-03-25 17:51:22 -04:00 |
|
jakedt
|
cb9c0e58d4
|
Update requirements.txt with new versions and new requirements.
|
2014-03-25 17:45:51 -04:00 |
|
jakedt
|
250efd76b6
|
Merge remote-tracking branch 'origin/swaggerlikeus'
|
2014-03-25 17:27:00 -04:00 |
|
jakedt
|
41cfadac23
|
Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list.
|
2014-03-25 17:26:45 -04:00 |
|
Joseph Schorr
|
efb1ab6562
|
Fix typo
|
2014-03-25 16:50:39 -04:00 |
|
jakedt
|
afb3a67b7b
|
Switch the data to a textfield for authorization codes.
|
2014-03-25 16:06:34 -04:00 |
|
jakedt
|
5f98bf8dab
|
Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
endpoints/api.py
|
2014-03-25 15:50:03 -04:00 |
|
Joseph Schorr
|
4a66bd4af2
|
Fix the status view when it cannot be loaded
|
2014-03-25 15:48:12 -04:00 |
|
jakedt
|
0ad42f71eb
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-25 15:38:37 -04:00 |
|
jakedt
|
5d2274fb05
|
Add CORS headers to all error responses.
|
2014-03-25 15:38:31 -04:00 |
|
jakedt
|
669ec9c382
|
Change the token expiration time to 10 years.
|
2014-03-25 15:38:16 -04:00 |
|
jakedt
|
f39793b3ac
|
Check CSRF after processing the oauth token.
|
2014-03-25 15:37:58 -04:00 |
|
Joseph Schorr
|
7befc04809
|
Fix API usage tests to send the proper CSRF token and add a "invalid CSRF token" test
|
2014-03-25 15:17:02 -04:00 |
|
jakedt
|
26a57d0c21
|
Fix the test_api_security tests for csrf.
|
2014-03-25 14:53:27 -04:00 |
|
jakedt
|
219fbd6950
|
Make the CSRF checks mandatory.
|
2014-03-25 14:35:19 -04:00 |
|
jakedt
|
f060fd6ae0
|
Fix and unify CSRF support across web and API endpoints.
|
2014-03-25 14:32:26 -04:00 |
|
jakedt
|
0097daebc2
|
Formatting changes.
|
2014-03-25 14:32:02 -04:00 |
|
Joseph Schorr
|
99cdc0402a
|
Fix mobile menu button
|
2014-03-25 14:05:39 -04:00 |
|
Joseph Schorr
|
16d3ddd8cc
|
Nicely handle the case where we cannot connect to Redis
|
2014-03-25 13:29:06 -04:00 |
|
jakedt
|
7a580e6036
|
Tweak the text on the authorizations page.
|
2014-03-25 13:13:29 -04:00 |
|
jakedt
|
b81e48cb41
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
test/data/test.db
|
2014-03-25 12:43:09 -04:00 |
|
jakedt
|
cbc40588cb
|
Finally figure out what the data field is supposed to be for and use it to implement and fix 3LO.
|
2014-03-25 12:42:40 -04:00 |
|
Joseph Schorr
|
c82d1ffe98
|
Add ability for users to see their authorized applications and revoke the access
|
2014-03-24 20:57:02 -04:00 |
|
Joseph Schorr
|
e92cf37583
|
Add cancel button to the oauth authorization page, add the org icon to said page, and fix some other minor bugs
|
2014-03-24 18:30:22 -04:00 |
|
Joseph Schorr
|
acac2a7fa7
|
Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-24 18:18:40 -04:00 |
|
Joseph Schorr
|
10004192d7
|
Don't send null fields in app management and clarify the fields
|
2014-03-24 18:18:35 -04:00 |
|
jakedt
|
283ce5e1c3
|
Make the new app management APIs internal and fix the schemas to work with swagger.
|
2014-03-24 18:16:46 -04:00 |
|
Joseph Schorr
|
b252520ab0
|
Add the mix panel badge to the landing page
|
2014-03-24 14:10:55 -04:00 |
|
Joseph Schorr
|
f7c27f250b
|
Add full application management API, UI and test cases
|
2014-03-20 15:46:13 -04:00 |
|
jakedt
|
a3eff7a2e8
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-20 12:09:31 -04:00 |
|
jakedt
|
a9c0e016f3
|
Add the ability to use an oauth token to interact with the index and registry.
|
2014-03-20 12:09:25 -04:00 |
|
Joseph Schorr
|
e07670613e
|
Get app information dialog working
|
2014-03-20 12:06:29 -04:00 |
|
jakedt
|
0992c8a47e
|
Fix some permissions problems still around due to some usage of scopes as strings.
|
2014-03-19 18:21:58 -04:00 |
|
jakedt
|
3b7b12085d
|
User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.
|
2014-03-19 18:09:09 -04:00 |
|
jakedt
|
c93c62600d
|
Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
data/database.py
endpoints/api.py
endpoints/common.py
templates/base.html
test/data/test.db
test/specs.py
|
2014-03-19 15:39:44 -04:00 |
|
jakedt
|
9859929d93
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-19 14:37:04 -04:00 |
|
jakedt
|
f2d0a2f479
|
Split out organization repo roles and org management roles.
|
2014-03-19 14:36:56 -04:00 |
|
Joseph Schorr
|
8f3b87c866
|
- Handle the case when the user is not logged in on the oath form
- Have the sign in form properly redirect back to the current page for GitHub login
|
2014-03-19 14:27:33 -04:00 |
|
Joseph Schorr
|
8ac67e3061
|
Fix handling of retrieving the user information and session expiration
|
2014-03-19 14:04:42 -04:00 |
|
jakedt
|
6fc369bed2
|
Change non logged in 403s to 401s.
|
2014-03-19 13:57:36 -04:00 |
|
jakedt
|
7bd4b9a71c
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
endpoints/api/trigger.py
|
2014-03-19 12:13:07 -04:00 |
|
jakedt
|
6267275d6f
|
Mark a whole slew of APIs as internal only.
|
2014-03-19 12:09:07 -04:00 |
|
Joseph Schorr
|
807fa68fe4
|
Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own
|
2014-03-18 20:32:37 -04:00 |
|
jakedt
|
5e7ffd95ca
|
Update the api usage test to use the new url_for resources.
|
2014-03-18 19:34:26 -04:00 |
|
jakedt
|
19c7453f99
|
Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-18 19:21:53 -04:00 |
|
jakedt
|
1757a122fe
|
Update the security tests with the proper response codes for everything.
|
2014-03-18 19:21:46 -04:00 |
|
jakedt
|
64071b9e8e
|
Add a user info scope and thread it through the code. Protect the org modification API.
|
2014-03-18 19:21:27 -04:00 |
|
Joseph Schorr
|
d502602b38
|
Change oauth authorization page to use a drop down arrow
|
2014-03-18 17:55:52 -04:00 |
|
Joseph Schorr
|
d24f1faf44
|
Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
|
2014-03-18 17:05:59 -04:00 |
|