Commit graph

1420 commits

Author SHA1 Message Date
jakedt
f1a7f86780 Fix CSRF token generation. 2014-03-25 17:51:22 -04:00
jakedt
cb9c0e58d4 Update requirements.txt with new versions and new requirements. 2014-03-25 17:45:51 -04:00
jakedt
250efd76b6 Merge remote-tracking branch 'origin/swaggerlikeus' 2014-03-25 17:27:00 -04:00
jakedt
41cfadac23 Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list. 2014-03-25 17:26:45 -04:00
Joseph Schorr
efb1ab6562 Fix typo 2014-03-25 16:50:39 -04:00
jakedt
afb3a67b7b Switch the data to a textfield for authorization codes. 2014-03-25 16:06:34 -04:00
jakedt
5f98bf8dab Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	endpoints/api.py
2014-03-25 15:50:03 -04:00
Joseph Schorr
4a66bd4af2 Fix the status view when it cannot be loaded 2014-03-25 15:48:12 -04:00
jakedt
0ad42f71eb Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-25 15:38:37 -04:00
jakedt
5d2274fb05 Add CORS headers to all error responses. 2014-03-25 15:38:31 -04:00
jakedt
669ec9c382 Change the token expiration time to 10 years. 2014-03-25 15:38:16 -04:00
jakedt
f39793b3ac Check CSRF after processing the oauth token. 2014-03-25 15:37:58 -04:00
Joseph Schorr
7befc04809 Fix API usage tests to send the proper CSRF token and add a "invalid CSRF token" test 2014-03-25 15:17:02 -04:00
jakedt
26a57d0c21 Fix the test_api_security tests for csrf. 2014-03-25 14:53:27 -04:00
jakedt
219fbd6950 Make the CSRF checks mandatory. 2014-03-25 14:35:19 -04:00
jakedt
f060fd6ae0 Fix and unify CSRF support across web and API endpoints. 2014-03-25 14:32:26 -04:00
jakedt
0097daebc2 Formatting changes. 2014-03-25 14:32:02 -04:00
Joseph Schorr
99cdc0402a Fix mobile menu button 2014-03-25 14:05:39 -04:00
Joseph Schorr
16d3ddd8cc Nicely handle the case where we cannot connect to Redis 2014-03-25 13:29:06 -04:00
jakedt
7a580e6036 Tweak the text on the authorizations page. 2014-03-25 13:13:29 -04:00
jakedt
b81e48cb41 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
	test/data/test.db
2014-03-25 12:43:09 -04:00
jakedt
cbc40588cb Finally figure out what the data field is supposed to be for and use it to implement and fix 3LO. 2014-03-25 12:42:40 -04:00
Joseph Schorr
c82d1ffe98 Add ability for users to see their authorized applications and revoke the access 2014-03-24 20:57:02 -04:00
Joseph Schorr
e92cf37583 Add cancel button to the oauth authorization page, add the org icon to said page, and fix some other minor bugs 2014-03-24 18:30:22 -04:00
Joseph Schorr
acac2a7fa7 Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-24 18:18:40 -04:00
Joseph Schorr
10004192d7 Don't send null fields in app management and clarify the fields 2014-03-24 18:18:35 -04:00
jakedt
283ce5e1c3 Make the new app management APIs internal and fix the schemas to work with swagger. 2014-03-24 18:16:46 -04:00
Joseph Schorr
b252520ab0 Add the mix panel badge to the landing page 2014-03-24 14:10:55 -04:00
Joseph Schorr
f7c27f250b Add full application management API, UI and test cases 2014-03-20 15:46:13 -04:00
jakedt
a3eff7a2e8 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-20 12:09:31 -04:00
jakedt
a9c0e016f3 Add the ability to use an oauth token to interact with the index and registry. 2014-03-20 12:09:25 -04:00
Joseph Schorr
e07670613e Get app information dialog working 2014-03-20 12:06:29 -04:00
jakedt
0992c8a47e Fix some permissions problems still around due to some usage of scopes as strings. 2014-03-19 18:21:58 -04:00
jakedt
3b7b12085d User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens. 2014-03-19 18:09:09 -04:00
jakedt
c93c62600d Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	data/database.py
	endpoints/api.py
	endpoints/common.py
	templates/base.html
	test/data/test.db
	test/specs.py
2014-03-19 15:39:44 -04:00
jakedt
9859929d93 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-19 14:37:04 -04:00
jakedt
f2d0a2f479 Split out organization repo roles and org management roles. 2014-03-19 14:36:56 -04:00
Joseph Schorr
8f3b87c866 - Handle the case when the user is not logged in on the oath form
- Have the sign in form properly redirect back to the current page for GitHub login
2014-03-19 14:27:33 -04:00
Joseph Schorr
8ac67e3061 Fix handling of retrieving the user information and session expiration 2014-03-19 14:04:42 -04:00
jakedt
6fc369bed2 Change non logged in 403s to 401s. 2014-03-19 13:57:36 -04:00
jakedt
7bd4b9a71c Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
	endpoints/api/trigger.py
2014-03-19 12:13:07 -04:00
jakedt
6267275d6f Mark a whole slew of APIs as internal only. 2014-03-19 12:09:07 -04:00
Joseph Schorr
807fa68fe4 Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own 2014-03-18 20:32:37 -04:00
jakedt
5e7ffd95ca Update the api usage test to use the new url_for resources. 2014-03-18 19:34:26 -04:00
jakedt
19c7453f99 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 19:21:53 -04:00
jakedt
1757a122fe Update the security tests with the proper response codes for everything. 2014-03-18 19:21:46 -04:00
jakedt
64071b9e8e Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 19:21:27 -04:00
Joseph Schorr
d502602b38 Change oauth authorization page to use a drop down arrow 2014-03-18 17:55:52 -04:00
Joseph Schorr
d24f1faf44 Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 17:05:59 -04:00
Joseph Schorr
d7a59ef0c2 Add checks for invalid scopes in the auth approval process 2014-03-18 17:05:27 -04:00