Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								9a1d97216b 
								
							 
						 
						
							
							
								
								Switch error mimetype back to application/json  
							
							
							
						 
						
							2016-04-18 17:42:08 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								4d7843580f 
								
							 
						 
						
							
							
								
								Fix superuser page  
							
							
							
						 
						
							2016-04-15 16:50:01 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								7b44beb1fd 
								
							 
						 
						
							
							
								
								Fix WWW-Authenticate header on 401  
							
							
							
						 
						
							2016-04-13 09:01:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								b5db41920f 
								
							 
						 
						
							
							
								
								Address review comments  
							
							
							
						 
						
							2016-04-11 16:34:40 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								eba75494d9 
								
							 
						 
						
							
							
								
								Use new error format for auth errors (factor exceptions into module)  
							
							
							
						 
						
							2016-04-11 16:22:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								9c08717173 
								
							 
						 
						
							
							
								
								Return application/problem+json format errors and provide error endpoint  
							
							... 
							
							
							
							to dereference error codes. 
							
						 
						
							2016-04-11 14:57:24 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e8faa9f843 
								
							 
						 
						
							
							
								
								Merge pull request  #939  from coreos-inc/user-admin  
							
							... 
							
							
							
							Add user admin scope 
							
						 
						
							2016-02-16 16:42:29 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								db0eab0461 
								
							 
						 
						
							
							
								
								Fix V2 catalog and tag pagination  
							
							
							
						 
						
							2016-02-10 00:25:33 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								018bf8c5ad 
								
							 
						 
						
							
							
								
								Refactor how parsed_args are passed to methods  
							
							
							
						 
						
							2016-01-26 16:27:36 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								335c8eb3a9 
								
							 
						 
						
							
							
								
								Add 2 day TTL to page tokens  
							
							
							
						 
						
							2016-01-26 14:04:03 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b4bddacedb 
								
							 
						 
						
							
							
								
								Switch to Fernet crypto as per gtank's recommendation  
							
							
							
						 
						
							2016-01-26 12:50:48 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bd0a098282 
								
							 
						 
						
							
							
								
								Add ID-based pagination to logs using new decorators and an encrypted token  
							
							... 
							
							
							
							Fixes  #599  
						
							2016-01-26 12:50:48 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4ffaff869 
								
							 
						 
						
							
							
								
								Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.  
							
							... 
							
							
							
							This support is placed behind a feature flag. 
							
						 
						
							2016-01-22 15:54:06 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Matt Jibson 
								
							 
						 
						
							
							
							
							
								
							
							
								f02bb3caee 
								
							 
						 
						
							
							
								
								Add user admin scope  
							
							... 
							
							
							
							Also remove unused scope decorator.
fixes  #890  
							
						 
						
							2015-11-18 12:01:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								cfa03951e1 
								
							 
						 
						
							
							
								
								Add a SecScanEndpoint class and move all the cert and config handling in there  
							
							
							
						 
						
							2015-11-06 15:22:18 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4508fc0d0 
								
							 
						 
						
							
							
								
								Add vulnerabilities and packages API to Quay  
							
							... 
							
							
							
							Fixes  #564  
						
							2015-11-06 15:22:18 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5e1cd2b2ad 
								
							 
						 
						
							
							
								
								Move decorator for TooManyLoginAttempts into general decorated module  
							
							... 
							
							
							
							Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled 
							
						 
						
							2015-11-03 12:16:01 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								7c1547221d 
								
							 
						 
						
							
							
								
								raise a 520 for any GitLab timeouts  
							
							
							
						 
						
							2015-10-13 17:34:08 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Matt Jibson 
								
							 
						 
						
							
							
							
							
								
							
							
								b483209862 
								
							 
						 
						
							
							
								
								Wrap API and registry requests with common metric timings  
							
							... 
							
							
							
							Record response times, codes, and rollup non-2XX responses. 
							
						 
						
							2015-08-12 12:16:00 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								3efaa255e8 
								
							 
						 
						
							
							
								
								Accidental refactor, split out legacy.py into separate sumodules and update all call sites.  
							
							
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								87efcb9e3d 
								
							 
						 
						
							
							
								
								Delegated superuser API access  
							
							... 
							
							
							
							Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users. 
							
						 
						
							2015-06-30 11:08:26 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								477a3fdcdc 
								
							 
						 
						
							
							
								
								Add a test to verify that all important blueprints have all their methods decorated  
							
							... 
							
							
							
							This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access 
							
						 
						
							2015-06-02 15:56:44 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								54992c23b7 
								
							 
						 
						
							
							
								
								Add a feature flag for disabling unauthenticated access to the registry in its entirety.  
							
							
							
						 
						
							2015-05-19 17:52:44 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a5ff765f3b 
								
							 
						 
						
							
							
								
								Validate that we have a valid JSON body  
							
							
							
						 
						
							2015-02-18 15:57:05 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7933bd44fd 
								
							 
						 
						
							
							
								
								Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production  
							
							
							
						 
						
							2015-01-08 12:53:36 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1bf25f25c1 
								
							 
						 
						
							
							
								
								WIP  
							
							
							
						 
						
							2015-01-04 14:38:41 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								182c87b983 
								
							 
						 
						
							
							
								
								Remove unused imports.  
							
							
							
						 
						
							2014-11-26 10:53:51 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								d9f0d36dfe 
								
							 
						 
						
							
							
								
								Add missing InvalidResponse class.  
							
							
							
						 
						
							2014-11-25 16:08:01 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ccc16fd6f4 
								
							 
						 
						
							
							
								
								Merge branch 'master' into bees  
							
							
							
						 
						
							2014-11-17 13:14:27 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e0993b26af 
								
							 
						 
						
							
							
								
								Make query params only read from query params, not JSON as well  
							
							
							
						 
						
							2014-10-03 15:05:34 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1d8ec59362 
								
							 
						 
						
							
							
								
								Merge branch master into bees  
							
							
							
						 
						
							2014-10-02 15:08:32 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								987177fd7e 
								
							 
						 
						
							
							
								
								Have require_fresh_login not apply if there is no password set for the user  
							
							
							
						 
						
							2014-09-04 19:47:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								1a230f635a 
								
							 
						 
						
							
							
								
								Use datetime.min instead of a fixed span for the last login default time.  
							
							
							
						 
						
							2014-09-04 19:15:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e783df31e0 
								
							 
						 
						
							
							
								
								Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.  
							
							
							
						 
						
							2014-09-04 14:24:20 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								2dcdd7ba5b 
								
							 
						 
						
							
							
								
								Add exponential backoff of login attempts.  
							
							
							
						 
						
							2014-09-02 15:27:05 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6f1a4030b6 
								
							 
						 
						
							
							
								
								Add response schema validation (only when in TESTING mode) and add one schema. More will be added in a followup CL  
							
							
							
						 
						
							2014-08-27 20:57:46 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								53fb7f4136 
								
							 
						 
						
							
							
								
								Add documentation for all path parameters  
							
							
							
						 
						
							2014-08-19 19:05:28 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e0bb94e439 
								
							 
						 
						
							
							
								
								Add path param description support  
							
							
							
						 
						
							2014-08-06 17:47:32 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								34fc279092 
								
							 
						 
						
							
							
								
								Add e-mail authorization to the repository notification flow. Also validates the creation of the other notification methods.  
							
							
							
						 
						
							2014-07-28 14:58:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8d7493cb86 
								
							 
						 
						
							
							
								
								Convert over to notifications system. Note this is incomplete  
							
							
							
						 
						
							2014-07-17 22:51:58 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a84fe0681a 
								
							 
						 
						
							
							
								
								Start on data model changes and API changes for the new repository notification system  
							
							
							
						 
						
							2014-07-16 16:30:47 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								205362bc7b 
								
							 
						 
						
							
							
								
								Add UI for handling the case when an enterprise has reached its maximum seat count  
							
							
							
						 
						
							2014-05-28 15:22:36 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0e320c964f 
								
							 
						 
						
							
							
								
								- Add support for super users  
							
							... 
							
							
							
							- Add a super user API
- Add a super user interface 
							
						 
						
							2014-04-10 00:26:55 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								19a20a6c94 
								
							 
						 
						
							
							
								
								Turn off all references and API calls to billing if the feature is disabled  
							
							
							
						 
						
							2014-04-06 00:36:19 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4f4112b18d 
								
							 
						 
						
							
							
								
								Add show_if and hide_if methods for routes and APIs, as well as proper comparison of feature values  
							
							
							
						 
						
							2014-04-03 19:32:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								4e80f95012 
								
							 
						 
						
							
							
								
								Format_date has to support missing dates.  
							
							
							
						 
						
							2014-03-25 18:01:50 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								f39793b3ac 
								
							 
						 
						
							
							
								
								Check CSRF after processing the oauth token.  
							
							
							
						 
						
							2014-03-25 15:37:58 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								f060fd6ae0 
								
							 
						 
						
							
							
								
								Fix and unify CSRF support across web and API endpoints.  
							
							
							
						 
						
							2014-03-25 14:32:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								3b7b12085d 
								
							 
						 
						
							
							
								
								User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.  
							
							
							
						 
						
							2014-03-19 18:09:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								6fc369bed2 
								
							 
						 
						
							
							
								
								Change non logged in 403s to 401s.  
							
							
							
						 
						
							2014-03-19 13:57:36 -04:00