Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a1c06042c6 
								
							 
						 
						
							
							
								
								Add a unique_key fields to the auth context type for tracking different instances  
							
							... 
							
							
							
							This will allow us to lookup a cache for the catalog without needing to make a database call 
							
						 
						
							2018-06-19 11:09:58 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								913952ae27 
								
							 
						 
						
							
							
								
								Make signed grant tests stable across runs  
							
							... 
							
							
							
							This was preventing us from running tests in parallel, since the names were changing 
							
						 
						
							2018-06-01 17:06:56 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								86f898d9bd 
								
							 
						 
						
							
							
								
								Fix OAuth scopes display  
							
							... 
							
							
							
							Before, we were sending the wrong kind of data (namedtuple instead of dict) in the non-superuser case, which broke prod. Now, we always explicitly send a standard dictionary.
Fixes https://jira.coreos.com/browse/QUAY-871  
							
						 
						
							2018-03-16 13:03:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brad Ison 
								
							 
						 
						
							
							
							
							
								
							
							
								d1ba2dcfc3 
								
							 
						 
						
							
							
								
								Add labels to test cases for invalid JWTs  
							
							
							
						 
						
							2018-02-26 12:55:49 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e220b50543 
								
							 
						 
						
							
							
								
								Refactor auth code to be cleaner and more extensible  
							
							... 
							
							
							
							We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc). 
							
						 
						
							2018-02-14 15:35:27 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bbdf9e074c 
								
							 
						 
						
							
							
								
								Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails  
							
							
							
						 
						
							2018-02-02 11:14:42 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								888b564a9b 
								
							 
						 
						
							
							
								
								Add a banner to the Quay UI when an app specific token is about to expire  
							
							
							
						 
						
							2018-01-04 15:27:42 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								524d77f527 
								
							 
						 
						
							
							
								
								Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password  
							
							
							
						 
						
							2018-01-04 15:27:41 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1ba3c24fe5 
								
							 
						 
						
							
							
								
								Fix log level on expired OAuth log  
							
							
							
						 
						
							2018-01-04 12:59:21 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3bf8973fd9 
								
							 
						 
						
							
							
								
								Change app registry to use the credentials verification system  
							
							... 
							
							
							
							Allows for tokens, OAuth tokens and robot accounts to be used as well
Fixes https://jira.prod.coreos.systems/browse/QS-36  
							
						 
						
							2017-12-06 13:52:25 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0bcda90c6e 
								
							 
						 
						
							
							
								
								Add kind to credentials validate call  
							
							
							
						 
						
							2017-12-06 13:52:24 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6f3d9a6fce 
								
							 
						 
						
							
							
								
								Extract credential handling into its own module  
							
							... 
							
							
							
							Will be used in Docker V1 and APPR protocols 
							
						 
						
							2017-12-06 13:52:24 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								1040c939bf 
								
							 
						 
						
							
							
								
								auth.test: merge registry jwt into one pytest file  
							
							
							
						 
						
							2017-07-12 15:14:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								880871a2ea 
								
							 
						 
						
							
							
								
								auth.test: increase duration to avoid flakes  
							
							
							
						 
						
							2017-07-12 15:14:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								8a6417869d 
								
							 
						 
						
							
							
								
								auth/test: add missing module db setup  
							
							
							
						 
						
							2017-07-12 15:14:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								da4fb02423 
								
							 
						 
						
							
							
								
								auth/test: yapf format  
							
							
							
						 
						
							2017-07-12 15:14:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								92877fa70f 
								
							 
						 
						
							
							
								
								auth.test.test_registry_jwt: rm endpoints.v2 dep  
							
							
							
						 
						
							2017-07-12 15:14:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								7d1bbbfe19 
								
							 
						 
						
							
							
								
								test: convert registry auth test to pytest  
							
							... 
							
							
							
							This also moves them into the auth package. 
							
						 
						
							2017-07-12 15:14:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								7444055511 
								
							 
						 
						
							
							
								
								auth: remove relative imports  
							
							
							
						 
						
							2017-05-16 15:54:02 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7debd44b54 
								
							 
						 
						
							
							
								
								Switch fixture imports to wildcard in prep for full db test fixes  
							
							
							
						 
						
							2017-04-24 16:45:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								40f936c053 
								
							 
						 
						
							
							
								
								Fix logger statement in new auth code  
							
							
							
						 
						
							2017-03-24 17:43:00 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								08673a03e2 
								
							 
						 
						
							
							
								
								Rename cookie header parameter to make it clear it is unused  
							
							... 
							
							
							
							The parameter is necessary to match the auth handler interface, but is unused inside the method 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								651666b60b 
								
							 
						 
						
							
							
								
								Refactor our auth handling code to be cleaner  
							
							... 
							
							
							
							Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change. 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1bd4422da9 
								
							 
						 
						
							
							
								
								Move auth decorators into a decorators module  
							
							... 
							
							
							
							The non-decorators will be broken out in the followup change 
							
						 
						
							2017-03-23 15:42:45 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								64421db0a3 
								
							 
						 
						
							
							
								
								MAINTAINERS: init owners to subpkgs  
							
							
							
						 
						
							2017-01-23 17:46:34 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								b4ace1dd29 
								
							 
						 
						
							
							
								
								registry auth tests: test more access types  
							
							
							
						 
						
							2016-11-28 14:02:08 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4b926ae189 
								
							 
						 
						
							
							
								
								Add new metrics as requested by some customers  
							
							... 
							
							
							
							Note that the `status` field on the pull and push metrics will eventually be set to False for failed pulls and pushes in a followup PR 
							
						 
						
							2016-11-03 15:28:40 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3439f814b6 
								
							 
						 
						
							
							
								
								Fix quoting of scopes in WWW-Authenticate header  
							
							... 
							
							
							
							Fixes part of #2002  
							
						 
						
							2016-10-17 14:32:43 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								684ace3b5a 
								
							 
						 
						
							
							
								
								Merge pull request  #1761  from coreos-inc/nginx-direct-download  
							
							... 
							
							
							
							Add feature flag to force all direct download URLs to be proxied 
							
						 
						
							2016-09-29 22:46:57 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								31b77cf232 
								
							 
						 
						
							
							
								
								rename auth.auth to auth.process  
							
							... 
							
							
							
							This fixes some ambiguity around imports. 
							
						 
						
							2016-09-29 15:24:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6ae3faf7fc 
								
							 
						 
						
							
							
								
								Add explicit config parameter to the JWT auth methods  
							
							
							
						 
						
							2016-09-29 11:15:20 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dd2e086a20 
								
							 
						 
						
							
							
								
								Add feature flag to force all direct download URLs to be proxied  
							
							... 
							
							
							
							Fixes  #1667  
						
							2016-09-29 11:13:41 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								fc7301be0d 
								
							 
						 
						
							
							
								
								*: fix legacy imports  
							
							... 
							
							
							
							This change reorganizes imports and renames the legacy flask extensions. 
							
						 
						
							2016-09-28 20:17:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c4daf1cc3d 
								
							 
						 
						
							
							
								
								Change permissions model so that non-admins do not get org-wide read  
							
							... 
							
							
							
							Fixes  #1684  
						
							2016-08-04 16:47:28 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8887f09ba8 
								
							 
						 
						
							
							
								
								Use the instance service key for registry JWT signing  
							
							
							
						 
						
							2016-06-07 11:58:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7933aecf25 
								
							 
						 
						
							
							
								
								Add support for direct granting of OAuth tokens and add tests  
							
							... 
							
							
							
							This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user. 
							
						 
						
							2016-05-23 17:17:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a736407611 
								
							 
						 
						
							
							
								
								Fix user:admin scope handling and add test  
							
							
							
						 
						
							2016-05-09 11:16:01 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								9221a515de 
								
							 
						 
						
							
							
								
								Use the registry API for security scanning  
							
							... 
							
							
							
							when the storage engine doesn't support direct download url 
							
						 
						
							2016-05-04 18:04:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								eba75494d9 
								
							 
						 
						
							
							
								
								Use new error format for auth errors (factor exceptions into module)  
							
							
							
						 
						
							2016-04-11 16:22:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b5b2df2063 
								
							 
						 
						
							
							
								
								Make test more resilient to changes in IDs  
							
							
							
						 
						
							2016-03-30 16:19:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a3aa4592cf 
								
							 
						 
						
							
							
								
								Change permissions to only load required by default  
							
							... 
							
							
							
							Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary. 
							
						 
						
							2016-03-28 16:33:32 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								ea2e17cc11 
								
							 
						 
						
							
							
								
								v2: send proper scopes for authorization failures  
							
							... 
							
							
							
							Fixes  #1278 . 
						
							2016-03-11 13:41:38 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								bb46cc933d 
								
							 
						 
						
							
							
								
								use kwargs for parse_repository_name  
							
							
							
						 
						
							2016-03-09 16:20:28 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e8faa9f843 
								
							 
						 
						
							
							
								
								Merge pull request  #939  from coreos-inc/user-admin  
							
							... 
							
							
							
							Add user admin scope 
							
						 
						
							2016-02-16 16:42:29 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								01a92a66ba 
								
							 
						 
						
							
							
								
								Refresh base image and python dependencies  
							
							
							
						 
						
							2016-01-27 11:36:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4ffaff869 
								
							 
						 
						
							
							
								
								Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.  
							
							... 
							
							
							
							This support is placed behind a feature flag. 
							
						 
						
							2016-01-22 15:54:06 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4e942203cb 
								
							 
						 
						
							
							
								
								Fix handling of tokens in the new context block of the JWT  
							
							
							
						 
						
							2015-12-15 16:52:22 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ca7d36bf14 
								
							 
						 
						
							
							
								
								Handle empty scopes and always send the WWW-Authenticate header, as per spec  
							
							... 
							
							
							
							Fixes  #1045  
						
							2015-12-15 14:59:47 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4a4eee5e05 
								
							 
						 
						
							
							
								
								Make our JWT subjects better and log using the info  
							
							... 
							
							
							
							Fixes  #1039  
						
							2015-12-14 14:00:33 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Matt Jibson 
								
							 
						 
						
							
							
							
							
								
							
							
								f02bb3caee 
								
							 
						 
						
							
							
								
								Add user admin scope  
							
							... 
							
							
							
							Also remove unused scope decorator.
fixes  #890  
							
						 
						
							2015-11-18 12:01:40 -05:00