Commit graph

473 commits

Author SHA1 Message Date
jakedt
8fefe239b5 Fix public repository permissions checking. 2014-03-26 15:56:51 -04:00
jakedt
4d2e090bea Fix the problem with login on new triggers. 2014-03-26 15:52:24 -04:00
jakedt
4e80f95012 Format_date has to support missing dates. 2014-03-25 18:01:50 -04:00
jakedt
8538455cef Fix the user API to throw the nicer 401 that the FE can handle. 2014-03-25 17:58:19 -04:00
jakedt
f1a7f86780 Fix CSRF token generation. 2014-03-25 17:51:22 -04:00
jakedt
41cfadac23 Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list. 2014-03-25 17:26:45 -04:00
jakedt
5f98bf8dab Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	endpoints/api.py
2014-03-25 15:50:03 -04:00
Joseph Schorr
4a66bd4af2 Fix the status view when it cannot be loaded 2014-03-25 15:48:12 -04:00
jakedt
f39793b3ac Check CSRF after processing the oauth token. 2014-03-25 15:37:58 -04:00
jakedt
219fbd6950 Make the CSRF checks mandatory. 2014-03-25 14:35:19 -04:00
jakedt
f060fd6ae0 Fix and unify CSRF support across web and API endpoints. 2014-03-25 14:32:26 -04:00
jakedt
0097daebc2 Formatting changes. 2014-03-25 14:32:02 -04:00
Joseph Schorr
16d3ddd8cc Nicely handle the case where we cannot connect to Redis 2014-03-25 13:29:06 -04:00
jakedt
b81e48cb41 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
	test/data/test.db
2014-03-25 12:43:09 -04:00
jakedt
cbc40588cb Finally figure out what the data field is supposed to be for and use it to implement and fix 3LO. 2014-03-25 12:42:40 -04:00
Joseph Schorr
c82d1ffe98 Add ability for users to see their authorized applications and revoke the access 2014-03-24 20:57:02 -04:00
Joseph Schorr
e92cf37583 Add cancel button to the oauth authorization page, add the org icon to said page, and fix some other minor bugs 2014-03-24 18:30:22 -04:00
jakedt
283ce5e1c3 Make the new app management APIs internal and fix the schemas to work with swagger. 2014-03-24 18:16:46 -04:00
Joseph Schorr
f7c27f250b Add full application management API, UI and test cases 2014-03-20 15:46:13 -04:00
jakedt
a9c0e016f3 Add the ability to use an oauth token to interact with the index and registry. 2014-03-20 12:09:25 -04:00
jakedt
0992c8a47e Fix some permissions problems still around due to some usage of scopes as strings. 2014-03-19 18:21:58 -04:00
jakedt
3b7b12085d User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens. 2014-03-19 18:09:09 -04:00
jakedt
c93c62600d Merge remote-tracking branch 'origin/master' into swaggerlikeus
Conflicts:
	data/database.py
	endpoints/api.py
	endpoints/common.py
	templates/base.html
	test/data/test.db
	test/specs.py
2014-03-19 15:39:44 -04:00
jakedt
f2d0a2f479 Split out organization repo roles and org management roles. 2014-03-19 14:36:56 -04:00
jakedt
6fc369bed2 Change non logged in 403s to 401s. 2014-03-19 13:57:36 -04:00
jakedt
7bd4b9a71c Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus
Conflicts:
	endpoints/api/trigger.py
2014-03-19 12:13:07 -04:00
jakedt
6267275d6f Mark a whole slew of APIs as internal only. 2014-03-19 12:09:07 -04:00
Joseph Schorr
807fa68fe4 Fix the remainder of the API usage tests. Note that this still fails when the blueprint is registered again, so each subset of tests has to be run on its own 2014-03-18 20:32:37 -04:00
jakedt
19c7453f99 Merge branch 'swaggerlikeus' of ssh://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 19:21:53 -04:00
jakedt
64071b9e8e Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 19:21:27 -04:00
Joseph Schorr
d7a59ef0c2 Add checks for invalid scopes in the auth approval process 2014-03-18 17:05:27 -04:00
Joseph Schorr
b0dcb5d7e3 Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-18 16:46:28 -04:00
Joseph Schorr
9ae4506a0d Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display 2014-03-18 16:45:18 -04:00
jakedt
6f39e158d6 Eliminate all of the exceptions when running the tests. 2014-03-18 15:58:37 -04:00
jakedt
e1b704bdac We must check repository permissions before parsing args. 2014-03-18 14:45:14 -04:00
jakedt
7d163833bd Some small fixes in the API. 2014-03-18 14:22:14 -04:00
jakedt
3b3d71bfd7 Feed error messages through a cors wrapper so that people on other domains can see what's happening. 2014-03-17 16:57:35 -04:00
jakedt
4673f40dd2 Fix the org robot create response. 2014-03-17 15:26:16 -04:00
jakedt
bb2767ff16 Fix url_for for api endpoints. 2014-03-17 15:23:49 -04:00
jakedt
535947a06d Change the image changes to return a python block. 2014-03-17 15:10:08 -04:00
jakedt
5cc2bdbc71 Fix some errors. 2014-03-17 14:52:52 -04:00
jakedt
3542a520f5 Fix bugs, mostly related to date formatting. 2014-03-17 13:10:12 -04:00
jakedt
ddf5f2053c Convert old style jsonschema required params to new style. 2014-03-17 12:25:41 -04:00
jakedt
5bb4008880 Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections. 2014-03-17 12:01:13 -04:00
Joseph Schorr
e759066ae0 Change ApiService to use the new swagger-backed discovery and the new /v1/ API endpoints. Also changes all other /api/ calls (the few that are still manually invoked) 2014-03-14 23:40:41 -04:00
Joseph Schorr
767ab1085a Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus 2014-03-14 18:57:35 -04:00
Joseph Schorr
d469b41899 Add an oauth authorization page 2014-03-14 18:57:28 -04:00
jakedt
67353de179 Convert a current_user to get_authenticated_user in the repository api. 2014-03-14 18:41:14 -04:00
jakedt
092e236694 Write a flask-restful version of cache-control. Remove the comments to add back in post methods. 2014-03-14 18:39:31 -04:00
jakedt
60015f0ae0 Add internal API filtering. 2014-03-14 18:07:03 -04:00