vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
7193 commits 2 branches 62 tags 205 MiB
Commit graph

90 commits

Author SHA1 Message Date
Joseph Schorr
6f722e4585 Disable certain APIs and build triggers when trust is enabled 
Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.
 2017-04-17 13:04:51 -04:00
Jake Moshenko
8d279c8cc4 Unify app and api exception handling 
Move some confi to an immutable section
Make ApiExceptions real werkzeug exceptions
 2017-04-14 11:18:01 -04:00
Joseph Schorr
b465a34e8f Temporary fix for additional exception classes handled in Flask 
The recent change to Flask-restful broke the other registered exception handlers, so this temporarily handles the decorated cases as well, until we put in place a proper registration model for Flask and Flask-restful handled exceptions
 2017-04-11 23:02:26 -04:00
Jake Moshenko
e371ed69bb Fix for flask-restful >0.3 error handling 2017-04-07 10:22:50 -04:00
Joseph Schorr
1bd4422da9 Move auth decorators into a decorators module 
The non-decorators will be broken out in the followup change
 2017-03-23 15:42:45 -04:00
Joseph Schorr
30b532254c Disallow non-apps-supported APIs for application repositories 2017-03-22 15:51:19 -04:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token 
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
 2016-12-08 16:11:57 -05:00
Joseph Schorr
b7fc7999c3 Delete old "license" checking code arounds user counts 
This is legacy code that doesn't actually do anything of value
 2016-10-20 14:58:35 -04:00
Charlton Austin
8e5dc8d3db Moving the messages endpoint to something more generic, and making the get visible all the time. 2016-10-17 16:23:48 -04:00
Jimmy Zelinskie
31b77cf232 rename auth.auth to auth.process 
This fixes some ambiguity around imports.
 2016-09-29 15:24:57 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports 
This change reorganizes imports and renames the legacy flask extensions.
 2016-09-28 20:17:14 -04:00
Joseph Schorr
608ffd9663 Basic labels support 
Adds basic labels support to the registry code (V2), and the API. Note that this does not yet add any UI related support.
 2016-08-26 15:24:26 -04:00
Joseph Schorr
a1009af61c Move aggregator into its own repo and add it to the image 2016-07-05 15:39:51 -04:00
Evan Cordell
9a1d97216b Switch error mimetype back to application/json 2016-04-18 17:42:08 -05:00
Evan Cordell
4d7843580f Fix superuser page 2016-04-15 16:50:01 -04:00
Evan Cordell
7b44beb1fd Fix WWW-Authenticate header on 401 2016-04-13 09:01:42 -04:00
Evan Cordell
b5db41920f Address review comments 2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173 Return application/problem+json format errors and provide error endpoint 
to dereference error codes.
 2016-04-11 14:57:24 -04:00
josephschorr
e8faa9f843 Merge pull request #939 from coreos-inc/user-admin 
Add user admin scope
 2016-02-16 16:42:29 -05:00
Joseph Schorr
db0eab0461 Fix V2 catalog and tag pagination 2016-02-10 00:25:33 +02:00
Jake Moshenko
018bf8c5ad Refactor how parsed_args are passed to methods 2016-01-26 16:27:36 -05:00
Joseph Schorr
335c8eb3a9 Add 2 day TTL to page tokens 2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb Switch to Fernet crypto as per gtank's recommendation 2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282 Add ID-based pagination to logs using new decorators and an encrypted token 
Fixes #599
 2016-01-26 12:50:48 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
Matt Jibson
f02bb3caee Add user admin scope 
Also remove unused scope decorator.

fixes #890
 2015-11-18 12:01:40 -05:00
Joseph Schorr
cfa03951e1 Add a SecScanEndpoint class and move all the cert and config handling in there 2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0 Add vulnerabilities and packages API to Quay 
Fixes #564
 2015-11-06 15:22:18 -05:00
Joseph Schorr
5e1cd2b2ad Move decorator for TooManyLoginAttempts into general decorated module 
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
 2015-11-03 12:16:01 -05:00
Jimmy Zelinskie
7c1547221d raise a 520 for any GitLab timeouts 2015-10-13 17:34:08 -04:00
Matt Jibson
b483209862 Wrap API and registry requests with common metric timings 
Record response times, codes, and rollup non-2XX responses.
 2015-08-12 12:16:00 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00
Joseph Schorr
87efcb9e3d Delegated superuser API access 
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
 2015-06-30 11:08:26 +03:00
Joseph Schorr
477a3fdcdc Add a test to verify that all important blueprints have all their methods decorated 
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
 2015-06-02 15:56:44 -04:00
Joseph Schorr
54992c23b7 Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 17:52:44 -04:00
Joseph Schorr
a5ff765f3b Validate that we have a valid JSON body 2015-02-18 15:57:05 -05:00
Joseph Schorr
7933bd44fd Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production 2015-01-08 12:53:36 -05:00
Joseph Schorr
1bf25f25c1 WIP 2015-01-04 14:38:41 -05:00
Jimmy Zelinskie
182c87b983 Remove unused imports. 2014-11-26 10:53:51 -05:00
Jimmy Zelinskie
d9f0d36dfe Add missing InvalidResponse class. 2014-11-25 16:08:01 -05:00
Joseph Schorr
ccc16fd6f4 Merge branch 'master' into bees 2014-11-17 13:14:27 -05:00
Joseph Schorr
e0993b26af Make query params only read from query params, not JSON as well 2014-10-03 15:05:34 -04:00
Joseph Schorr
1d8ec59362 Merge branch master into bees 2014-10-02 15:08:32 -04:00
Joseph Schorr
987177fd7e Have require_fresh_login not apply if there is no password set for the user 2014-09-04 19:47:12 -04:00
Jake Moshenko
1a230f635a Use datetime.min instead of a fixed span for the last login default time. 2014-09-04 19:15:06 -04:00
Joseph Schorr
e783df31e0 Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again. 2014-09-04 14:24:20 -04:00
Jake Moshenko
2dcdd7ba5b Add exponential backoff of login attempts. 2014-09-02 15:27:05 -04:00
Joseph Schorr
6f1a4030b6 Add response schema validation (only when in TESTING mode) and add one schema. More will be added in a followup CL 2014-08-27 20:57:46 -04:00
Joseph Schorr
53fb7f4136 Add documentation for all path parameters 2014-08-19 19:05:28 -04:00