Evan Cordell
7b44beb1fd
Fix WWW-Authenticate
header on 401
2016-04-13 09:01:42 -04:00
Evan Cordell
b5db41920f
Address review comments
2016-04-11 16:34:40 -04:00
Evan Cordell
eba75494d9
Use new error format for auth errors (factor exceptions into module)
2016-04-11 16:22:26 -04:00
Evan Cordell
9c08717173
Return application/problem+json format errors and provide error endpoint
...
to dereference error codes.
2016-04-11 14:57:24 -04:00
josephschorr
e8faa9f843
Merge pull request #939 from coreos-inc/user-admin
...
Add user admin scope
2016-02-16 16:42:29 -05:00
Joseph Schorr
db0eab0461
Fix V2 catalog and tag pagination
2016-02-10 00:25:33 +02:00
Jake Moshenko
018bf8c5ad
Refactor how parsed_args are passed to methods
2016-01-26 16:27:36 -05:00
Joseph Schorr
335c8eb3a9
Add 2 day TTL to page tokens
2016-01-26 14:04:03 -05:00
Joseph Schorr
b4bddacedb
Switch to Fernet crypto as per gtank's recommendation
2016-01-26 12:50:48 -05:00
Joseph Schorr
bd0a098282
Add ID-based pagination to logs using new decorators and an encrypted token
...
Fixes #599
2016-01-26 12:50:48 -05:00
Joseph Schorr
e4ffaff869
Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
...
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
Matt Jibson
f02bb3caee
Add user admin scope
...
Also remove unused scope decorator.
fixes #890
2015-11-18 12:01:40 -05:00
Joseph Schorr
cfa03951e1
Add a SecScanEndpoint class and move all the cert and config handling in there
2015-11-06 15:22:18 -05:00
Joseph Schorr
e4508fc0d0
Add vulnerabilities and packages API to Quay
...
Fixes #564
2015-11-06 15:22:18 -05:00
Joseph Schorr
5e1cd2b2ad
Move decorator for TooManyLoginAttempts into general decorated module
...
Currently, this is missing in gunicorn_registry which causes 500s when user logins become throttled
2015-11-03 12:16:01 -05:00
Jimmy Zelinskie
7c1547221d
raise a 520 for any GitLab timeouts
2015-10-13 17:34:08 -04:00
Matt Jibson
b483209862
Wrap API and registry requests with common metric timings
...
Record response times, codes, and rollup non-2XX responses.
2015-08-12 12:16:00 -04:00
Jake Moshenko
3efaa255e8
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-17 11:56:15 -04:00
Joseph Schorr
87efcb9e3d
Delegated superuser API access
...
Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users.
2015-06-30 11:08:26 +03:00
Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
a5ff765f3b
Validate that we have a valid JSON body
2015-02-18 15:57:05 -05:00
Joseph Schorr
7933bd44fd
Add tests for the new super user config API and make sure both super user API endpoint sets are all guarded against being used in production
2015-01-08 12:53:36 -05:00
Joseph Schorr
1bf25f25c1
WIP
2015-01-04 14:38:41 -05:00
Jimmy Zelinskie
182c87b983
Remove unused imports.
2014-11-26 10:53:51 -05:00
Jimmy Zelinskie
d9f0d36dfe
Add missing InvalidResponse class.
2014-11-25 16:08:01 -05:00
Joseph Schorr
ccc16fd6f4
Merge branch 'master' into bees
2014-11-17 13:14:27 -05:00
Joseph Schorr
e0993b26af
Make query params only read from query params, not JSON as well
2014-10-03 15:05:34 -04:00
Joseph Schorr
1d8ec59362
Merge branch master into bees
2014-10-02 15:08:32 -04:00
Joseph Schorr
987177fd7e
Have require_fresh_login not apply if there is no password set for the user
2014-09-04 19:47:12 -04:00
Jake Moshenko
1a230f635a
Use datetime.min instead of a fixed span for the last login default time.
2014-09-04 19:15:06 -04:00
Joseph Schorr
e783df31e0
Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.
2014-09-04 14:24:20 -04:00
Jake Moshenko
2dcdd7ba5b
Add exponential backoff of login attempts.
2014-09-02 15:27:05 -04:00
Joseph Schorr
6f1a4030b6
Add response schema validation (only when in TESTING mode) and add one schema. More will be added in a followup CL
2014-08-27 20:57:46 -04:00
Joseph Schorr
53fb7f4136
Add documentation for all path parameters
2014-08-19 19:05:28 -04:00
Joseph Schorr
e0bb94e439
Add path param description support
2014-08-06 17:47:32 -04:00
Joseph Schorr
34fc279092
Add e-mail authorization to the repository notification flow. Also validates the creation of the other notification methods.
2014-07-28 14:58:12 -04:00
Joseph Schorr
8d7493cb86
Convert over to notifications system. Note this is incomplete
2014-07-17 22:51:58 -04:00
Joseph Schorr
a84fe0681a
Start on data model changes and API changes for the new repository notification system
2014-07-16 16:30:47 -04:00
Joseph Schorr
205362bc7b
Add UI for handling the case when an enterprise has reached its maximum seat count
2014-05-28 15:22:36 -04:00
Joseph Schorr
0e320c964f
- Add support for super users
...
- Add a super user API
- Add a super user interface
2014-04-10 00:26:55 -04:00
Joseph Schorr
19a20a6c94
Turn off all references and API calls to billing if the feature is disabled
2014-04-06 00:36:19 -04:00
Joseph Schorr
4f4112b18d
Add show_if and hide_if methods for routes and APIs, as well as proper comparison of feature values
2014-04-03 19:32:09 -04:00
jakedt
4e80f95012
Format_date has to support missing dates.
2014-03-25 18:01:50 -04:00
jakedt
f39793b3ac
Check CSRF after processing the oauth token.
2014-03-25 15:37:58 -04:00
jakedt
f060fd6ae0
Fix and unify CSRF support across web and API endpoints.
2014-03-25 14:32:26 -04:00
jakedt
3b7b12085d
User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.
2014-03-19 18:09:09 -04:00
jakedt
6fc369bed2
Change non logged in 403s to 401s.
2014-03-19 13:57:36 -04:00
jakedt
64071b9e8e
Add a user info scope and thread it through the code. Protect the org modification API.
2014-03-18 19:21:27 -04:00
Joseph Schorr
b0dcb5d7e3
Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus
2014-03-18 16:46:28 -04:00