Commit graph

8716 commits

Author SHA1 Message Date
josephschorr
b9ad8bbb5d
Merge pull request #2934 from coreos-inc/joseph.schorr/QS-78/email-recovery
Security fixes for password recovery
2017-12-06 14:53:02 -05:00
Joseph Schorr
a204dc20fb Require CAPTCHA for password recovery
https://jira.coreos.com/browse/QS-79
2017-12-06 14:25:34 -05:00
josephschorr
8d7381336a
Merge pull request #2910 from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug
Don't add a "password required" notification for non-database auth via OIDC
2017-12-06 14:19:49 -05:00
Joseph Schorr
927d469db0 In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address) 2017-12-06 14:07:38 -05:00
josephschorr
10ddf98e0c
Merge pull request #2930 from coreos-inc/joseph.schorr/QS-68/squashed-image-postgres
Make sure to close the database connection before forking in verbs
2017-12-06 14:03:17 -05:00
Joseph Schorr
3bf8973fd9 Change app registry to use the credentials verification system
Allows for tokens, OAuth tokens and robot accounts to be used as well

Fixes https://jira.prod.coreos.systems/browse/QS-36
2017-12-06 13:52:25 -05:00
Joseph Schorr
aa49b37ad2 Change Docker V1 index to use verify_credentials 2017-12-06 13:52:25 -05:00
Joseph Schorr
0bcda90c6e Add kind to credentials validate call 2017-12-06 13:52:24 -05:00
Joseph Schorr
6f3d9a6fce Extract credential handling into its own module
Will be used in Docker V1 and APPR protocols
2017-12-06 13:52:24 -05:00
josephschorr
afbb2d2168
Merge pull request #2933 from coreos-inc/joseph.schorr/QS-82/xss-fix
Fix XSS in usage log viewer
2017-12-06 13:51:30 -05:00
josephschorr
a1595cd723
Merge pull request #2932 from coreos-inc/joseph.schorr/QS-81/xss-fix
Fix XSS in access token display page
2017-12-06 13:49:37 -05:00
Joseph Schorr
a2caebbb62 Fix XSS in usage log viewer
Fixes https://jira.coreos.com/browse/QS-82
2017-12-06 13:49:02 -05:00
Joseph Schorr
f9219721a2 Fix XSS in access token display page
Fixes https://jira.coreos.com/browse/QS-81
2017-12-06 13:40:31 -05:00
Joseph Schorr
25248a8c35 Make sure to close the database connection before forking in verbs
This prevents a bug with the postgres driver from breaking the verbs

Fixes https://jira.coreos.com/browse/QS-68
2017-12-04 16:33:24 -05:00
josephschorr
4a5626e64b
Merge pull request #2929 from coreos-inc/joseph.schorr/QS-72/oidc-name-issue
Fix bugs in updateuser
2017-12-01 22:23:56 +02:00
Joseph Schorr
4db1615d94 Fix bugs in updateuser
1) Also check for matching organization names
2) Ensure that errors don't leave the throbber
2017-12-01 14:58:29 -05:00
Joseph Schorr
874a7b0c41 Have Quay lookup the sbin/my_init PID to kill
We changed the entry point in Quay to be a shell script that calls `my_init`, which means the init no longer has PID 1. We therefore need to look up the correct PID to kill it.

Fixes https://jira.coreos.com/browse/QS-74
2017-12-01 14:04:43 -05:00
IvanCherepov
c383ac1f9d
Add config validation on startup (#2903)
* WIP

* Finish schema

Add three sections: security scanning, bittorrent support and feature flags.
2017-12-01 10:46:39 -05:00
josephschorr
1882545c69
Merge pull request #2927 from coreos-inc/unfiltered-search-opt
Simplify and further optimize handling of unfiltered search results
2017-12-01 00:23:15 +02:00
Joseph Schorr
32255f122b Simplify and further optimize handling of unfiltered search results
Using the DB-side limit is much faster
2017-11-30 16:56:01 -05:00
josephschorr
8ede3084d8
Merge pull request #2926 from coreos-inc/further-search-opt
Fix bug around search pagination with non-filtered searches
2017-11-30 23:36:19 +02:00
Joseph Schorr
eea026be52 Fix bug around search pagination with non-filtered searches
Also further optimizes the queries
2017-11-30 16:13:42 -05:00
josephschorr
dfd736c4c5
Merge pull request #2925 from coreos-inc/fix-search-ordering
Fix typo in how we order search results
2017-11-30 22:01:42 +02:00
Joseph Schorr
0440cca3ef Fix typo in how we order search results
`.desc()` needs to be on the field
2017-11-30 14:53:23 -05:00
josephschorr
3b8feeba4c
Merge pull request #2924 from coreos-inc/search-opt
Optimize searching of repositories when there is no query
2017-11-30 21:41:06 +02:00
Joseph Schorr
c767c88b82 Optimize searching of repositories when there is no query 2017-11-30 14:10:22 -05:00
josephschorr
b69015f349
Merge pull request #2923 from coreos-inc/rev
Rev our dependencies
2017-11-30 20:44:21 +02:00
Joseph Schorr
07ffdf1fd9 Rev our dependencies 2017-11-30 13:35:59 -05:00
josephschorr
8f2d800ade
Merge pull request #2922 from coreos-inc/fix-ci
Fix Quay CI
2017-11-30 20:07:45 +02:00
Joseph Schorr
45931dc856 Add --no-sandbox flag to Karma test 2017-11-30 11:57:51 -05:00
Joseph Schorr
c168413a8e Fix bug when running ipresolver under Gitlab CI
Since the container does contain IP data, this would fail
2017-11-30 10:23:58 -05:00
josephschorr
51b043bd23
Merge pull request #2921 from coreos-inc/joseph.schorr/QS-63/public-browse
Browse/exploration of repositories
2017-11-28 18:19:28 +02:00
josephschorr
a918339c90
Merge pull request #2920 from coreos-inc/joseph.schorr/QS-69/swift-chunk-test
Additional testing and a fix for Swift segmenting
2017-11-28 18:14:23 +02:00
Joseph Schorr
2ced523313 Add Explore tab and query-less searching
Allows for exploration of all visible repositories, in paginated form.

This change also fixes the layout of the header on different viewport sizes to be consistently a single line in height.

Fixes https://jira.coreos.com/browse/QS-63
2017-11-28 16:50:23 +02:00
Joseph Schorr
c7e439f593 Set a default error message for resource views
Ensures that we don't display an empty error box
2017-11-28 15:38:48 +02:00
Joseph Schorr
6cd8140c34 Pad out the segment identifier for Swift segments and change test back to string comparison
Makes us follow the docs closer
2017-11-28 09:46:40 +02:00
Joseph Schorr
3bbcb93977 Add additional Swift chunking tests 2017-11-28 09:46:40 +02:00
josephschorr
773ea9fc65
Merge pull request #2915 from coreos-inc/joseph.schorr/QS-41/build-man-alarms
Add additional metrics on executor start and failure
2017-11-27 18:14:19 +02:00
josephschorr
175934039a
Merge pull request #2919 from coreos-inc/joseph.schorr/QS-65/retry-user
Move recaptcha check after the username check
2017-11-27 18:13:50 +02:00
josephschorr
78d0a7ae79
Merge pull request #2916 from coreos-inc/joseph.schorr/QS-67/start-build-bug
Hide "Start Build" button in builds tab if not accessible
2017-11-27 17:01:00 +02:00
josephschorr
2b92cc1a4d
Merge pull request #2917 from coreos-inc/joseph.schorr/QS-64/timezone-stamp
Locale-aware time and duration display
2017-11-27 17:00:45 +02:00
Joseph Schorr
9b2fb46e34 Move recaptcha check after the username check
Ensures that if someone chooses an existing username, they don't need to re-recaptcha

Fixes https://jira.coreos.com/browse/QS-65
2017-11-27 16:59:42 +02:00
Joseph Schorr
49dff5729c Switch time display components to use locale-aware format strings 2017-11-27 16:03:54 +02:00
Joseph Schorr
db53f82a34 Shorten the default date/times shown 2017-11-27 13:19:26 +02:00
Joseph Schorr
110fac1902 Switch logs view to use <time-display> component 2017-11-27 13:19:18 +02:00
Joseph Schorr
b5b4aa154c Add support for date-only to the time-display component 2017-11-27 13:08:38 +02:00
Joseph Schorr
89d635f6cf Change to use the <time-display> component 2017-11-27 12:56:26 +02:00
Joseph Schorr
7d55ff9c67 Add a <time-display> component for better display of time 2017-11-27 12:56:06 +02:00
Joseph Schorr
2ea06d3df8 Change all uses of am-time-ago to the <time-ago> component 2017-11-27 12:41:19 +02:00
Joseph Schorr
33af54d355 Add a <time-ago> component to abstract out common handling of showing how long ago an event occurred 2017-11-27 12:40:58 +02:00