josephschorr
b9ad8bbb5d
Merge pull request #2934 from coreos-inc/joseph.schorr/QS-78/email-recovery
...
Security fixes for password recovery
2017-12-06 14:53:02 -05:00
Joseph Schorr
a204dc20fb
Require CAPTCHA for password recovery
...
https://jira.coreos.com/browse/QS-79
2017-12-06 14:25:34 -05:00
josephschorr
8d7381336a
Merge pull request #2910 from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug
...
Don't add a "password required" notification for non-database auth via OIDC
2017-12-06 14:19:49 -05:00
Joseph Schorr
927d469db0
In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address)
2017-12-06 14:07:38 -05:00
josephschorr
10ddf98e0c
Merge pull request #2930 from coreos-inc/joseph.schorr/QS-68/squashed-image-postgres
...
Make sure to close the database connection before forking in verbs
2017-12-06 14:03:17 -05:00
Joseph Schorr
3bf8973fd9
Change app registry to use the credentials verification system
...
Allows for tokens, OAuth tokens and robot accounts to be used as well
Fixes https://jira.prod.coreos.systems/browse/QS-36
2017-12-06 13:52:25 -05:00
Joseph Schorr
aa49b37ad2
Change Docker V1 index to use verify_credentials
2017-12-06 13:52:25 -05:00
Joseph Schorr
0bcda90c6e
Add kind to credentials validate call
2017-12-06 13:52:24 -05:00
Joseph Schorr
6f3d9a6fce
Extract credential handling into its own module
...
Will be used in Docker V1 and APPR protocols
2017-12-06 13:52:24 -05:00
josephschorr
afbb2d2168
Merge pull request #2933 from coreos-inc/joseph.schorr/QS-82/xss-fix
...
Fix XSS in usage log viewer
2017-12-06 13:51:30 -05:00
josephschorr
a1595cd723
Merge pull request #2932 from coreos-inc/joseph.schorr/QS-81/xss-fix
...
Fix XSS in access token display page
2017-12-06 13:49:37 -05:00
Joseph Schorr
a2caebbb62
Fix XSS in usage log viewer
...
Fixes https://jira.coreos.com/browse/QS-82
2017-12-06 13:49:02 -05:00
Joseph Schorr
f9219721a2
Fix XSS in access token display page
...
Fixes https://jira.coreos.com/browse/QS-81
2017-12-06 13:40:31 -05:00
Joseph Schorr
25248a8c35
Make sure to close the database connection before forking in verbs
...
This prevents a bug with the postgres driver from breaking the verbs
Fixes https://jira.coreos.com/browse/QS-68
2017-12-04 16:33:24 -05:00
josephschorr
4a5626e64b
Merge pull request #2929 from coreos-inc/joseph.schorr/QS-72/oidc-name-issue
...
Fix bugs in updateuser
2017-12-01 22:23:56 +02:00
Joseph Schorr
4db1615d94
Fix bugs in updateuser
...
1) Also check for matching organization names
2) Ensure that errors don't leave the throbber
2017-12-01 14:58:29 -05:00
Joseph Schorr
874a7b0c41
Have Quay lookup the sbin/my_init PID to kill
...
We changed the entry point in Quay to be a shell script that calls `my_init`, which means the init no longer has PID 1. We therefore need to look up the correct PID to kill it.
Fixes https://jira.coreos.com/browse/QS-74
2017-12-01 14:04:43 -05:00
IvanCherepov
c383ac1f9d
Add config validation on startup ( #2903 )
...
* WIP
* Finish schema
Add three sections: security scanning, bittorrent support and feature flags.
2017-12-01 10:46:39 -05:00
josephschorr
1882545c69
Merge pull request #2927 from coreos-inc/unfiltered-search-opt
...
Simplify and further optimize handling of unfiltered search results
2017-12-01 00:23:15 +02:00
Joseph Schorr
32255f122b
Simplify and further optimize handling of unfiltered search results
...
Using the DB-side limit is much faster
2017-11-30 16:56:01 -05:00
josephschorr
8ede3084d8
Merge pull request #2926 from coreos-inc/further-search-opt
...
Fix bug around search pagination with non-filtered searches
2017-11-30 23:36:19 +02:00
Joseph Schorr
eea026be52
Fix bug around search pagination with non-filtered searches
...
Also further optimizes the queries
2017-11-30 16:13:42 -05:00
josephschorr
dfd736c4c5
Merge pull request #2925 from coreos-inc/fix-search-ordering
...
Fix typo in how we order search results
2017-11-30 22:01:42 +02:00
Joseph Schorr
0440cca3ef
Fix typo in how we order search results
...
`.desc()` needs to be on the field
2017-11-30 14:53:23 -05:00
josephschorr
3b8feeba4c
Merge pull request #2924 from coreos-inc/search-opt
...
Optimize searching of repositories when there is no query
2017-11-30 21:41:06 +02:00
Joseph Schorr
c767c88b82
Optimize searching of repositories when there is no query
2017-11-30 14:10:22 -05:00
josephschorr
b69015f349
Merge pull request #2923 from coreos-inc/rev
...
Rev our dependencies
2017-11-30 20:44:21 +02:00
Joseph Schorr
07ffdf1fd9
Rev our dependencies
2017-11-30 13:35:59 -05:00
josephschorr
8f2d800ade
Merge pull request #2922 from coreos-inc/fix-ci
...
Fix Quay CI
2017-11-30 20:07:45 +02:00
Joseph Schorr
45931dc856
Add --no-sandbox flag to Karma test
2017-11-30 11:57:51 -05:00
Joseph Schorr
c168413a8e
Fix bug when running ipresolver under Gitlab CI
...
Since the container does contain IP data, this would fail
2017-11-30 10:23:58 -05:00
josephschorr
51b043bd23
Merge pull request #2921 from coreos-inc/joseph.schorr/QS-63/public-browse
...
Browse/exploration of repositories
2017-11-28 18:19:28 +02:00
josephschorr
a918339c90
Merge pull request #2920 from coreos-inc/joseph.schorr/QS-69/swift-chunk-test
...
Additional testing and a fix for Swift segmenting
2017-11-28 18:14:23 +02:00
Joseph Schorr
2ced523313
Add Explore tab and query-less searching
...
Allows for exploration of all visible repositories, in paginated form.
This change also fixes the layout of the header on different viewport sizes to be consistently a single line in height.
Fixes https://jira.coreos.com/browse/QS-63
2017-11-28 16:50:23 +02:00
Joseph Schorr
c7e439f593
Set a default error message for resource views
...
Ensures that we don't display an empty error box
2017-11-28 15:38:48 +02:00
Joseph Schorr
6cd8140c34
Pad out the segment identifier for Swift segments and change test back to string comparison
...
Makes us follow the docs closer
2017-11-28 09:46:40 +02:00
Joseph Schorr
3bbcb93977
Add additional Swift chunking tests
2017-11-28 09:46:40 +02:00
josephschorr
773ea9fc65
Merge pull request #2915 from coreos-inc/joseph.schorr/QS-41/build-man-alarms
...
Add additional metrics on executor start and failure
2017-11-27 18:14:19 +02:00
josephschorr
175934039a
Merge pull request #2919 from coreos-inc/joseph.schorr/QS-65/retry-user
...
Move recaptcha check after the username check
2017-11-27 18:13:50 +02:00
josephschorr
78d0a7ae79
Merge pull request #2916 from coreos-inc/joseph.schorr/QS-67/start-build-bug
...
Hide "Start Build" button in builds tab if not accessible
2017-11-27 17:01:00 +02:00
josephschorr
2b92cc1a4d
Merge pull request #2917 from coreos-inc/joseph.schorr/QS-64/timezone-stamp
...
Locale-aware time and duration display
2017-11-27 17:00:45 +02:00
Joseph Schorr
9b2fb46e34
Move recaptcha check after the username check
...
Ensures that if someone chooses an existing username, they don't need to re-recaptcha
Fixes https://jira.coreos.com/browse/QS-65
2017-11-27 16:59:42 +02:00
Joseph Schorr
49dff5729c
Switch time display components to use locale-aware format strings
2017-11-27 16:03:54 +02:00
Joseph Schorr
db53f82a34
Shorten the default date/times shown
2017-11-27 13:19:26 +02:00
Joseph Schorr
110fac1902
Switch logs view to use <time-display> component
2017-11-27 13:19:18 +02:00
Joseph Schorr
b5b4aa154c
Add support for date-only to the time-display component
2017-11-27 13:08:38 +02:00
Joseph Schorr
89d635f6cf
Change to use the <time-display> component
2017-11-27 12:56:26 +02:00
Joseph Schorr
7d55ff9c67
Add a <time-display> component for better display of time
2017-11-27 12:56:06 +02:00
Joseph Schorr
2ea06d3df8
Change all uses of am-time-ago to the <time-ago> component
2017-11-27 12:41:19 +02:00
Joseph Schorr
33af54d355
Add a <time-ago> component to abstract out common handling of showing how long ago an event occurred
2017-11-27 12:40:58 +02:00