Joseph Schorr
c0286d1ac3
Add support for Dex to Quay
...
Fixes #306
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Joseph Schorr
5c1d195a19
Fix swagger errors
...
Fixes #287
2015-08-03 14:10:15 -04:00
Joseph Schorr
5d243bb45f
Fix potential NPE
2015-07-24 12:12:30 -04:00
Joseph Schorr
687bab1c05
Support invite codes for verification of email
...
Also changes the system so we don't apply the invite until it is called explicitly from the frontend
Fixes #241
2015-07-22 13:41:27 -04:00
Joseph Schorr
33b54218cc
Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials
method which only does the verification, without the linking. We use this in the superuser verification pass
2015-07-20 11:39:59 -04:00
Jake Moshenko
3efaa255e8
Accidental refactor, split out legacy.py into separate sumodules and update all call sites.
2015-07-17 11:56:15 -04:00
Jake Moshenko
6e6b3c675f
Merge pull request #28 from coreos-inc/swagger2
...
Switch to Swagger v2
2015-06-29 12:18:10 -04:00
Joseph Schorr
dc5af7496c
Allow superusers to disable user accounts
2015-06-29 18:40:52 +03:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Joseph Schorr
fdd43e2490
Change API calls that expect non-robots to explicitly filter
...
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Joseph Schorr
855f3a3e4d
Have the verifyUser endpoint use the same confirm_existing_user method
...
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-22 16:26:26 -04:00
Joseph Schorr
b0d763b5ff
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-20 16:37:09 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
Joseph Schorr
0bc1c29dff
Switch the Python side to Swagger v2
2015-05-14 16:47:38 -04:00
Joseph Schorr
60036927c9
Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email.
2015-04-29 20:30:37 -04:00
Joseph Schorr
f67eeee8c8
Start conversion of the user admin/view
2015-04-02 16:34:41 -04:00
Joseph Schorr
5cd500257d
Merge branch 'master' into orgview
2015-04-01 13:56:49 -04:00
Joseph Schorr
1f5e6df678
- Fix tests
...
- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes
2015-03-31 18:50:43 -04:00
Joseph Schorr
27a9b84587
Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists
2015-03-30 17:55:04 -04:00
Joseph Schorr
384d6083c4
Make sure to conduct login after the password change now that the session will be invalidated for the user
2015-03-26 20:04:32 -04:00
Joseph Schorr
aaf1b23e98
Address CL concerns and switch to a real encryption system
2015-03-26 15:10:58 -04:00
Joseph Schorr
e4b659f107
Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords
2015-03-25 18:43:12 -04:00
Jimmy Zelinskie
9dd6e8e639
api/user: remove log_action comments for stars
...
It is not necessary to log the starring of repositories.
2015-03-02 13:25:58 -05:00
Jimmy Zelinskie
fb0d3d69c2
changes to reflect PR comments (not finished)
2015-02-24 17:50:54 -05:00
Jimmy Zelinskie
35a2414d85
tests: star security tests
2015-02-23 14:23:32 -05:00
Jimmy Zelinskie
3780434279
endpoints.api.user: require useradmin for star ops
2015-02-19 17:03:36 -05:00
Jimmy Zelinskie
917dd6b674
Merge branch 'master' into star
2015-02-18 17:36:58 -05:00
Jake Moshenko
990739b1e5
Add the APIs required to change the time machine policy for users and organizations.
2015-02-12 14:37:11 -05:00
Jake Moshenko
64750e31fc
Add the ability to select for update within transactions to fix some write after read hazards. Fix a bug in extend_processing.
2015-01-30 16:32:13 -05:00
Jimmy Zelinskie
8464b54ad9
star status shown in normal repo listings
2014-12-30 15:07:14 -05:00
Jimmy Zelinskie
5a484cfe11
Initial redesigned UI for repo listings w/ stars.
2014-12-11 15:07:41 -05:00
Jimmy Zelinskie
4f5a78ca2c
Add missing args param.
2014-12-02 17:32:43 -08:00
Jimmy Zelinskie
aa4903c3cd
add docs for star repo api
2014-12-02 17:31:21 -08:00
Jimmy Zelinskie
eb956e5b7d
initial work on adding models for starring repos.
...
I'm sick of using `git stash`.
2014-12-02 17:31:21 -08:00
Joseph Schorr
b3240de1f8
Rename gravatar field after the bees merge.
2014-11-25 19:59:24 -05:00
Joseph Schorr
7bf96c506f
Merge branch 'bees' into koh
2014-11-24 19:25:53 -05:00
Joseph Schorr
e9cac407df
Add a configurable avatar system and add an internal avatar system for enterprise
2014-11-24 19:25:13 -05:00
Jake Moshenko
2b8c246476
Temporarily put user rename behind a feature flag. Switch queue names back to using the username for namespace while we figure out a real migration strategy.
2014-11-20 15:36:39 -05:00
Joseph Schorr
ccc16fd6f4
Merge branch 'master' into bees
2014-11-17 13:14:27 -05:00
Jake Moshenko
ed8bcff39e
Merge remote-tracking branch 'origin/master' into nomenclature
...
Conflicts:
test/data/test.db
workers/dockerfilebuild.py
2014-10-06 10:29:39 -04:00
Joseph Schorr
e0993b26af
Make query params only read from query params, not JSON as well
2014-10-03 15:05:34 -04:00
Joseph Schorr
1d8ec59362
Merge branch master into bees
2014-10-02 15:08:32 -04:00
Joseph Schorr
c682899861
Add a feature flag to disable user creation
2014-10-02 14:49:18 -04:00
Jake Moshenko
e8b3d1cc4a
Phase 4 of the namespace to user migration: actually remove the column from the db and remove the dependence on serialized namespaces in the workers and queues
2014-10-01 14:23:46 -04:00
Joseph Schorr
f3b03ebc34
Add a feature flag for disabling all emails
2014-09-22 19:11:48 -04:00
Joseph Schorr
b212dbb2ab
Merge branch 'master' into better-emails
2014-09-18 13:20:32 -04:00
Jake Moshenko
75d2ef377e
Merge remote-tracking branch 'origin/master' into comewithmeifyouwanttowork
...
Conflicts:
data/model/legacy.py
2014-09-15 17:52:17 -04:00
Joseph Schorr
913b3e472f
Add ability to detach external login services
2014-09-15 12:01:02 -04:00
Joseph Schorr
10faa7de84
Only allow users matching the team invite to accept, if the invite was specified for a user (rather than an email)
2014-09-12 14:29:01 -04:00
Jake Moshenko
c5ca46a14b
Merge remote-tracking branch 'origin/master' into comewithmeifyouwanttowork
...
Conflicts:
data/model/legacy.py
static/js/app.js
2014-09-12 11:03:30 -04:00
Joseph Schorr
8d3ce44682
Address comments on code review
2014-09-11 15:45:41 -04:00
Joseph Schorr
3c20402b32
Add a common base email template, translate the emails over to using jinja and add emails when e-mail addresses and passwords are changed.
2014-09-05 19:57:33 -04:00
Joseph Schorr
e028d4ae0a
Merge master into branch
2014-09-04 18:08:18 -04:00
Joseph Schorr
1c2de35f28
Code review fixes
2014-09-04 17:54:51 -04:00
Joseph Schorr
e783df31e0
Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.
2014-09-04 14:24:20 -04:00
Joseph Schorr
1e7e012b92
Add a requirement for the current password to change the user's password or email address
2014-09-03 15:41:25 -04:00
Joseph Schorr
6f1a4030b6
Add response schema validation (only when in TESTING mode) and add one schema. More will be added in a followup CL
2014-08-27 20:57:46 -04:00
Joseph Schorr
d76d4704a0
Add pagination to the notifications API and make the UI only show a maximum of 5 notifications (beyond that, it shows "5+").
2014-08-26 15:19:39 -04:00
Joseph Schorr
53fb7f4136
Add documentation for all path parameters
2014-08-19 19:05:28 -04:00
Joseph Schorr
11176215e1
Commit new DB changes and make sure the metadata is always present in some form
2014-08-11 18:35:26 -04:00
Joseph Schorr
389c88a7c4
Update federated login to store metadata and have the UI pull the information from the metadata
2014-08-11 18:25:01 -04:00
Joseph Schorr
32b2ecdfa6
Add ability to dismiss notifications
2014-07-28 18:23:46 -04:00
Joseph Schorr
b0c4f5b2f5
- Fix tests to not hit remote Redis endpoint
...
- Fix convert organization to allow admin email address, in addition to username
- Add test for the above
2014-07-08 18:19:13 -04:00
Jake Moshenko
8e6328a5f0
Merge branch 'driversed' of ssh://bitbucket.org/yackob03/quay into driversed
2014-05-29 11:24:44 -04:00
Jake Moshenko
0683f2657e
Rename the email util to not conflict with a builtin library.
2014-05-28 18:22:48 -04:00
Joseph Schorr
69be86be97
Add extra seat check in the user API call and turn off user->org conversion when authentication is LDAP
2014-05-28 15:53:53 -04:00
Joseph Schorr
205362bc7b
Add UI for handling the case when an enterprise has reached its maximum seat count
2014-05-28 15:22:36 -04:00
Jake Moshenko
027ada1f5c
First stab at LDAP integration.
2014-05-09 17:39:43 -04:00
jakedt
73f23f155c
Merge branch 'ncc1701' of ssh://bitbucket.org/yackob03/quay into ncc1701
2014-04-10 15:20:26 -04:00
jakedt
d39f3cc5d4
Fix the tests and implement a fake stripe.
2014-04-10 15:20:16 -04:00
Joseph Schorr
0e320c964f
- Add support for super users
...
- Add a super user API
- Add a super user interface
2014-04-10 00:26:55 -04:00
Joseph Schorr
19a20a6c94
Turn off all references and API calls to billing if the feature is disabled
2014-04-06 00:36:19 -04:00
Joseph Schorr
4f4112b18d
Add show_if and hide_if methods for routes and APIs, as well as proper comparison of feature values
2014-04-03 19:32:09 -04:00
jakedt
8538455cef
Fix the user API to throw the nicer 401 that the FE can handle.
2014-03-25 17:58:19 -04:00
jakedt
41cfadac23
Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list.
2014-03-25 17:26:45 -04:00
jakedt
0097daebc2
Formatting changes.
2014-03-25 14:32:02 -04:00
Joseph Schorr
c82d1ffe98
Add ability for users to see their authorized applications and revoke the access
2014-03-24 20:57:02 -04:00
jakedt
c93c62600d
Merge remote-tracking branch 'origin/master' into swaggerlikeus
...
Conflicts:
data/database.py
endpoints/api.py
endpoints/common.py
templates/base.html
test/data/test.db
test/specs.py
2014-03-19 15:39:44 -04:00
jakedt
6fc369bed2
Change non logged in 403s to 401s.
2014-03-19 13:57:36 -04:00
jakedt
6267275d6f
Mark a whole slew of APIs as internal only.
2014-03-19 12:09:07 -04:00
jakedt
64071b9e8e
Add a user info scope and thread it through the code. Protect the org modification API.
2014-03-18 19:21:27 -04:00
jakedt
6f39e158d6
Eliminate all of the exceptions when running the tests.
2014-03-18 15:58:37 -04:00
jakedt
3b3d71bfd7
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 16:57:35 -04:00
jakedt
5cc2bdbc71
Fix some errors.
2014-03-17 14:52:52 -04:00
jakedt
ddf5f2053c
Convert old style jsonschema required params to new style.
2014-03-17 12:25:41 -04:00
jakedt
5bb4008880
Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections.
2014-03-17 12:01:13 -04:00
jakedt
60015f0ae0
Add internal API filtering.
2014-03-14 18:07:03 -04:00
jakedt
e475e9809d
Port over webhooks, search, and builds.
2014-03-13 16:31:37 -04:00
jakedt
85eb585a85
Port most of the user related apis.
2014-03-13 15:19:49 -04:00