Joseph Schorr
188ea98441
Add new decorator to prevent reflected text attacks
...
Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend.
2018-02-20 11:33:45 -05:00
Joseph Schorr
e220b50543
Refactor auth code to be cleaner and more extensible
...
We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc).
2018-02-14 15:35:27 -05:00
Joseph Schorr
5d69fc2aa3
Move param_required into the decorators module
2017-07-20 16:01:38 -04:00
Joseph Schorr
98e2ccf74d
Move parse_repository_name into decorators
2017-07-20 16:01:38 -04:00
Joseph Schorr
0531f6c749
Small cleanups to the decorators file
2017-07-20 16:01:38 -04:00
Joseph Schorr
17f3de811e
Move route_show_if into decorators
...
Also removes unused route_hide_if
2017-07-20 11:07:31 -04:00
Jimmy Zelinskie
3d0e63d8e5
endpoints.appr.decorators: isolate appr decorators
2017-03-22 23:53:03 -04:00
Jimmy Zelinskie
82bcd45727
endpoints: clarify repo access decorators
2017-03-22 23:41:38 -04:00
Joseph Schorr
4a4eee5e05
Make our JWT subjects better and log using the info
...
Fixes #1039
2015-12-14 14:00:33 -05:00
Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Joseph Schorr
ecabf086ea
Add missing newline at end of decorators.py
2015-05-26 16:48:59 -04:00
Joseph Schorr
54992c23b7
Add a feature flag for disabling unauthenticated access to the registry in its entirety.
2015-05-19 17:52:44 -04:00
