vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
6567 commits 2 branches 62 tags 205 MiB
Commit graph

1675 commits

Author SHA1 Message Date
josephschorr
01ec22b362 Merge pull request #2300 from coreos-inc/openid-connect 
OpenID Connect support and OAuth login refactoring
 2017-01-31 18:14:44 -05:00
Charlton Austin
2dfae9e892 Merge pull request #2303 from charltonaustin/view_build_logs_as_superuser_137910387 
feature(superuser panel): ability to view logs
 2017-01-27 12:32:31 -05:00
Charlton Austin
dae93dce78 feature(superuser panel): ability to view logs 
users would like the ability to view build logs in the superuser panel

[None]
 2017-01-26 13:54:03 -05:00
Joseph Schorr
05e9e31941 Fix small lookup bug under MySQL 2017-01-25 12:55:56 -05:00
Joseph Schorr
a9791ea419 Have external login always make an API request to get the authorization URL 
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
 2017-01-23 19:06:19 -05:00
Joseph Schorr
fda203e4d7 Add proper and tested OIDC support on the server 
Note that this will still not work on the client side; the followup CL for the client side is right after this one.
 2017-01-23 17:53:34 -05:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins 
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
 2017-01-20 15:21:08 -05:00
Joseph Schorr
4755d08677 Refactor and rename the standard OAuth services 2017-01-19 15:23:15 -05:00
Joseph Schorr
bee2551dc2 Temporarily remove Dex login support 
This will be added back in later in this PR as part of proper generic OIDC support
 2017-01-19 14:51:12 -05:00
josephschorr
e2748fccd9 Merge pull request #2282 from coreos-inc/motd-updates 
Severity and Markdown support in MOTD
 2017-01-18 17:41:27 -05:00
Joseph Schorr
3106504f39 Severity and Markdown support in MOTD 
[Delivers #133555165]
 2017-01-18 16:55:32 -05:00
Joseph Schorr
669a3070bd Only parse request URL in track_and_log when necessary 2017-01-18 11:23:23 -05:00
Joseph Schorr
89229a8f2c Don't publish registry events to Redis for robots 
The tutorial can only be used by users, so no need to publish for robots, which can cause issues in pulling for builders and other prod mechanisms if Redis is being finicky
 2017-01-18 11:22:07 -05:00
josephschorr
9b65b37011 Merge pull request #2245 from coreos-inc/recaptcha 
Add support for recaptcha during the create account flow
 2017-01-17 11:34:23 -05:00
josephschorr
ac8cddc5a9 Merge pull request #2274 from coreos-inc/custom-cert-management 
Custom SSL certificates config panel
 2017-01-13 16:24:47 -05:00
Joseph Schorr
efdedba2ae Superuser config tool warnings 
Adds warnings displayed in the superuser config tool that the changes made will only be applied to the local instance (in non-k8s case) or that a deployment is required (in the k8s case)

[Delivers #137537413]
 2017-01-13 15:50:50 -05:00
Joseph Schorr
7e0fbeb625 Custom SSL certificates config panel 
Adds a new panel to the superuser config tool, for managing custom SSL certificates in the config bundle

[Delivers #135586525]
 2017-01-13 14:34:35 -05:00
Alec Merdler
081424ed82 Merge pull request #2268 from coreos-inc/frontend-testing-framework 
Front-end testing framework
 2017-01-11 16:20:40 -08:00
Jake Moshenko
fe9f97cd0e Fix the order and number of arguments for squashing/ACI 2017-01-11 15:16:49 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow 
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
 2017-01-09 11:08:21 -05:00
alecmerdler
659417f7ef tests for AngularViewArray service 2017-01-07 00:28:02 -08:00
Joseph Schorr
9413e25123 Change georeplication queuing to use new batch system 2016-12-21 17:44:30 -05:00
josephschorr
732ab67b57 Merge pull request #2252 from coreos-inc/parallel-tests 
Fix pytests and enable parallel registry tests
 2016-12-20 16:56:52 -05:00
Joseph Schorr
481cebe46b Fix pytests and enable parallel registry tests 2016-12-20 15:42:04 -05:00
Joseph Schorr
f4f5a065df Add check for None repository in start build API 
Fixes #2244
 2016-12-19 11:40:24 -05:00
Brad Ison
2730c26b2e Merge pull request #2237 from coreos-inc/metrics-labels 
Don't record size in chunk upload metrics
 2016-12-15 14:20:34 -05:00
Brad Ison
df7366eace Add chunk size metric 2016-12-15 13:20:16 -05:00
EvB
43aed7c6f4 fix(endpoints/api): return empty 204 resp 
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
 2016-12-14 16:22:39 -05:00
Brad Ison
8f59ac1251 Don't record size in chunk upload metrics 2016-12-14 12:16:02 -05:00
Joseph Schorr
fd364ccca3 Remove unneeded exception var 2016-12-09 14:52:49 -05:00
Joseph Schorr
1302fd2fbd Switch csrf token check to use compare_digest to prevent timing attacks 
Also adds some additional tests for CSRF tokens
 2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1 Add end-to-end OAuth login and attach tests 2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db Fix small pylint issues 2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token 
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
 2016-12-08 16:11:57 -05:00
josephschorr
543d86ae10 Merge pull request #2221 from coreos-inc/fix-error-pages 
Have all error pages be rendered by Angular
 2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788 Merge pull request #2206 from coreos-inc/ldap-user-search-fix 
Fix external auth returns for query_user calls
 2016-12-07 17:53:04 -05:00
Joseph Schorr
c06bba38de Have all error pages be rendered by Angular 
Fixes #2198

Fixes https://www.pivotaltracker.com/story/show/135724483
 2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747 Merge pull request #2204 from jzelinskie/429builds 
add rate limiting to build queues
 2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1 Fix external auth returns for query_user calls 
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
 2016-12-07 14:28:42 -05:00
Jimmy Zelinskie
ebbe58d311 replace prefix w/ canonical name list 2016-12-07 12:56:56 -05:00
Joseph Schorr
d349e1639a Fix doc comment on security scan API endpoint 
Fixes #2216
 2016-12-07 11:50:22 -05:00
Jimmy Zelinskie
c41de8ded6 build queue rate limiting: address PR comments 2016-12-06 20:40:54 -05:00
Jimmy Zelinskie
eb69abff8b build rate limiting: tests 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
57770493fa build rate limiting: use a rate 2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94 add rate limiting to build queues 2016-12-06 16:30:12 -05:00
Jake Moshenko
d656e54d99 Fix unsafe mutable default params. 2016-12-06 14:00:16 -05:00
Jake Moshenko
21e3001446 Add a bulk insert for queue and notifications. 
Use it for Clair spawned notifications.
 2016-12-06 14:00:16 -05:00
Joseph Schorr
97d150e281 Have QSS only add security scanner notifications once 2016-12-05 19:08:20 -05:00
Joseph Schorr
cf61c29671 Move SETUP_COMPLETE check up to allow users to add license 
Somehow this change got lost.
 2016-12-05 13:22:14 -05:00
Charlton Austin
4103a0b75f Adding in cancel notifications 2016-11-30 14:38:34 -05:00