vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
6567 commits 2 branches 62 tags 205 MiB
Commit graph

192 commits

Author SHA1 Message Date
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token 
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
 2016-12-08 16:11:57 -05:00
Joseph Schorr
c06bba38de Have all error pages be rendered by Angular 
Fixes #2198

Fixes https://www.pivotaltracker.com/story/show/135724483
 2016-12-07 17:49:02 -05:00
Joseph Schorr
0e24f6b40a Fix user redirects to go to the correct URL 
`/user` no longer works and returns a 404; we now need to redirect to the specific user page
 2016-11-28 18:55:41 -05:00
Joseph Schorr
964b1013d9 Make receipt filenames include date information 
Fixes #1997
 2016-11-21 15:35:56 -05:00
Charlton Austin
2fe74e4057 Adding in UI for cancel anytime. 2016-11-21 10:58:32 -05:00
Joseph Schorr
0e602efbf9 Fix error displayed for OAuth if an existing token already matches scopes 
Before this change, the OAuth system would automatically redirect to display the code if the scopes requested were a subset of those already granted by the user. However, the missing process auth resulted in `get_authenticated_user` returning None, which broke the OAuth flow.

Fixes #2131
 2016-11-17 16:21:26 -05:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username 
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
 2016-11-03 15:59:14 -04:00
Joseph Schorr
3a473cad2a Enable permanent sessions 
Fixes #1955
 2016-10-31 13:52:09 -04:00
Jake Moshenko
f04b018805 Write our users to Marketo as leads. 2016-10-14 16:29:11 -04:00
Jimmy Zelinskie
31b77cf232 rename auth.auth to auth.process 
This fixes some ambiguity around imports.
 2016-09-29 15:24:57 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports 
This change reorganizes imports and renames the legacy flask extensions.
 2016-09-28 20:17:14 -04:00
Joseph Schorr
4d5c65e6d4 Better 404 (and 403) pages 
Fixes #1819
 2016-09-21 13:54:21 -04:00
Joseph Schorr
193040a473 Fix tag links 
Fixes #1741
 2016-08-17 15:06:10 -04:00
Joseph Schorr
7fddc61b8f Add instance key ID to the health check endpoint 
Fixes #1429
 2016-07-05 14:14:22 -04:00
Jake Moshenko
a1cf12e460 Add a sitemap.txt for popular public repos 
and reference it from the robots.txt
 2016-06-17 14:34:20 -04:00
Jake Moshenko
746728ba24 Remove escaped_fragment snapshot rendering. 2016-06-14 12:53:10 -04:00
Joseph Schorr
8177c39aff Move privacy and TOS to Angular 
Fixes #1529
 2016-06-09 13:45:37 -04:00
Joseph Schorr
8887f09ba8 Use the instance service key for registry JWT signing 2016-06-07 11:58:10 -04:00
josephschorr
a85c3ebff7 Merge pull request #1457 from coreos-inc/xauth 
Add support for direct granting of OAuth tokens and add tests
 2016-06-01 12:07:12 -04:00
Joseph Schorr
7933aecf25 Add support for direct granting of OAuth tokens and add tests 
This allows a client (when authorized in a whitelist) to send direct credentials via a Basic auth header and therefore bypass the OAuth approval UI for that user.
 2016-05-23 17:17:06 -04:00
Joseph Schorr
f670c4c7a9 Change Signer to use the config provider and fix tests 
Fixes the broken ACI tests
 2016-05-23 17:10:03 -04:00
Joseph Schorr
73fa593d02 Various small fixes in prep for QE release 2016-05-04 15:20:27 -04:00
josephschorr
f0af2ca9c3 Merge pull request #1407 from coreos-inc/enterpriselanding 
Add Enterprise Landing page
 2016-05-03 13:52:22 -04:00
Jimmy Zelinskie
d0bd70fb36 endpoints.web: add missing import 2016-04-29 14:05:16 -04:00
Jimmy Zelinskie
fca258d8bf endpoints: remove /keys 
BitTorrent support should now be able to use the keyserver
infrastructure instead.
 2016-04-29 14:05:16 -04:00
Joseph Schorr
c6f7dfa102 Add Enterprise Landing page 
Note: The design comes directparners.
 2016-04-28 13:47:54 -04:00
Joseph Schorr
a882055f62 Better error message for invalid recovery codes 2016-03-30 16:02:47 -04:00
Jimmy Zelinskie
bb46cc933d use kwargs for parse_repository_name 2016-03-09 16:20:28 -05:00
Joseph Schorr
1940fd9939 Add UI to the setup tool for enabling ACI conversion 
Fixes #1211
 2016-02-17 12:05:48 -05:00
Joseph Schorr
6a8331d305 Tests for endpoints/web and some small fixes 2016-02-05 09:45:25 +02:00
Jake Moshenko
9310fe1832 Convert some flask-login user methods to properties 2016-01-29 10:36:28 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
Jake Moshenko
3071152dd1 Fix the JWK to use base64 encoded bytes 2016-01-14 10:08:35 -05:00
Jimmy Zelinskie
de750defdb s/RSA256/RS256 2016-01-13 12:59:53 -05:00
Jimmy Zelinskie
bcdbf0301d add cache-control headers to /keys 2016-01-12 17:58:21 -05:00
Jimmy Zelinskie
d21b4adc62 remove global for get_route_data 2016-01-08 16:43:15 -05:00
Jimmy Zelinskie
8a924aae4a move jwk set URI to /keys 2016-01-08 16:22:31 -05:00
Jimmy Zelinskie
559a55b1de add lru cache to _get_route_data() 2016-01-08 16:22:17 -05:00
Joseph Schorr
161475baaa Break circular dependencies introduced by importing common in verbs 2016-01-08 13:54:40 -05:00
Jimmy Zelinskie
087c6828ad add feature.BITTORRENT and jwk set URI 2016-01-07 19:07:23 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Matt Jibson
f4b57eff96 Set and use ETag headers 
Also set no-cache exactly as github recommends. The removed @no_cache
decorater used "Cache-Control:no-cache, no-store, must-revalidate", but
just no-cache should be sufficient, and should certainly work correctly
with github.

See: https://github.com/github/markup/issues/224#issuecomment-48532178

fixes #712
 2015-11-06 12:15:15 -05:00
Quentin Machu
c1fa22d9b0 Define nginx v2 vhost & properly set 404 status code 
Fixes #777
 2015-11-04 14:56:18 -05:00
Joseph Schorr
d4646e459e Disable 404, as it is breaking V2 API checks 2015-11-04 02:47:33 -05:00
Quentin Machu
adb744089e Add 404 page 
Fixes coreos-inc/quay#677
 2015-10-21 18:40:15 -04:00
Joseph Schorr
49b575afb6 Start refactoring of the trigger system: 
- Move each trigger handler into its own file
- Add dictionary helper classes for easier reading and writing of dict-based data
- Extract the web hook payload -> internal representation building for each trigger system
- Add tests for this transformation
- Remove support for Github archived-based building
 2015-09-21 16:36:48 -04:00
Joseph Schorr
fd3a21fba9 Add Kubernetes configuration provider which writes config to a secret 
Fixes #145
 2015-09-10 12:19:59 -04:00
Joseph Schorr
a916177c16 Fix broken imports 2015-07-29 18:28:58 -04:00
Jake Moshenko
3efaa255e8 Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-17 11:56:15 -04:00