Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								11c7994398 
								
							 
						 
						
							
							
								
								Fix 500 on logout  
							
							
							
						 
						
							2015-07-28 15:47:04 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5d243bb45f 
								
							 
						 
						
							
							
								
								Fix potential NPE  
							
							
							
						 
						
							2015-07-24 12:12:30 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								687bab1c05 
								
							 
						 
						
							
							
								
								Support invite codes for verification of email  
							
							... 
							
							
							
							Also changes the system so we don't apply the invite until it is called explicitly from the frontend
Fixes  #241  
							
						 
						
							2015-07-22 13:41:27 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								5d86fa80e7 
								
							 
						 
						
							
							
								
								Merge pull request  #197  from coreos-inc/keystone  
							
							... 
							
							
							
							Add Keystone Auth 
							
						 
						
							2015-07-22 13:38:47 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								38a6b3621c 
								
							 
						 
						
							
							
								
								Automatically link the superuser account to federated service for auth  
							
							... 
							
							
							
							When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart. 
							
						 
						
							2015-07-22 13:37:23 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a0c4e72f13 
								
							 
						 
						
							
							
								
								Clean up the repository list API and loads stars with it  
							
							... 
							
							
							
							We load stars with the same list API now so that we get the extra metadata needed in the repo list (popularity and last modified) 
							
						 
						
							2015-07-22 13:05:02 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								679044574a 
								
							 
						 
						
							
							
								
								Merge pull request  #231  from coreos-inc/smallfix  
							
							... 
							
							
							
							Small API fixes 
							
						 
						
							2015-07-20 13:45:24 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								33b54218cc 
								
							 
						 
						
							
							
								
								Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass  
							
							
							
						 
						
							2015-07-20 11:39:59 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								3efaa255e8 
								
							 
						 
						
							
							
								
								Accidental refactor, split out legacy.py into separate sumodules and update all call sites.  
							
							
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7a548ea101 
								
							 
						 
						
							
							
								
								Fix queries for repository list popularity and action count  
							
							... 
							
							
							
							Before this change, we used extremely inefficient outer joins as part of a single query of lookup, which was spiking our CPU usage to nearly 100% on the query. We now issue two separate queries for popularity and action account, by doing a lookup of the previously found IDs. Interestingly enough, because of the way the queries are now written, MySQL can actually do both queries *directly from the indicies*, which means they each occur in approx 20ms!
Verified by local tests, postgres tests, and testing on staging with monitoring of our CPU usage during lookup 
							
						 
						
							2015-07-17 00:08:27 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								c64e490059 
								
							 
						 
						
							
							
								
								Merge pull request  #136  from coreos-inc/syslogviewfix  
							
							... 
							
							
							
							Fix logs view in superuser panel 
							
						 
						
							2015-07-15 18:22:23 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								f5ee7a6697 
								
							 
						 
						
							
							
								
								Make the scopes dynamic based on app config.  
							
							
							
						 
						
							2015-07-15 18:13:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f6a9afce90 
								
							 
						 
						
							
							
								
								Change abort to NotFound so it is properly formatted into JSON  
							
							
							
						 
						
							2015-07-14 11:34:45 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e04c22867c 
								
							 
						 
						
							
							
								
								Switch logs to use a single comprehension  
							
							
							
						 
						
							2015-07-13 12:45:08 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3a59c99b08 
								
							 
						 
						
							
							
								
								Add a secondary tab to Teams for managing org members  
							
							... 
							
							
							
							Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click
Fixes  #212  
							
						 
						
							2015-07-02 17:06:36 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								cb238f8764 
								
							 
						 
						
							
							
								
								Merge pull request  #207  from coreos-inc/squashperm  
							
							... 
							
							
							
							Have the fetch tag dialog show a warning for robot accounts without access 
							
						 
						
							2015-07-02 10:23:14 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								ba067048d8 
								
							 
						 
						
							
							
								
								Merge pull request  #203  from coreos-inc/encpass  
							
							... 
							
							
							
							Add encrypted password output in the superuser API 
							
						 
						
							2015-07-01 12:40:05 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b535e222b8 
								
							 
						 
						
							
							
								
								Have the fetch tag dialog show a warning for robot accounts without access  
							
							... 
							
							
							
							Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user. 
							
						 
						
							2015-07-01 19:37:52 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b91b60e83d 
								
							 
						 
						
							
							
								
								Add encrypted password output in the superuser API  
							
							... 
							
							
							
							When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along 
							
						 
						
							2015-07-01 19:29:42 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								7aeaf2344e 
								
							 
						 
						
							
							
								
								Merge pull request  #200  from coreos-inc/tagapilimit  
							
							... 
							
							
							
							Add pagination support to tag history API 
							
						 
						
							2015-06-30 22:09:09 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f7f10f4a6d 
								
							 
						 
						
							
							
								
								Add pagination support to tag history API  
							
							... 
							
							
							
							Fixes  #198  
						
							2015-06-30 19:44:43 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								87efcb9e3d 
								
							 
						 
						
							
							
								
								Delegated superuser API access  
							
							... 
							
							
							
							Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users. 
							
						 
						
							2015-06-30 11:08:26 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								81bb76d3df 
								
							 
						 
						
							
							
								
								Fix spelling mistakes  
							
							
							
						 
						
							2015-06-29 21:38:01 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2b1bbcb579 
								
							 
						 
						
							
							
								
								Add a table view to the repos list page  
							
							... 
							
							
							
							Fixes  #104  
						
							2015-06-29 21:12:53 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								756d6784ca 
								
							 
						 
						
							
							
								
								Merge pull request  #192  from coreos-inc/sqlssl  
							
							... 
							
							
							
							Allow SSL cert for the database to be configured 
							
						 
						
							2015-06-29 13:33:31 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								6e6b3c675f 
								
							 
						 
						
							
							
								
								Merge pull request  #28  from coreos-inc/swagger2  
							
							... 
							
							
							
							Switch to Swagger v2 
							
						 
						
							2015-06-29 12:18:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dc5af7496c 
								
							 
						 
						
							
							
								
								Allow superusers to disable user accounts  
							
							
							
						 
						
							2015-06-29 18:40:52 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b8c74bbb17 
								
							 
						 
						
							
							
								
								Remove container usage tab and replace with changlog view  
							
							... 
							
							
							
							Fixes  #179  
						
							2015-06-29 11:07:46 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bb07d0965f 
								
							 
						 
						
							
							
								
								Allow SSL cert for the database to be configured  
							
							... 
							
							
							
							This change adds a field for the SSL cert for the database in the setup tool. Fixes  #89  
							
						 
						
							2015-06-29 08:08:10 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								07439328a4 
								
							 
						 
						
							
							
								
								Remove user_exists endpoint from all auth systems  
							
							
							
						 
						
							2015-06-23 17:33:51 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ce6474c6b5 
								
							 
						 
						
							
							
								
								Robots API for users should not be internal-only  
							
							
							
						 
						
							2015-06-22 15:14:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3fb2a33ee7 
								
							 
						 
						
							
							
								
								Fix the API service to use the new Swagger description form  
							
							
							
						 
						
							2015-06-22 15:13:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								33b31a2451 
								
							 
						 
						
							
							
								
								Fix logs view in superuser panel  
							
							... 
							
							
							
							This seems to have been broken ever since we moved to syslog 
							
						 
						
							2015-06-15 20:55:23 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e7fa560787 
								
							 
						 
						
							
							
								
								Add support for custom fields in billing invoices  
							
							... 
							
							
							
							Customers (especially in Europe) need the ability to add Tax IDs, VAT IDs, and other custom fields to their invoices.
Fixes  #106  
							
						 
						
							2015-06-12 16:45:01 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								2a2414d6af 
								
							 
						 
						
							
							
								
								Merge pull request  #60  from coreos-inc/jwtauthentication  
							
							... 
							
							
							
							Add support for an external JWT-based authentication system 
							
						 
						
							2015-06-05 13:37:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8aac3fd86e 
								
							 
						 
						
							
							
								
								Add support for an external JWT-based authentication system  
							
							... 
							
							
							
							This authentication system hits two HTTP endpoints to check and verify the existence of users:
Existance endpoint:
GET http://endpoint/  with Authorization: Basic (username:) =>
    Returns 200 if the username/email exists, 4** otherwise
Verification endpoint:
GET http://endpoint/  with Authorization: Basic (username:password) =>
    Returns 200 and a signed JWT with the user's username and email address if the username+password validates, 4** otherwise with the body containing an optional error message
The JWT produced by the endpoint must be issued with an issuer matching that configured in the config.yaml, and the audience must be "quay.io/jwtauthn". The JWT is signed using a private key and then validated on the Quay.io side with the associated public key, found as "jwt-authn.cert" in the conf/stack directory. 
							
						 
						
							2015-06-05 13:20:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								477a3fdcdc 
								
							 
						 
						
							
							
								
								Add a test to verify that all important blueprints have all their methods decorated  
							
							... 
							
							
							
							This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access 
							
						 
						
							2015-06-02 15:56:44 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c0e995c1d4 
								
							 
						 
						
							
							
								
								Merge branch 'master' into nolurk  
							
							
							
						 
						
							2015-06-02 13:55:16 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								fdd43e2490 
								
							 
						 
						
							
							
								
								Change API calls that expect non-robots to explicitly filter  
							
							... 
							
							
							
							Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users 
							
						 
						
							2015-05-26 17:47:33 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								855f3a3e4d 
								
							 
						 
						
							
							
								
								Have the verifyUser endpoint use the same confirm_existing_user method  
							
							... 
							
							
							
							This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP 
							
						 
						
							2015-05-22 16:26:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b0d763b5ff 
								
							 
						 
						
							
							
								
								Fix encrypted password generator to use the LDAP username, not the Quay username.  
							
							... 
							
							
							
							Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username. 
							
						 
						
							2015-05-20 16:37:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								54992c23b7 
								
							 
						 
						
							
							
								
								Add a feature flag for disabling unauthenticated access to the registry in its entirety.  
							
							
							
						 
						
							2015-05-19 17:52:44 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0bc1c29dff 
								
							 
						 
						
							
							
								
								Switch the Python side to Swagger v2  
							
							
							
						 
						
							2015-05-14 16:47:38 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3e1abba284 
								
							 
						 
						
							
							
								
								Add ability for super users to rename and delete organizations  
							
							
							
						 
						
							2015-05-11 18:03:25 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1c41d34b7c 
								
							 
						 
						
							
							
								
								Add ability for superusers to change user emails  
							
							
							
						 
						
							2015-05-11 14:38:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f858caf6cd 
								
							 
						 
						
							
							
								
								Only return the team and repo permissions when listing robots when we absolutely need them.  
							
							
							
						 
						
							2015-05-08 16:43:07 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c767aafcd6 
								
							 
						 
						
							
							
								
								Make the repository API faster by only checking the log entries table once for each kind of entry, rather than twice. We make use of a special subquery-like syntax, which allows us to count those entries that are both 30 days only and 1 day old in the same query. This was tested successfully on MySQL, Postgres and Sqlite.  
							
							
							
						 
						
							2015-05-07 22:49:11 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3627de103c 
								
							 
						 
						
							
							
								
								Minimize the queries used when retrieve builds. Previously, we'd call out to SQL extra times per build.  
							
							
							
						 
						
							2015-05-07 21:11:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a46d367276 
								
							 
						 
						
							
							
								
								Remove unneeded repo filter  
							
							
							
						 
						
							2015-05-06 20:55:17 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e647d91e8b 
								
							 
						 
						
							
							
								
								Switch the repos page to use a single API call, rather than one per namespace + one for star repos  
							
							
							
						 
						
							2015-05-06 19:15:03 -04:00