Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4868f17832 
								
							 
						 
						
							
							
								
								Implement a basic test suite for jwtutil and add extra checks to the decode method  
							
							
							
						 
						
							2018-10-30 16:45:30 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f4b05df179 
								
							 
						 
						
							
							
								
								Fix SSL test import  
							
							
							
						 
						
							2018-07-19 11:59:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								894b754121 
								
							 
						 
						
							
							
								
								Move SSL util tests to pytest  
							
							
							
						 
						
							2018-07-18 17:26:24 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a59c951aa3 
								
							 
						 
						
							
							
								
								Add support for multiple scope parameters on V2 auth requests  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QUAY-892  
							
						 
						
							2018-04-18 20:16:49 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brad Ison 
								
							 
						 
						
							
							
							
							
								
							
							
								5da8744ddf 
								
							 
						 
						
							
							
								
								Reject JWTs with future issued-at times  
							
							... 
							
							
							
							PyJWT stopped doing this in 1.5.0 because it's not part of the spec,
and there are legitimate reasons to issue future tokens.  We still
want to reject these though as we don't have that need. 
							
						 
						
							2018-02-26 12:55:32 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e220b50543 
								
							 
						 
						
							
							
								
								Refactor auth code to be cleaner and more extensible  
							
							... 
							
							
							
							We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc). 
							
						 
						
							2018-02-14 15:35:27 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								bbdf9e074c 
								
							 
						 
						
							
							
								
								Add metrics for tracking when instance key renewal succeeds and fails, as well as when instance key *lookup* fails  
							
							
							
						 
						
							2018-02-02 11:14:42 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								524d77f527 
								
							 
						 
						
							
							
								
								Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password  
							
							
							
						 
						
							2018-01-04 15:27:41 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								54a4476cbb 
								
							 
						 
						
							
							
								
								Make missing log more descriptive  
							
							
							
						 
						
							2017-09-12 16:19:55 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0ba54ed4fc 
								
							 
						 
						
							
							
								
								Simplify the caching of service keys to hopefully avoid the not found issue  
							
							... 
							
							
							
							Makes accesses simpler and reduces the number of dictionaries to one, in an effort to remove race conditions 
							
						 
						
							2017-05-26 13:51:48 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								2661db7485 
								
							 
						 
						
							
							
								
								Add flag to enable trust per repo ( #2541 )  
							
							... 
							
							
							
							* Add flag to enable trust per repo
* Add api for enabling/disabling trust
* Add new LogEntryKind for changing repo trust settings
Also add tests for repo trust api
* Add `set_trust` method to repository
* Expose new logkind to UI
* Fix registry tests
* Rebase migrations and regen test.db
* Raise downstreamissue if trust metadata can't be removed
* Refactor change_repo_trust
* Add show_if to change_repo_trust endpoint 
							
						 
						
							2017-04-15 08:26:33 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								1016641f8d 
								
							 
						 
						
							
							
								
								refactor jwt context building  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								abd78bce56 
								
							 
						 
						
							
							
								
								Use constants for TUF roots  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								6ad107709c 
								
							 
						 
						
							
							
								
								Change build_context_and_subject to take kwargs  
							
							
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								43dd974dca 
								
							 
						 
						
							
							
								
								Determine which TUF root to show based on actual access, not requested  
							
							... 
							
							
							
							access 
							
						 
						
							2017-03-27 11:37:17 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								d63cca025a 
								
							 
						 
						
							
							
								
								DNS name check got reversed; breaks wildcards  
							
							
							
						 
						
							2017-01-29 11:51:37 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3a24871422 
								
							 
						 
						
							
							
								
								Add SSL certificate utility and tests  
							
							
							
						 
						
							2017-01-10 17:06:13 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6ae3faf7fc 
								
							 
						 
						
							
							
								
								Add explicit config parameter to the JWT auth methods  
							
							
							
						 
						
							2016-09-29 11:15:20 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dd2e086a20 
								
							 
						 
						
							
							
								
								Add feature flag to force all direct download URLs to be proxied  
							
							... 
							
							
							
							Fixes  #1667  
						
							2016-09-29 11:13:41 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ab1756306b 
								
							 
						 
						
							
							
								
								Switch to using the leeway parameter on JWT validation  
							
							
							
						 
						
							2016-06-27 14:42:44 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2653d213c9 
								
							 
						 
						
							
							
								
								Add an allowed amount of clock skew to registry JWTs  
							
							
							
						 
						
							2016-06-24 15:08:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a43b741f1b 
								
							 
						 
						
							
							
								
								Add a uniqueness hash to derived image storage to break caching over tags  
							
							... 
							
							
							
							This allows converted ACIs and squashed images to be unique based on the specified tag.
Fixes  #92  
							
						 
						
							2016-06-20 16:34:52 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								71b2853f40 
								
							 
						 
						
							
							
								
								Make sure to iterate over a copy of the public_keys dictionary  
							
							
							
						 
						
							2016-06-07 18:20:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8887f09ba8 
								
							 
						 
						
							
							
								
								Use the instance service key for registry JWT signing  
							
							
							
						 
						
							2016-06-07 11:58:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f02d295dd8 
								
							 
						 
						
							
							
								
								Fix missing argument change  
							
							
							
						 
						
							2016-05-23 17:44:22 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f670c4c7a9 
								
							 
						 
						
							
							
								
								Change Signer to use the config provider and fix tests  
							
							... 
							
							
							
							Fixes the broken ACI tests 
							
						 
						
							2016-05-23 17:10:03 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								5568cc77b8 
								
							 
						 
						
							
							
								
								remove all default keys ( #1485 )  
							
							... 
							
							
							
							This change:
- Generates a new BitTorrent pepper by default
- Generates a new pagination key by default
- Changes the pagination key format to base64
- Removes selfsigned JWT certs
- Moves test keys to test/data 
							
						 
						
							2016-05-23 16:00:48 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								4266ae7ce5 
								
							 
						 
						
							
							
								
								Fix the x5c header in our registry jwts.  
							
							
							
						 
						
							2016-05-23 15:05:54 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								9221a515de 
								
							 
						 
						
							
							
								
								Use the registry API for security scanning  
							
							... 
							
							
							
							when the storage engine doesn't support direct download url 
							
						 
						
							2016-05-04 18:04:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								6577ac3e62 
								
							 
						 
						
							
							
								
								mv JWK-canonicalization util.security.fingerprint  
							
							
							
						 
						
							2016-04-29 14:05:16 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8e1727b6d3 
								
							 
						 
						
							
							
								
								Fix mail and signing defaults  
							
							
							
						 
						
							2016-03-08 18:08:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								11af123ba5 
								
							 
						 
						
							
							
								
								Merge pull request  #1244  from coreos-inc/enableaci  
							
							... 
							
							
							
							Add UI to the setup tool for enabling ACI conversion 
							
						 
						
							2016-02-17 12:29:48 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1940fd9939 
								
							 
						 
						
							
							
								
								Add UI to the setup tool for enabling ACI conversion  
							
							... 
							
							
							
							Fixes  #1211  
						
							2016-02-17 12:05:48 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								db0eab0461 
								
							 
						 
						
							
							
								
								Fix V2 catalog and tag pagination  
							
							
							
						 
						
							2016-02-10 00:25:33 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								01a92a66ba 
								
							 
						 
						
							
							
								
								Refresh base image and python dependencies  
							
							
							
						 
						
							2016-01-27 11:36:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								335c8eb3a9 
								
							 
						 
						
							
							
								
								Add 2 day TTL to page tokens  
							
							
							
						 
						
							2016-01-26 14:04:03 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b4bddacedb 
								
							 
						 
						
							
							
								
								Switch to Fernet crypto as per gtank's recommendation  
							
							
							
						 
						
							2016-01-26 12:50:48 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								9c3ddf846f 
								
							 
						 
						
							
							
								
								Some fixes and tests for v2 auth  
							
							... 
							
							
							
							Fixes  #395  
						
							2015-09-10 15:38:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								82efc746b3 
								
							 
						 
						
							
							
								
								Make our JWT checking more strict.  
							
							
							
						 
						
							2015-09-04 15:18:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								18100be481 
								
							 
						 
						
							
							
								
								Refactor the util directory to use subpackages.  
							
							
							
						 
						
							2015-08-03 16:04:19 -04:00