Joseph Schorr
477a3fdcdc
Add a test to verify that all important blueprints have all their methods decorated
...
This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access
2015-06-02 15:56:44 -04:00
Jimmy Zelinskie
e01bdd4ab0
triggers: metadata.commit_sha -> metadata.commit
...
This resolves an issue where the custom-git trigger's public facing
schema was not the same as the internal metadata schema. Instead of
breaking users, we rework the internal metadata schema to be the same as
the custom-git JSON schema. This commit also updates everything that
used `metadata.commit_sha` including the test database.
2015-06-02 15:32:28 -04:00
Joseph Schorr
075c75d031
Change to always granting a signed token if there is a valid user OR if there is valid permissions on a repository
...
This fixes the issue whereby attempting to pull a public repository as an authenticated user with anonymous access disabled caused an unexpected 401. This change also adds tests for a few other use cases to verify we haven't broken anything.
2015-06-02 15:16:22 -04:00
Joseph Schorr
3602b59465
Add registry tests for anonymous access
2015-06-02 14:27:57 -04:00
Joseph Schorr
c0e995c1d4
Merge branch 'master' into nolurk
2015-06-02 13:55:16 -04:00
Jake Moshenko
42da017d69
Merge pull request #48 from coreos-inc/nobots
...
Change API calls that expect non-robots to explicitly filter
2015-06-02 12:31:19 -04:00
Joseph Schorr
5516911de9
Fix OAuth redirect for denial action when generating for internal tokens
2015-06-02 12:25:59 -04:00
Jake Moshenko
7bc5f7a1ca
Merge pull request #53 from coreos-inc/v1test
...
Add tests for the registry that mimic Docker's calls
2015-06-02 12:24:42 -04:00
Joseph Schorr
9585e2a765
End-to-end registry tests
2015-06-01 16:35:30 -04:00
Jimmy Zelinskie
b7adacb36b
Merge pull request #58 from coreos-inc/gitjsfix
...
Fix small JS issue if the underlying repository has no branches defined
2015-06-01 16:10:04 -04:00
Joseph Schorr
d414111fa7
Fix small JS issue if the underlying repository has no branches defined
...
This allows the user to continue the setup, even if the repo is empty.
2015-06-01 15:45:13 -04:00
Jimmy Zelinskie
8493395aec
Merge pull request #56 from coreos-inc/bbbranchfix
...
Fix bitbucket triggers when the branch tag filter removes all branches
2015-06-01 15:43:38 -04:00
Joseph Schorr
25ee46f5a2
Fix bitbucket triggers when the branch tag filter removes all branches
2015-06-01 15:35:59 -04:00
josephschorr
491de200f6
Merge pull request #45 from coreos-inc/ldapreferfix
...
Fix LDAP referral and multiple pair handling
2015-06-01 14:11:00 -04:00
Joseph Schorr
2a56790d38
Switch to using a named LDAP tuple for more readable code
2015-06-01 14:02:05 -04:00
Jimmy Zelinskie
edee0d1fd5
Merge pull request #54 from coreos-inc/removedep
...
Remove unneeded avatar library
2015-06-01 13:53:02 -04:00
Joseph Schorr
e4e82790ca
Remove unneeded avatar library
2015-06-01 13:32:57 -04:00
Joseph Schorr
dd28a845db
Fix NPE in cache control decorator
2015-05-28 13:22:42 -04:00
Jake Moshenko
a875d2c34b
Merge pull request #52 from jakedt/roadmap
...
Add a roadmap.
2015-05-27 15:56:12 -04:00
Jake Moshenko
eb35845c87
Add a roadmap.
2015-05-27 15:54:45 -04:00
Jimmy Zelinskie
af0c4fab70
Merge pull request #51 from coreos-inc/badgenote
...
Add a note to the badges section about tokens
2015-05-27 15:31:07 -04:00
Joseph Schorr
e22e94d609
Add a note to the badges section about tokens
...
This alerts users to the fact that the tokens for badges are safe to share
2015-05-27 15:27:08 -04:00
Joseph Schorr
386b1710ed
Merge branch 'master' into ldapreferfix
2015-05-27 15:15:47 -04:00
Joseph Schorr
1aff701bc7
Fix LDAP referral and multiple pair handling
...
Fixes two issues found with our LDAP handling code. First, we now follow referrals in both LDAP calls, as some LDAP systems will return a referral instead of the original record. Second, we now make sure to handle multiple search result pairs properly by further filtering based on the presence of the 'mail' attribute when we have multiple valid pairs. This CL also adds tests for all of the above cases.
2015-05-27 15:04:34 -04:00
Joseph Schorr
92a374d708
Merge branch 'master' of github.com:coreos-inc/quay
2015-05-27 12:06:43 -04:00
Joseph Schorr
8929e25dd8
Fix typo
2015-05-27 12:06:38 -04:00
Jimmy Zelinskie
8061a70889
Merge pull request #49 from coreos-inc/uifix
...
Make sure there is always a way to create a repo notification
2015-05-26 18:29:56 -04:00
Joseph Schorr
bd262bbb3f
Make sure there is always a way to create a repo notification
...
Before this change, the button was hidden on small sizes, but the link was only shown on extra-small sizes, leaving a small window where there was no way to create a new notification
2015-05-26 18:29:04 -04:00
Joseph Schorr
fdd43e2490
Change API calls that expect non-robots to explicitly filter
...
Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users
2015-05-26 17:47:33 -04:00
Jimmy Zelinskie
e5e2384998
Merge pull request #47 from coreos-inc/downloadbuildlogs
...
Add an endpoint for downloading the logs of a build.
2015-05-26 17:32:47 -04:00
Joseph Schorr
b3ea4ecaa2
Remove unneeded mime type set; jsonify does this for us
2015-05-26 17:30:10 -04:00
Joseph Schorr
9888c3ad9b
Add an endpoint for downloading the logs of a build.
2015-05-26 17:24:18 -04:00
Joseph Schorr
ecabf086ea
Add missing newline at end of decorators.py
2015-05-26 16:48:59 -04:00
Jimmy Zelinskie
2464124f62
Merge pull request #38 from coreos-inc/swift
...
Add Swift Storage
2015-05-26 16:37:26 -04:00
Joseph Schorr
375d7670a8
Explain why we re-raise ClientException in the swift storage engine
2015-05-26 16:35:12 -04:00
Joseph Schorr
7001fb05bf
Add further comments on the TODO in get_direct_download_url
2015-05-26 16:34:59 -04:00
Joseph Schorr
2e4893dce0
We only add the build to the build list if present, not if missing
2015-05-26 16:05:38 -04:00
Joseph Schorr
58685f02cd
Fix NPE in notifications service
2015-05-26 16:05:38 -04:00
Joseph Schorr
d1fa155eee
Fix NPE
2015-05-26 16:05:37 -04:00
Joseph Schorr
597a86f501
Fix case where the auth token was not written properly for BitBucket
2015-05-26 16:05:37 -04:00
Joseph Schorr
162dcf05e3
Have the verifyUser endpoint use the same confirm_existing_user method
...
This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
0359d3f379
nginx: move ssl config out of server-base
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
5db790bb30
setup-tool: add HSTS info box
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
5db4e58e16
nginx: SSL config into server-base.conf
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
0c15c2888d
nginx: update cipher suite, HSTS, X-Frame-Options
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
ccfebdf22b
nginx: support OCSP Stapling
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
2a03f4d070
nginx: drop SSLv3, support TLS 1.1 & 1.2
2015-05-26 16:05:37 -04:00
Jimmy Zelinskie
4f6234ea8f
nginx: enable Strict Transport Security
2015-05-26 16:05:36 -04:00
Joseph Schorr
f6fea27c12
Fix encrypted password generator to use the LDAP username, not the Quay username.
...
Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username.
2015-05-26 16:05:36 -04:00
Joseph Schorr
88ece113ee
Explicitly enable LDAP referrals
...
Note: The mock LDAP system doesn't support referrals, so we can't add a unit test for this.
2015-05-26 16:05:36 -04:00