Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0a176d0abe 
								
							 
						 
						
							
							
								
								Fix plans manager display to be less confusing when we show deprecated plans  
							
							
							
						 
						
							2017-12-18 11:45:15 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6de96ee8a5 
								
							 
						 
						
							
							
								
								Fix the custom cert install process to install to the new certifi location, in addition to the old location  
							
							... 
							
							
							
							Also updates our requirements around requests 
							
						 
						
							2017-12-15 17:26:44 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								60bc655695 
								
							 
						 
						
							
							
								
								Fix flakiness in a test when comparing date times  
							
							
							
						 
						
							2017-12-14 14:00:20 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b2485934ed 
								
							 
						 
						
							
							
								
								Enable caching of blobs in V2 registry protocol, to avoid DB connections after the cache has been loaded  
							
							... 
							
							
							
							This should help for bursty pull traffic, as it will avoid DB connections on a huge % of requests 
							
						 
						
							2017-12-14 13:38:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								db6007cb37 
								
							 
						 
						
							
							
								
								Change v2 registry auth code to not hit the database when we know we have permissions loaded  
							
							... 
							
							
							
							Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection* 
							
						 
						
							2017-12-14 13:37:31 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3c72e9878d 
								
							 
						 
						
							
							
								
								Add the concept of a data model cache, for caching of Namedtuple objects from the data model  
							
							... 
							
							
							
							Will be used to cache blobs, thus removing the need to hit the database in most blob requests 
							
						 
						
							2017-12-14 13:36:51 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								51e67ab7f5 
								
							 
						 
						
							
							
								
								Fix get_blob_path to not make any database calls and add a test  
							
							... 
							
							
							
							This will be supported by caching, hopefully removing the need to hit the database when the blob object is cached 
							
						 
						
							2017-12-13 16:27:46 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								e06a83faf9 
								
							 
						 
						
							
							
								
								Merge pull request  #2941  from jzelinskie/reduce-rate-limit-simple  
							
							... 
							
							
							
							nginx: rate limit 1r/s 
							
						 
						
							2017-12-13 13:16:16 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								e36bf25a5e 
								
							 
						 
						
							
							
								
								nginx: rate limit 1r/s  
							
							... 
							
							
							
							This reduces our rate limiting down to to 1 request per second. 
							
						 
						
							2017-12-13 13:15:32 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								7e27e7f7eb 
								
							 
						 
						
							
							
								
								Merge pull request  #2943  from coreos-inc/rev-base  
							
							... 
							
							
							
							Revise our base image again 
							
						 
						
							2017-12-13 12:03:52 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								56ff068637 
								
							 
						 
						
							
							
								
								Revise our base image again  
							
							
							
						 
						
							2017-12-13 12:01:22 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								44c77b4cbb 
								
							 
						 
						
							
							
								
								Merge pull request  #2931  from coreos-inc/joseph.schorr/QS-76/oidc-scopes  
							
							... 
							
							
							
							Allow admins to configure the login scopes for OIDC login 
							
						 
						
							2017-12-08 13:33:06 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								c733c87312 
								
							 
						 
						
							
							
								
								Merge pull request  #2940  from coreos-inc/verbs-logs  
							
							... 
							
							
							
							Add additional logs and an additional test for verbs 
							
						 
						
							2017-12-07 15:42:31 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a706d99849 
								
							 
						 
						
							
							
								
								Add additional logs and an additional test for verbs  
							
							
							
						 
						
							2017-12-07 15:22:20 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								b2db266747 
								
							 
						 
						
							
							
								
								Merge pull request  #2935  from coreos-inc/joseph.schorr/QS-80/password-reset-expire  
							
							... 
							
							
							
							Add maximum lifetime of 30m on password recovery tokens 
							
						 
						
							2017-12-07 14:21:32 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								a21dad3e07 
								
							 
						 
						
							
							
								
								Merge pull request  #2937  from coreos-inc/joseph.schorr/QS-83/hide-aws-metadata  
							
							... 
							
							
							
							Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1 
							
						 
						
							2017-12-07 14:11:20 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2ffdfa1434 
								
							 
						 
						
							
							
								
								Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1  
							
							... 
							
							
							
							While this isn't strictly a security issue, it *appears* to be and we got audited as such, so just turn it off
Fixes https://jira.coreos.com/browse/QS-83  
							
						 
						
							2017-12-07 13:29:14 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								6db2ecc19f 
								
							 
						 
						
							
							
								
								Merge pull request  #2928  from coreos-inc/joseph.schorr/QS-74/fix-restart  
							
							... 
							
							
							
							Have Quay lookup the sbin/my_init PID to kill 
							
						 
						
							2017-12-07 13:25:16 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								1861d7dee9 
								
							 
						 
						
							
							
								
								Merge pull request  #2938  from coreos-inc/joseph.schorr/QS-85/signout-all  
							
							... 
							
							
							
							Invalidate all session tokens when a user signs out 
							
						 
						
							2017-12-07 13:25:00 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1d1c6f0606 
								
							 
						 
						
							
							
								
								Invalidate all session tokens when a user signs out  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-85  
							
						 
						
							2017-12-07 13:03:11 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								6c12cb8328 
								
							 
						 
						
							
							
								
								Merge pull request  #2936  from coreos-inc/joseph.schorr/QS-84/content-disposition  
							
							... 
							
							
							
							Ensure user files are always sent with the Content-Disposition header 
							
						 
						
							2017-12-07 11:42:10 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								d38a1fc851 
								
							 
						 
						
							
							
								
								Ensure user files are always sent with the Content-Disposition header  
							
							... 
							
							
							
							This prevents them from being executed in the browser directly
Fixes https://jira.coreos.com/browse/QS-84  
							
						 
						
							2017-12-06 17:12:00 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5dd95038cf 
								
							 
						 
						
							
							
								
								Add maximum lifetime of 30m on password recovery tokens  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-80  
							
						 
						
							2017-12-06 17:06:03 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c55ad59f1f 
								
							 
						 
						
							
							
								
								Allow admins to configure the login scopes for OIDC login  
							
							... 
							
							
							
							Some OIDC implementations return a larger set of scopes than is necessary, so we allow admins to override. 
							
						 
						
							2017-12-06 15:54:26 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d405f6f158 
								
							 
						 
						
							
							
								
								Merge pull request  #2899  from coreos-inc/joseph.schorr/QS-36/appr-auth-improvement  
							
							... 
							
							
							
							Allow app registry to use robots and tokens to login 
							
						 
						
							2017-12-06 15:04:22 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								b9ad8bbb5d 
								
							 
						 
						
							
							
								
								Merge pull request  #2934  from coreos-inc/joseph.schorr/QS-78/email-recovery  
							
							... 
							
							
							
							Security fixes for password recovery 
							
						 
						
							2017-12-06 14:53:02 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a204dc20fb 
								
							 
						 
						
							
							
								
								Require CAPTCHA for password recovery  
							
							... 
							
							
							
							https://jira.coreos.com/browse/QS-79  
						
							2017-12-06 14:25:34 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8d7381336a 
								
							 
						 
						
							
							
								
								Merge pull request  #2910  from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug  
							
							... 
							
							
							
							Don't add a "password required" notification for non-database auth via OIDC 
							
						 
						
							2017-12-06 14:19:49 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								927d469db0 
								
							 
						 
						
							
							
								
								In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address)  
							
							
							
						 
						
							2017-12-06 14:07:38 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								10ddf98e0c 
								
							 
						 
						
							
							
								
								Merge pull request  #2930  from coreos-inc/joseph.schorr/QS-68/squashed-image-postgres  
							
							... 
							
							
							
							Make sure to close the database connection before forking in verbs 
							
						 
						
							2017-12-06 14:03:17 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3bf8973fd9 
								
							 
						 
						
							
							
								
								Change app registry to use the credentials verification system  
							
							... 
							
							
							
							Allows for tokens, OAuth tokens and robot accounts to be used as well
Fixes https://jira.prod.coreos.systems/browse/QS-36  
							
						 
						
							2017-12-06 13:52:25 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								aa49b37ad2 
								
							 
						 
						
							
							
								
								Change Docker V1 index to use verify_credentials  
							
							
							
						 
						
							2017-12-06 13:52:25 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0bcda90c6e 
								
							 
						 
						
							
							
								
								Add kind to credentials validate call  
							
							
							
						 
						
							2017-12-06 13:52:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6f3d9a6fce 
								
							 
						 
						
							
							
								
								Extract credential handling into its own module  
							
							... 
							
							
							
							Will be used in Docker V1 and APPR protocols 
							
						 
						
							2017-12-06 13:52:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								afbb2d2168 
								
							 
						 
						
							
							
								
								Merge pull request  #2933  from coreos-inc/joseph.schorr/QS-82/xss-fix  
							
							... 
							
							
							
							Fix XSS in usage log viewer 
							
						 
						
							2017-12-06 13:51:30 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								a1595cd723 
								
							 
						 
						
							
							
								
								Merge pull request  #2932  from coreos-inc/joseph.schorr/QS-81/xss-fix  
							
							... 
							
							
							
							Fix XSS in access token display page 
							
						 
						
							2017-12-06 13:49:37 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a2caebbb62 
								
							 
						 
						
							
							
								
								Fix XSS in usage log viewer  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-82  
							
						 
						
							2017-12-06 13:49:02 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f9219721a2 
								
							 
						 
						
							
							
								
								Fix XSS in access token display page  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-81  
							
						 
						
							2017-12-06 13:40:31 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								25248a8c35 
								
							 
						 
						
							
							
								
								Make sure to close the database connection before forking in verbs  
							
							... 
							
							
							
							This prevents a bug with the postgres driver from breaking the verbs
Fixes https://jira.coreos.com/browse/QS-68  
							
						 
						
							2017-12-04 16:33:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								4a5626e64b 
								
							 
						 
						
							
							
								
								Merge pull request  #2929  from coreos-inc/joseph.schorr/QS-72/oidc-name-issue  
							
							... 
							
							
							
							Fix bugs in updateuser 
							
						 
						
							2017-12-01 22:23:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4db1615d94 
								
							 
						 
						
							
							
								
								Fix bugs in updateuser  
							
							... 
							
							
							
							1) Also check for matching organization names
2) Ensure that errors don't leave the throbber 
							
						 
						
							2017-12-01 14:58:29 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								874a7b0c41 
								
							 
						 
						
							
							
								
								Have Quay lookup the sbin/my_init PID to kill  
							
							... 
							
							
							
							We changed the entry point in Quay to be a shell script that calls `my_init`, which means the init no longer has PID 1. We therefore need to look up the correct PID to kill it.
Fixes https://jira.coreos.com/browse/QS-74  
							
						 
						
							2017-12-01 14:04:43 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									IvanCherepov 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								c383ac1f9d 
								
							 
						 
						
							
							
								
								Add config validation on startup ( #2903 )  
							
							... 
							
							
							
							* WIP
* Finish schema
Add three sections: security scanning, bittorrent support and feature flags. 
							
						 
						
							2017-12-01 10:46:39 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								1882545c69 
								
							 
						 
						
							
							
								
								Merge pull request  #2927  from coreos-inc/unfiltered-search-opt  
							
							... 
							
							
							
							Simplify and further optimize handling of unfiltered search results 
							
						 
						
							2017-12-01 00:23:15 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								32255f122b 
								
							 
						 
						
							
							
								
								Simplify and further optimize handling of unfiltered search results  
							
							... 
							
							
							
							Using the DB-side limit is much faster 
							
						 
						
							2017-11-30 16:56:01 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8ede3084d8 
								
							 
						 
						
							
							
								
								Merge pull request  #2926  from coreos-inc/further-search-opt  
							
							... 
							
							
							
							Fix bug around search pagination with non-filtered searches 
							
						 
						
							2017-11-30 23:36:19 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								eea026be52 
								
							 
						 
						
							
							
								
								Fix bug around search pagination with non-filtered searches  
							
							... 
							
							
							
							Also further optimizes the queries 
							
						 
						
							2017-11-30 16:13:42 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								dfd736c4c5 
								
							 
						 
						
							
							
								
								Merge pull request  #2925  from coreos-inc/fix-search-ordering  
							
							... 
							
							
							
							Fix typo in how we order search results 
							
						 
						
							2017-11-30 22:01:42 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0440cca3ef 
								
							 
						 
						
							
							
								
								Fix typo in how we order search results  
							
							... 
							
							
							
							`.desc()` needs to be on the field 
							
						 
						
							2017-11-30 14:53:23 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								3b8feeba4c 
								
							 
						 
						
							
							
								
								Merge pull request  #2924  from coreos-inc/search-opt  
							
							... 
							
							
							
							Optimize searching of repositories when there is no query 
							
						 
						
							2017-11-30 21:41:06 +02:00