Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								56ff068637 
								
							 
						 
						
							
							
								
								Revise our base image again  
							
							
							
						 
						
							2017-12-13 12:01:22 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								44c77b4cbb 
								
							 
						 
						
							
							
								
								Merge pull request  #2931  from coreos-inc/joseph.schorr/QS-76/oidc-scopes  
							
							... 
							
							
							
							Allow admins to configure the login scopes for OIDC login 
							
						 
						
							2017-12-08 13:33:06 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								c733c87312 
								
							 
						 
						
							
							
								
								Merge pull request  #2940  from coreos-inc/verbs-logs  
							
							... 
							
							
							
							Add additional logs and an additional test for verbs 
							
						 
						
							2017-12-07 15:42:31 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a706d99849 
								
							 
						 
						
							
							
								
								Add additional logs and an additional test for verbs  
							
							
							
						 
						
							2017-12-07 15:22:20 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								b2db266747 
								
							 
						 
						
							
							
								
								Merge pull request  #2935  from coreos-inc/joseph.schorr/QS-80/password-reset-expire  
							
							... 
							
							
							
							Add maximum lifetime of 30m on password recovery tokens 
							
						 
						
							2017-12-07 14:21:32 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								a21dad3e07 
								
							 
						 
						
							
							
								
								Merge pull request  #2937  from coreos-inc/joseph.schorr/QS-83/hide-aws-metadata  
							
							... 
							
							
							
							Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1 
							
						 
						
							2017-12-07 14:11:20 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2ffdfa1434 
								
							 
						 
						
							
							
								
								Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1  
							
							... 
							
							
							
							While this isn't strictly a security issue, it *appears* to be and we got audited as such, so just turn it off
Fixes https://jira.coreos.com/browse/QS-83  
							
						 
						
							2017-12-07 13:29:14 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								6db2ecc19f 
								
							 
						 
						
							
							
								
								Merge pull request  #2928  from coreos-inc/joseph.schorr/QS-74/fix-restart  
							
							... 
							
							
							
							Have Quay lookup the sbin/my_init PID to kill 
							
						 
						
							2017-12-07 13:25:16 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								1861d7dee9 
								
							 
						 
						
							
							
								
								Merge pull request  #2938  from coreos-inc/joseph.schorr/QS-85/signout-all  
							
							... 
							
							
							
							Invalidate all session tokens when a user signs out 
							
						 
						
							2017-12-07 13:25:00 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1d1c6f0606 
								
							 
						 
						
							
							
								
								Invalidate all session tokens when a user signs out  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-85  
							
						 
						
							2017-12-07 13:03:11 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								6c12cb8328 
								
							 
						 
						
							
							
								
								Merge pull request  #2936  from coreos-inc/joseph.schorr/QS-84/content-disposition  
							
							... 
							
							
							
							Ensure user files are always sent with the Content-Disposition header 
							
						 
						
							2017-12-07 11:42:10 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								d38a1fc851 
								
							 
						 
						
							
							
								
								Ensure user files are always sent with the Content-Disposition header  
							
							... 
							
							
							
							This prevents them from being executed in the browser directly
Fixes https://jira.coreos.com/browse/QS-84  
							
						 
						
							2017-12-06 17:12:00 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5dd95038cf 
								
							 
						 
						
							
							
								
								Add maximum lifetime of 30m on password recovery tokens  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-80  
							
						 
						
							2017-12-06 17:06:03 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c55ad59f1f 
								
							 
						 
						
							
							
								
								Allow admins to configure the login scopes for OIDC login  
							
							... 
							
							
							
							Some OIDC implementations return a larger set of scopes than is necessary, so we allow admins to override. 
							
						 
						
							2017-12-06 15:54:26 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d405f6f158 
								
							 
						 
						
							
							
								
								Merge pull request  #2899  from coreos-inc/joseph.schorr/QS-36/appr-auth-improvement  
							
							... 
							
							
							
							Allow app registry to use robots and tokens to login 
							
						 
						
							2017-12-06 15:04:22 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								b9ad8bbb5d 
								
							 
						 
						
							
							
								
								Merge pull request  #2934  from coreos-inc/joseph.schorr/QS-78/email-recovery  
							
							... 
							
							
							
							Security fixes for password recovery 
							
						 
						
							2017-12-06 14:53:02 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a204dc20fb 
								
							 
						 
						
							
							
								
								Require CAPTCHA for password recovery  
							
							... 
							
							
							
							https://jira.coreos.com/browse/QS-79  
						
							2017-12-06 14:25:34 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8d7381336a 
								
							 
						 
						
							
							
								
								Merge pull request  #2910  from coreos-inc/joseph.schorr/QS-58/oidc-auth-bug  
							
							... 
							
							
							
							Don't add a "password required" notification for non-database auth via OIDC 
							
						 
						
							2017-12-06 14:19:49 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								927d469db0 
								
							 
						 
						
							
							
								
								In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address)  
							
							
							
						 
						
							2017-12-06 14:07:38 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								10ddf98e0c 
								
							 
						 
						
							
							
								
								Merge pull request  #2930  from coreos-inc/joseph.schorr/QS-68/squashed-image-postgres  
							
							... 
							
							
							
							Make sure to close the database connection before forking in verbs 
							
						 
						
							2017-12-06 14:03:17 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3bf8973fd9 
								
							 
						 
						
							
							
								
								Change app registry to use the credentials verification system  
							
							... 
							
							
							
							Allows for tokens, OAuth tokens and robot accounts to be used as well
Fixes https://jira.prod.coreos.systems/browse/QS-36  
							
						 
						
							2017-12-06 13:52:25 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								aa49b37ad2 
								
							 
						 
						
							
							
								
								Change Docker V1 index to use verify_credentials  
							
							
							
						 
						
							2017-12-06 13:52:25 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0bcda90c6e 
								
							 
						 
						
							
							
								
								Add kind to credentials validate call  
							
							
							
						 
						
							2017-12-06 13:52:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								6f3d9a6fce 
								
							 
						 
						
							
							
								
								Extract credential handling into its own module  
							
							... 
							
							
							
							Will be used in Docker V1 and APPR protocols 
							
						 
						
							2017-12-06 13:52:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								afbb2d2168 
								
							 
						 
						
							
							
								
								Merge pull request  #2933  from coreos-inc/joseph.schorr/QS-82/xss-fix  
							
							... 
							
							
							
							Fix XSS in usage log viewer 
							
						 
						
							2017-12-06 13:51:30 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								a1595cd723 
								
							 
						 
						
							
							
								
								Merge pull request  #2932  from coreos-inc/joseph.schorr/QS-81/xss-fix  
							
							... 
							
							
							
							Fix XSS in access token display page 
							
						 
						
							2017-12-06 13:49:37 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a2caebbb62 
								
							 
						 
						
							
							
								
								Fix XSS in usage log viewer  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-82  
							
						 
						
							2017-12-06 13:49:02 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f9219721a2 
								
							 
						 
						
							
							
								
								Fix XSS in access token display page  
							
							... 
							
							
							
							Fixes https://jira.coreos.com/browse/QS-81  
							
						 
						
							2017-12-06 13:40:31 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								25248a8c35 
								
							 
						 
						
							
							
								
								Make sure to close the database connection before forking in verbs  
							
							... 
							
							
							
							This prevents a bug with the postgres driver from breaking the verbs
Fixes https://jira.coreos.com/browse/QS-68  
							
						 
						
							2017-12-04 16:33:24 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								4a5626e64b 
								
							 
						 
						
							
							
								
								Merge pull request  #2929  from coreos-inc/joseph.schorr/QS-72/oidc-name-issue  
							
							... 
							
							
							
							Fix bugs in updateuser 
							
						 
						
							2017-12-01 22:23:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								4db1615d94 
								
							 
						 
						
							
							
								
								Fix bugs in updateuser  
							
							... 
							
							
							
							1) Also check for matching organization names
2) Ensure that errors don't leave the throbber 
							
						 
						
							2017-12-01 14:58:29 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								874a7b0c41 
								
							 
						 
						
							
							
								
								Have Quay lookup the sbin/my_init PID to kill  
							
							... 
							
							
							
							We changed the entry point in Quay to be a shell script that calls `my_init`, which means the init no longer has PID 1. We therefore need to look up the correct PID to kill it.
Fixes https://jira.coreos.com/browse/QS-74  
							
						 
						
							2017-12-01 14:04:43 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									IvanCherepov 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								c383ac1f9d 
								
							 
						 
						
							
							
								
								Add config validation on startup ( #2903 )  
							
							... 
							
							
							
							* WIP
* Finish schema
Add three sections: security scanning, bittorrent support and feature flags. 
							
						 
						
							2017-12-01 10:46:39 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								1882545c69 
								
							 
						 
						
							
							
								
								Merge pull request  #2927  from coreos-inc/unfiltered-search-opt  
							
							... 
							
							
							
							Simplify and further optimize handling of unfiltered search results 
							
						 
						
							2017-12-01 00:23:15 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								32255f122b 
								
							 
						 
						
							
							
								
								Simplify and further optimize handling of unfiltered search results  
							
							... 
							
							
							
							Using the DB-side limit is much faster 
							
						 
						
							2017-11-30 16:56:01 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8ede3084d8 
								
							 
						 
						
							
							
								
								Merge pull request  #2926  from coreos-inc/further-search-opt  
							
							... 
							
							
							
							Fix bug around search pagination with non-filtered searches 
							
						 
						
							2017-11-30 23:36:19 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								eea026be52 
								
							 
						 
						
							
							
								
								Fix bug around search pagination with non-filtered searches  
							
							... 
							
							
							
							Also further optimizes the queries 
							
						 
						
							2017-11-30 16:13:42 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								dfd736c4c5 
								
							 
						 
						
							
							
								
								Merge pull request  #2925  from coreos-inc/fix-search-ordering  
							
							... 
							
							
							
							Fix typo in how we order search results 
							
						 
						
							2017-11-30 22:01:42 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0440cca3ef 
								
							 
						 
						
							
							
								
								Fix typo in how we order search results  
							
							... 
							
							
							
							`.desc()` needs to be on the field 
							
						 
						
							2017-11-30 14:53:23 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								3b8feeba4c 
								
							 
						 
						
							
							
								
								Merge pull request  #2924  from coreos-inc/search-opt  
							
							... 
							
							
							
							Optimize searching of repositories when there is no query 
							
						 
						
							2017-11-30 21:41:06 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c767c88b82 
								
							 
						 
						
							
							
								
								Optimize searching of repositories when there is no query  
							
							
							
						 
						
							2017-11-30 14:10:22 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								b69015f349 
								
							 
						 
						
							
							
								
								Merge pull request  #2923  from coreos-inc/rev  
							
							... 
							
							
							
							Rev our dependencies 
							
						 
						
							2017-11-30 20:44:21 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								07ffdf1fd9 
								
							 
						 
						
							
							
								
								Rev our dependencies  
							
							
							
						 
						
							2017-11-30 13:35:59 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8f2d800ade 
								
							 
						 
						
							
							
								
								Merge pull request  #2922  from coreos-inc/fix-ci  
							
							... 
							
							
							
							Fix Quay CI 
							
						 
						
							2017-11-30 20:07:45 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								45931dc856 
								
							 
						 
						
							
							
								
								Add --no-sandbox flag to Karma test  
							
							
							
						 
						
							2017-11-30 11:57:51 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c168413a8e 
								
							 
						 
						
							
							
								
								Fix bug when running ipresolver under Gitlab CI  
							
							... 
							
							
							
							Since the container does contain IP data, this would fail 
							
						 
						
							2017-11-30 10:23:58 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								51b043bd23 
								
							 
						 
						
							
							
								
								Merge pull request  #2921  from coreos-inc/joseph.schorr/QS-63/public-browse  
							
							... 
							
							
							
							Browse/exploration of repositories 
							
						 
						
							2017-11-28 18:19:28 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								a918339c90 
								
							 
						 
						
							
							
								
								Merge pull request  #2920  from coreos-inc/joseph.schorr/QS-69/swift-chunk-test  
							
							... 
							
							
							
							Additional testing and a fix for Swift segmenting 
							
						 
						
							2017-11-28 18:14:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								2ced523313 
								
							 
						 
						
							
							
								
								Add Explore tab and query-less searching  
							
							... 
							
							
							
							Allows for exploration of all visible repositories, in paginated form.
This change also fixes the layout of the header on different viewport sizes to be consistently a single line in height.
Fixes https://jira.coreos.com/browse/QS-63  
							
						 
						
							2017-11-28 16:50:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c7e439f593 
								
							 
						 
						
							
							
								
								Set a default error message for resource views  
							
							... 
							
							
							
							Ensures that we don't display an empty error box 
							
						 
						
							2017-11-28 15:38:48 +02:00