Commit graph

134 commits

Author SHA1 Message Date
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
2018-02-27 13:12:51 -05:00
Brad Ison
5965929187 Include location in user analytics 2018-02-06 16:06:17 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out
Fixes https://jira.coreos.com/browse/QS-85
2017-12-07 13:03:11 -05:00
Joseph Schorr
a204dc20fb Require CAPTCHA for password recovery
https://jira.coreos.com/browse/QS-79
2017-12-06 14:25:34 -05:00
Joseph Schorr
927d469db0 In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address) 2017-12-06 14:07:38 -05:00
Joseph Schorr
9b2fb46e34 Move recaptcha check after the username check
Ensures that if someone chooses an existing username, they don't need to re-recaptcha

Fixes https://jira.coreos.com/browse/QS-65
2017-11-27 16:59:42 +02:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth
OIDC internal auth support
2017-10-02 16:51:17 -04:00
Joseph Schorr
82ff85b125 Add ability for users to change their name and company information 2017-09-26 16:58:04 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team
Allows for open user creation, but only if extended an invitation by someone who already has access
2017-09-14 16:28:39 -04:00
Joseph Schorr
adc70d2fe2 Add alias for callback path 2017-09-12 12:26:42 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Joseph Schorr
2fdc1be94b Remove duplicate orgs when using public namespaces
Fixes https://coreosdev.atlassian.net/browse/QUAY-770
2017-08-24 14:13:26 -04:00
Joseph Schorr
650dbe5f5b Add config to enable "public" namespaces
These are namespaces that will be displayed in the repo list view, regardless of whether the user is a member.
2017-08-07 15:59:06 -04:00
Joseph Schorr
aecec02b6c Change common_login to take in a user uuid, instead of a user DB object 2017-07-20 16:01:39 -04:00
Joseph Schorr
99d7fde8ee Add UI for viewing and changing the expiration of tags 2017-07-19 17:13:48 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration
Fixes https://www.pivotaltracker.com/story/show/142881203
2017-04-21 11:32:45 -04:00
Jake Moshenko
22f5934f34 Add error logging to Marketo calls 2017-04-17 10:19:52 -04:00
Joseph Schorr
a9791ea419 Have external login always make an API request to get the authorization URL
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
2017-01-23 19:06:19 -05:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
2017-01-20 15:21:08 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
2017-01-09 11:08:21 -05:00
EvB
43aed7c6f4 fix(endpoints/api): return empty 204 resp
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
2016-12-14 16:22:39 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
Joseph Schorr
1a61ef4e04 Report the user's name and company to Marketo
Also fixes the API to report the other changes (username and email) as well
2016-11-14 17:34:50 -05:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
2016-11-03 15:59:14 -04:00
josephschorr
840ea4e768 Merge pull request #2047 from coreos-inc/external-auth-email-optional
Make email addresses optional in external auth if email feature is turned off
2016-10-31 14:16:33 -04:00
Joseph Schorr
3a473cad2a Enable permanent sessions
Fixes #1955
2016-10-31 13:52:09 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-10-31 13:50:24 -04:00
josephschorr
edc2bc8b93 Merge pull request #1698 from coreos-inc/delete-namespace
Add support for deleting namespaces (users, organizations)
2016-10-21 16:54:52 -04:00
Joseph Schorr
73eb66eac5 Add support for deleting namespaces (users, organizations)
Fixes #102
Fixes #105
2016-10-21 15:41:09 -04:00
Joseph Schorr
b7fc7999c3 Delete old "license" checking code arounds user counts
This is legacy code that doesn't actually do anything of value
2016-10-20 14:58:35 -04:00
Jake Moshenko
f04b018805 Write our users to Marketo as leads. 2016-10-14 16:29:11 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports
This change reorganizes imports and renames the legacy flask extensions.
2016-09-28 20:17:14 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Joseph Schorr
ecaa051791 Fix schema for invoice email updating
Fixes #1209
2016-02-16 11:52:57 -05:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public
Fixes #1166
2016-02-01 22:42:44 +02:00
Jake Moshenko
018bf8c5ad Refactor how parsed_args are passed to methods 2016-01-26 16:27:36 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.
This support is placed behind a feature flag.
2016-01-22 15:54:06 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail
Add support for custom billing invoice email address
2016-01-04 14:34:30 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails
Fixes #291
2015-12-28 15:25:31 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address
Fixes #782
2015-12-28 13:59:50 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Joseph Schorr
5d8121e060 Return user orgs when making a call via OAuth
Fixes #673
2015-10-21 16:40:31 -04:00
Joseph Schorr
c0286d1ac3 Add support for Dex to Quay
Fixes #306

- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool
2015-09-04 17:05:06 -04:00
Joseph Schorr
5c1d195a19 Fix swagger errors
Fixes #287
2015-08-03 14:10:15 -04:00
Joseph Schorr
5d243bb45f Fix potential NPE 2015-07-24 12:12:30 -04:00
Joseph Schorr
687bab1c05 Support invite codes for verification of email
Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241
2015-07-22 13:41:27 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00