Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3dcbe3c631 
								
							 
						 
						
							
							
								
								If enabled, allow users and orgs to set their time machine expiration  
							
							... 
							
							
							
							Fixes https://www.pivotaltracker.com/story/show/142881203  
							
						 
						
							2017-04-21 11:32:45 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								22f5934f34 
								
							 
						 
						
							
							
								
								Add error logging to Marketo calls  
							
							
							
						 
						
							2017-04-17 10:19:52 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a9791ea419 
								
							 
						 
						
							
							
								
								Have external login always make an API request to get the authorization URL  
							
							... 
							
							
							
							This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down. 
							
						 
						
							2017-01-23 19:06:19 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								19f7acf575 
								
							 
						 
						
							
							
								
								Lay foundation for truly dynamic external logins  
							
							... 
							
							
							
							Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers 
							
						 
						
							2017-01-20 15:21:08 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3eb17b7caa 
								
							 
						 
						
							
							
								
								Add support for recaptcha during the create account flow  
							
							... 
							
							
							
							If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed. 
							
						 
						
							2017-01-09 11:08:21 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									EvB 
								
							 
						 
						
							
							
							
							
								
							
							
								43aed7c6f4 
								
							 
						 
						
							
							
								
								fix(endpoints/api): return empty 204 resp  
							
							... 
							
							
							
							Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204. 
							
						 
						
							2016-12-14 16:22:39 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ff52fde8a5 
								
							 
						 
						
							
							
								
								Have Quay always use an OAuth-specific CSRF token  
							
							... 
							
							
							
							This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.
Fixes https://www.pivotaltracker.com/story/show/135803615  
							
						 
						
							2016-12-08 16:11:57 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1a61ef4e04 
								
							 
						 
						
							
							
								
								Report the user's name and company to Marketo  
							
							... 
							
							
							
							Also fixes the API to report the other changes (username and email) as well 
							
						 
						
							2016-11-14 17:34:50 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0f2eb61f4a 
								
							 
						 
						
							
							
								
								Add collection of user metadata: name and company  
							
							
							
						 
						
							2016-11-08 16:15:02 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1e3b354201 
								
							 
						 
						
							
							
								
								Add support for temp usernames and an interstitial to confirm username  
							
							... 
							
							
							
							When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.
Addresses most of the user issues around #74  
							
						 
						
							2016-11-03 15:59:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								840ea4e768 
								
							 
						 
						
							
							
								
								Merge pull request  #2047  from coreos-inc/external-auth-email-optional  
							
							... 
							
							
							
							Make email addresses optional in external auth if email feature is turned off 
							
						 
						
							2016-10-31 14:16:33 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								3a473cad2a 
								
							 
						 
						
							
							
								
								Enable permanent sessions  
							
							... 
							
							
							
							Fixes  #1955  
						
							2016-10-31 13:52:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								d7f56350a4 
								
							 
						 
						
							
							
								
								Make email addresses optional in external auth if email feature is turned off  
							
							... 
							
							
							
							Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled. 
							
						 
						
							2016-10-31 13:50:24 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								edc2bc8b93 
								
							 
						 
						
							
							
								
								Merge pull request  #1698  from coreos-inc/delete-namespace  
							
							... 
							
							
							
							Add support for deleting namespaces (users, organizations) 
							
						 
						
							2016-10-21 16:54:52 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								73eb66eac5 
								
							 
						 
						
							
							
								
								Add support for deleting namespaces (users, organizations)  
							
							... 
							
							
							
							Fixes  #102 
Fixes  #105  
						
							2016-10-21 15:41:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b7fc7999c3 
								
							 
						 
						
							
							
								
								Delete old "license" checking code arounds user counts  
							
							... 
							
							
							
							This is legacy code that doesn't actually do anything of value 
							
						 
						
							2016-10-20 14:58:35 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								f04b018805 
								
							 
						 
						
							
							
								
								Write our users to Marketo as leads.  
							
							
							
						 
						
							2016-10-14 16:29:11 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								fc7301be0d 
								
							 
						 
						
							
							
								
								*: fix legacy imports  
							
							... 
							
							
							
							This change reorganizes imports and renames the legacy flask extensions. 
							
						 
						
							2016-09-28 20:17:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								eba75494d9 
								
							 
						 
						
							
							
								
								Use new error format for auth errors (factor exceptions into module)  
							
							
							
						 
						
							2016-04-11 16:22:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								ecaa051791 
								
							 
						 
						
							
							
								
								Fix schema for invoice email updating  
							
							... 
							
							
							
							Fixes  #1209  
						
							2016-02-16 11:52:57 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								534ec9cb2b 
								
							 
						 
						
							
							
								
								Add pagination to the repository list API to make it better for public  
							
							... 
							
							
							
							Fixes  #1166  
						
							2016-02-01 22:42:44 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								018bf8c5ad 
								
							 
						 
						
							
							
								
								Refactor how parsed_args are passed to methods  
							
							
							
						 
						
							2016-01-26 16:27:36 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4ffaff869 
								
							 
						 
						
							
							
								
								Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories.  
							
							... 
							
							
							
							This support is placed behind a feature flag. 
							
						 
						
							2016-01-22 15:54:06 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									josephschorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f748d4348d 
								
							 
						 
						
							
							
								
								Merge pull request  #1106  from coreos-inc/billingemail  
							
							... 
							
							
							
							Add support for custom billing invoice email address 
							
						 
						
							2016-01-04 14:34:30 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								31a8a0fba4 
								
							 
						 
						
							
							
								
								Better UX when recovering organization emails  
							
							... 
							
							
							
							Fixes  #291  
						
							2015-12-28 15:25:31 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								10efa96009 
								
							 
						 
						
							
							
								
								Add support for custom billing invoice email address  
							
							... 
							
							
							
							Fixes  #782  
						
							2015-12-28 13:59:50 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								888ec17538 
								
							 
						 
						
							
							
								
								Recover by email needs to allow anon access to its endpoints  
							
							
							
						 
						
							2015-11-10 15:41:19 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5d8121e060 
								
							 
						 
						
							
							
								
								Return user orgs when making a call via OAuth  
							
							... 
							
							
							
							Fixes  #673  
						
							2015-10-21 16:40:31 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c0286d1ac3 
								
							 
						 
						
							
							
								
								Add support for Dex to Quay  
							
							... 
							
							
							
							Fixes  #306 
- Adds support for Dex as an OAuth external login provider
- Adds support for OIDC in general
- Extract out external logins on the JS side into a service
- Add a feature flag for disabling direct login
- Add support for directing to the single external login service
- Does *not* yet support the config in the superuser tool 
						
							2015-09-04 17:05:06 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5c1d195a19 
								
							 
						 
						
							
							
								
								Fix swagger errors  
							
							... 
							
							
							
							Fixes  #287  
						
							2015-08-03 14:10:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5d243bb45f 
								
							 
						 
						
							
							
								
								Fix potential NPE  
							
							
							
						 
						
							2015-07-24 12:12:30 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								687bab1c05 
								
							 
						 
						
							
							
								
								Support invite codes for verification of email  
							
							... 
							
							
							
							Also changes the system so we don't apply the invite until it is called explicitly from the frontend
Fixes  #241  
							
						 
						
							2015-07-22 13:41:27 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								33b54218cc 
								
							 
						 
						
							
							
								
								Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass  
							
							
							
						 
						
							2015-07-20 11:39:59 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								3efaa255e8 
								
							 
						 
						
							
							
								
								Accidental refactor, split out legacy.py into separate sumodules and update all call sites.  
							
							
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								6e6b3c675f 
								
							 
						 
						
							
							
								
								Merge pull request  #28  from coreos-inc/swagger2  
							
							... 
							
							
							
							Switch to Swagger v2 
							
						 
						
							2015-06-29 12:18:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								dc5af7496c 
								
							 
						 
						
							
							
								
								Allow superusers to disable user accounts  
							
							
							
						 
						
							2015-06-29 18:40:52 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c0e995c1d4 
								
							 
						 
						
							
							
								
								Merge branch 'master' into nolurk  
							
							
							
						 
						
							2015-06-02 13:55:16 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								fdd43e2490 
								
							 
						 
						
							
							
								
								Change API calls that expect non-robots to explicitly filter  
							
							... 
							
							
							
							Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users 
							
						 
						
							2015-05-26 17:47:33 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								855f3a3e4d 
								
							 
						 
						
							
							
								
								Have the verifyUser endpoint use the same confirm_existing_user method  
							
							... 
							
							
							
							This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP 
							
						 
						
							2015-05-22 16:26:26 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b0d763b5ff 
								
							 
						 
						
							
							
								
								Fix encrypted password generator to use the LDAP username, not the Quay username.  
							
							... 
							
							
							
							Currently, we use the Quay username via `verify_user` when we go to create the encrypted password. This is only correct if Quay has not generated its own different username for the LDAP user, and fails if it has. We therefore add a new method `confirm_existing_user`, which looks up the federated login for the LDAP user and then runs the auth flow using that username. 
							
						 
						
							2015-05-20 16:37:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								54992c23b7 
								
							 
						 
						
							
							
								
								Add a feature flag for disabling unauthenticated access to the registry in its entirety.  
							
							
							
						 
						
							2015-05-19 17:52:44 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0bc1c29dff 
								
							 
						 
						
							
							
								
								Switch the Python side to Swagger v2  
							
							
							
						 
						
							2015-05-14 16:47:38 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								60036927c9 
								
							 
						 
						
							
							
								
								Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email.  
							
							
							
						 
						
							2015-04-29 20:30:37 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								f67eeee8c8 
								
							 
						 
						
							
							
								
								Start conversion of the user admin/view  
							
							
							
						 
						
							2015-04-02 16:34:41 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								5cd500257d 
								
							 
						 
						
							
							
								
								Merge branch 'master' into orgview  
							
							
							
						 
						
							2015-04-01 13:56:49 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1f5e6df678 
								
							 
						 
						
							
							
								
								- Fix tests  
							
							... 
							
							
							
							- Add new endpoints for retrieving the repo permissions for a robot account
- Have the robots list return the number of repositories for which there are permissions
- Other UI fixes 
							
						 
						
							2015-03-31 18:50:43 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								27a9b84587 
								
							 
						 
						
							
							
								
								Switch avatars to be built out of CSS and only overlayed with the gravatar when a non-default exists  
							
							
							
						 
						
							2015-03-30 17:55:04 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								384d6083c4 
								
							 
						 
						
							
							
								
								Make sure to conduct login after the password change now that the session will be invalidated for the user  
							
							
							
						 
						
							2015-03-26 20:04:32 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								aaf1b23e98 
								
							 
						 
						
							
							
								
								Address CL concerns and switch to a real encryption system  
							
							
							
						 
						
							2015-03-26 15:10:58 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								e4b659f107 
								
							 
						 
						
							
							
								
								Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords  
							
							
							
						 
						
							2015-03-25 18:43:12 -04:00