vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
9192 commits 2 branches 62 tags 205 MiB
Commit graph

139 commits

Author SHA1 Message Date
Brad Ison
73cb7f3228
endpoints/api: Allow null fields in user metadata 
The user metadata fields are nullable in the database, but were not in
the json sechema.  This prevented users from updating some of their
information on the site if they hadn't set the metadata fields.
 2018-06-27 15:34:55 -04:00
Sam Chow
7f21d0da58
Merge pull request #3096 from quay/refactor/secscan-simple 
Refactor validators to decouple app
 2018-06-01 15:44:18 -04:00
Sam Chow
301cc6992a Remove jwt validation for jschorr to fix later 
Refactor oauth validate method to take config over entire appconfig
 2018-06-01 15:07:06 -04:00
Joseph Schorr
b2262eaf46 Add feature flag to disable username confirmation 
Fixes https://jira.coreos.com/browse/QUAY-914
 2018-06-01 13:30:50 -04:00
Joseph Schorr
3309daa32e Add support for reduced initial build count for new possible abusing users 
If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
 2018-04-20 18:46:32 +03:00
Joseph Schorr
8bc55a5676 Make namespace deletion asynchronous 
Instead of deleting a namespace synchronously as before, we now mark the namespace for deletion, disable it, and rename it. A worker then comes along and deletes the namespace in the background. This results in a *significantly* better user experience, as the namespace deletion operation now "completes" in under a second, where before it could take 10s of minutes at the worse.

Fixes https://jira.coreos.com/browse/QUAY-838
 2018-02-27 13:12:51 -05:00
Brad Ison
5965929187 Include location in user analytics 2018-02-06 16:06:17 -05:00
Brad Ison
3de6b4a646 Add location metadata field for users 2018-02-06 16:06:17 -05:00
Joseph Schorr
524d77f527 Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password 2018-01-04 15:27:41 -05:00
Joseph Schorr
1d1c6f0606 Invalidate all session tokens when a user signs out 
Fixes https://jira.coreos.com/browse/QS-85
 2017-12-07 13:03:11 -05:00
Joseph Schorr
a204dc20fb Require CAPTCHA for password recovery 
https://jira.coreos.com/browse/QS-79
 2017-12-06 14:25:34 -05:00
Joseph Schorr
927d469db0 In password recovery, don't reveal whether an e-mail address is valid (unless it is an org's e-mail address) 2017-12-06 14:07:38 -05:00
Joseph Schorr
9b2fb46e34 Move recaptcha check after the username check 
Ensures that if someone chooses an existing username, they don't need to re-recaptcha

Fixes https://jira.coreos.com/browse/QS-65
 2017-11-27 16:59:42 +02:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth 
OIDC internal auth support
 2017-10-02 16:51:17 -04:00
Joseph Schorr
82ff85b125 Add ability for users to change their name and company information 2017-09-26 16:58:04 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team 
Allows for open user creation, but only if extended an invitation by someone who already has access
 2017-09-14 16:28:39 -04:00
Joseph Schorr
adc70d2fe2 Add alias for callback path 2017-09-12 12:26:42 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Joseph Schorr
2fdc1be94b Remove duplicate orgs when using public namespaces 
Fixes https://coreosdev.atlassian.net/browse/QUAY-770
 2017-08-24 14:13:26 -04:00
Joseph Schorr
650dbe5f5b Add config to enable "public" namespaces 
These are namespaces that will be displayed in the repo list view, regardless of whether the user is a member.
 2017-08-07 15:59:06 -04:00
Joseph Schorr
aecec02b6c Change common_login to take in a user uuid, instead of a user DB object 2017-07-20 16:01:39 -04:00
Joseph Schorr
99d7fde8ee Add UI for viewing and changing the expiration of tags 2017-07-19 17:13:48 -04:00
Joseph Schorr
3dcbe3c631 If enabled, allow users and orgs to set their time machine expiration 
Fixes https://www.pivotaltracker.com/story/show/142881203
 2017-04-21 11:32:45 -04:00
Jake Moshenko
22f5934f34 Add error logging to Marketo calls 2017-04-17 10:19:52 -04:00
Joseph Schorr
a9791ea419 Have external login always make an API request to get the authorization URL 
This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
 2017-01-23 19:06:19 -05:00
Joseph Schorr
19f7acf575 Lay foundation for truly dynamic external logins 
Moves all the external login services into a set of classes that share as much code as possible. These services are then registered on both the client and server, allowing us in the followup change to dynamically register new handlers
 2017-01-20 15:21:08 -05:00
Joseph Schorr
3eb17b7caa Add support for recaptcha during the create account flow 
If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
 2017-01-09 11:08:21 -05:00
EvB
43aed7c6f4 fix(endpoints/api): return empty 204 resp 
Return an empty body on API requests with status code 204, which
means "No content". Incorrect 'Deleted' responses were being
returned after successful DELETE operations despite the "No Content"
definition of 204.
 2016-12-14 16:22:39 -05:00
Joseph Schorr
ff52fde8a5 Have Quay always use an OAuth-specific CSRF token 
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.

Fixes https://www.pivotaltracker.com/story/show/135803615
 2016-12-08 16:11:57 -05:00
Joseph Schorr
1a61ef4e04 Report the user's name and company to Marketo 
Also fixes the API to report the other changes (username and email) as well
 2016-11-14 17:34:50 -05:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username 
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
 2016-11-03 15:59:14 -04:00
josephschorr
840ea4e768 Merge pull request #2047 from coreos-inc/external-auth-email-optional 
Make email addresses optional in external auth if email feature is turned off
 2016-10-31 14:16:33 -04:00
Joseph Schorr
3a473cad2a Enable permanent sessions 
Fixes #1955
 2016-10-31 13:52:09 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off 
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
 2016-10-31 13:50:24 -04:00
josephschorr
edc2bc8b93 Merge pull request #1698 from coreos-inc/delete-namespace 
Add support for deleting namespaces (users, organizations)
 2016-10-21 16:54:52 -04:00
Joseph Schorr
73eb66eac5 Add support for deleting namespaces (users, organizations) 
Fixes #102
Fixes #105
 2016-10-21 15:41:09 -04:00
Joseph Schorr
b7fc7999c3 Delete old "license" checking code arounds user counts 
This is legacy code that doesn't actually do anything of value
 2016-10-20 14:58:35 -04:00
Jake Moshenko
f04b018805 Write our users to Marketo as leads. 2016-10-14 16:29:11 -04:00
Jimmy Zelinskie
fc7301be0d *: fix legacy imports 
This change reorganizes imports and renames the legacy flask extensions.
 2016-09-28 20:17:14 -04:00
Evan Cordell
eba75494d9 Use new error format for auth errors (factor exceptions into module) 2016-04-11 16:22:26 -04:00
Joseph Schorr
ecaa051791 Fix schema for invoice email updating 
Fixes #1209
 2016-02-16 11:52:57 -05:00
Joseph Schorr
534ec9cb2b Add pagination to the repository list API to make it better for public 
Fixes #1166
 2016-02-01 22:42:44 +02:00
Jake Moshenko
018bf8c5ad Refactor how parsed_args are passed to methods 2016-01-26 16:27:36 -05:00
Joseph Schorr
e4ffaff869 Fix Docker Auth and our V2 registry paths to support library (i.e. namespace-less) repositories. 
This support is placed behind a feature flag.
 2016-01-22 15:54:06 -05:00
josephschorr
f748d4348d Merge pull request #1106 from coreos-inc/billingemail 
Add support for custom billing invoice email address
 2016-01-04 14:34:30 -05:00
Joseph Schorr
31a8a0fba4 Better UX when recovering organization emails 
Fixes #291
 2015-12-28 15:25:31 -05:00
Joseph Schorr
10efa96009 Add support for custom billing invoice email address 
Fixes #782
 2015-12-28 13:59:50 -05:00
Joseph Schorr
888ec17538 Recover by email needs to allow anon access to its endpoints 2015-11-10 15:41:19 -05:00
Joseph Schorr
5d8121e060 Return user orgs when making a call via OAuth 
Fixes #673
 2015-10-21 16:40:31 -04:00