vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8623 commits 2 branches 62 tags 205 MiB
Commit graph

18 commits

Author SHA1 Message Date
Joseph Schorr
b2262eaf46 Add feature flag to disable username confirmation 
Fixes https://jira.coreos.com/browse/QUAY-914
 2018-06-01 13:30:50 -04:00
Joseph Schorr
861e81cccd Allow team syncing if user creation is disabled 
Before this change, if user creation was disabled, team sync would fail to sync over users that had not yet been invited/logged in, because their accounts could not be created. Following this change, team syncing of users not yet in the system will create those user accounts, allowing users to be "auto invited" via team sync.

Fixes https://jira.coreos.com/browse/QUAY-910
 2018-05-22 14:09:40 -04:00
Joseph Schorr
2214a2c7ad Disable fresh login check in auth engines that won't support it 2018-01-04 15:27:41 -05:00
Joseph Schorr
503cff8f0c Don't add a "password required" notification for non-database auth via OIDC 2017-11-13 16:17:36 -05:00
josephschorr
3bef21253d Merge pull request #2695 from coreos-inc/oidc-internal-auth 
OIDC internal auth support
 2017-10-02 16:51:17 -04:00
Joseph Schorr
804d3c46c3 Add feature flag to allow users to be created only if invited to join a team 
Allows for open user creation, but only if extended an invitation by someone who already has access
 2017-09-14 16:28:39 -04:00
Joseph Schorr
e724125459 Add support for using OIDC tokens via the Docker CLI 2017-09-12 12:23:22 -04:00
Joseph Schorr
b3d7577473 Disable federated login for new users if user creation is disabled 
Fixes https://www.pivotaltracker.com/story/show/144821585
 2017-05-15 15:07:08 -04:00
Joseph Schorr
36f2272fe2 Fix handling of team sync when a user already exists with the email address 2017-04-25 17:42:35 -04:00
Joseph Schorr
bd22fb255e Rename get_federated_user to get_and_link_federated_user_info 
Better to be explicit wherever possible
 2017-04-03 11:36:42 -04:00
Joseph Schorr
eeadeb9383 Initial interfaces and support for team syncing worker 2017-04-03 11:31:29 -04:00
Joseph Schorr
ecfac81721 Add check_group_lookup_args and service_metadata to auth providers 2017-04-03 11:31:28 -04:00
Joseph Schorr
d718829f5d Initial LDAP group member iteration support 
Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.
 2017-04-03 11:31:28 -04:00
Joseph Schorr
0f2eb61f4a Add collection of user metadata: name and company 2016-11-08 16:15:02 -05:00
Joseph Schorr
1e3b354201 Add support for temp usernames and an interstitial to confirm username 
When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username.

Addresses most of the user issues around #74
 2016-11-03 15:59:14 -04:00
Joseph Schorr
d7f56350a4 Make email addresses optional in external auth if email feature is turned off 
Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
 2016-10-31 13:50:24 -04:00
Joseph Schorr
d145222812 Add support for linking to external users in entity search 2016-10-27 15:42:03 -04:00
Joseph Schorr
33b54218cc Refactor the users class into their own files, add a common base class for federated users and add a verify_credentials method which only does the verification, without the linking. We use this in the superuser verification pass 2015-07-20 11:39:59 -04:00