Joseph Schorr
fd364ccca3
Remove unneeded exception var
2016-12-09 14:52:49 -05:00
Joseph Schorr
1e5b97318a
Fix loading of public keys for OIDC under Linux
...
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
2016-12-09 14:26:56 -05:00
Joseph Schorr
1302fd2fbd
Switch csrf token check to use compare_digest
to prevent timing attacks
...
Also adds some additional tests for CSRF tokens
2016-12-08 23:46:31 -05:00
Joseph Schorr
dbdcb802b1
Add end-to-end OAuth login and attach tests
2016-12-08 18:35:42 -05:00
Joseph Schorr
36324708db
Fix small pylint issues
2016-12-08 16:21:44 -05:00
Joseph Schorr
ff52fde8a5
Have Quay always use an OAuth-specific CSRF token
...
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.
Fixes https://www.pivotaltracker.com/story/show/135803615
2016-12-08 16:11:57 -05:00
josephschorr
34f2ddce87
Merge pull request #2222 from coreos-inc/bust-apt-cache
...
Bust apt cache
2016-12-07 18:10:26 -05:00
Joseph Schorr
1fdca26632
Bust apt cache
2016-12-07 18:09:33 -05:00
josephschorr
410b9d74fc
Merge pull request #2214 from coreos-inc/clair-gc
...
Add GC of layers in Clair
2016-12-07 17:58:21 -05:00
josephschorr
543d86ae10
Merge pull request #2221 from coreos-inc/fix-error-pages
...
Have all error pages be rendered by Angular
2016-12-07 17:53:14 -05:00
josephschorr
111b7b0788
Merge pull request #2206 from coreos-inc/ldap-user-search-fix
...
Fix external auth returns for query_user calls
2016-12-07 17:53:04 -05:00
josephschorr
c5111d7930
Merge pull request #2144 from coreos-inc/buildlogs-improvements
...
Change the append build log method to execute the two calls via one pipelined connection
2016-12-07 17:52:22 -05:00
Joseph Schorr
c06bba38de
Have all error pages be rendered by Angular
...
Fixes #2198
Fixes https://www.pivotaltracker.com/story/show/135724483
2016-12-07 17:49:02 -05:00
Jimmy Zelinskie
00eafff747
Merge pull request #2204 from jzelinskie/429builds
...
add rate limiting to build queues
2016-12-07 15:03:31 -05:00
Joseph Schorr
3203fd6de1
Fix external auth returns for query_user calls
...
Adds the missing field on the query_user calls, updates the external auth tests to ensure it is returned properly, and adds new end-to-end tests which call the external auth engines via the *API*, to ensure this doesn't break again
2016-12-07 14:28:42 -05:00
Charlton Austin
9720efbdb6
Merge pull request #2218 from charltonaustin/fix_set_to_Set
...
Fixing api usage.
2016-12-07 13:28:01 -05:00
Jimmy Zelinskie
b671ee938a
Merge pull request #2174 from jzelinskie/pngcrush
...
dockerfile: optimize static images
2016-12-07 13:04:28 -05:00
Jimmy Zelinskie
ebbe58d311
replace prefix w/ canonical name list
2016-12-07 12:56:56 -05:00
Charlton Austin
9e25fde3a0
Fixing api usage.
2016-12-07 12:53:07 -05:00
Ian Minoso
548bae0384
Merge pull request #2215 from iminoso/services
...
Inject ApiService to be accessible in the body react component
2016-12-07 12:01:32 -05:00
josephschorr
57ace09a97
Merge pull request #2217 from coreos-inc/comment-fix
...
Fix doc comment on security scan API endpoint
2016-12-07 11:53:40 -05:00
Joseph Schorr
d349e1639a
Fix doc comment on security scan API endpoint
...
Fixes #2216
2016-12-07 11:50:22 -05:00
Ian Minoso
a7594d6e57
Inject ApiService to be accessible in the body react component
2016-12-07 03:29:29 -05:00
Jimmy Zelinskie
c41de8ded6
build queue rate limiting: address PR comments
2016-12-06 20:40:54 -05:00
Joseph Schorr
49872838ab
Add GC of layers in Clair
...
Fixes https://www.pivotaltracker.com/story/show/135583207
2016-12-06 19:52:56 -05:00
Ben Spoon
1d0aff9906
Merge pull request #2205 from spoonben/update-landing-css
...
landing: remove gray background
2016-12-06 14:03:03 -08:00
Jimmy Zelinskie
eb69abff8b
build rate limiting: tests
2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
57770493fa
build rate limiting: use a rate
2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
7877c6ab94
add rate limiting to build queues
2016-12-06 16:30:12 -05:00
Jimmy Zelinskie
1d5de937c6
dockerfile: optimize static images
2016-12-06 15:03:11 -05:00
Charlton Austin
0aa6e6cd58
Merge pull request #2203 from charltonaustin/fix_build_component_cleanup
...
Adding in a cancel method to the build component so we can properly c…
2016-12-06 14:13:10 -05:00
Jake Moshenko
ce0ba3f68f
Merge pull request #2211 from jakedt/bulkqueue
...
Bulk queue methods
2016-12-06 14:02:38 -05:00
Jake Moshenko
d656e54d99
Fix unsafe mutable default params.
2016-12-06 14:00:16 -05:00
Jake Moshenko
21e3001446
Add a bulk insert for queue and notifications.
...
Use it for Clair spawned notifications.
2016-12-06 14:00:16 -05:00
Charlton Austin
c6be12e31e
Adding in a cancel method to the build component so we can properly clean up the job task.
2016-12-06 13:37:49 -05:00
Erica
eb363876cd
Merge pull request #2212 from coreos-inc/add-evb-builder-key
...
chore(buildman): add EvB's ssh key to cloudconfig
2016-12-06 11:43:05 -05:00
EvB
b85a3b47ae
chore(buildman): add EvB's ssh key to cloudconfig
...
Add ssh public key for new team member, Erica, to cloudconfig.yml.
2016-12-06 11:18:47 -05:00
Ian Minoso
a2cbcf837d
Merge pull request #2210 from iminoso/tabbing
...
Fix repo view tabbing styles and prevent auto scroll on tab click
2016-12-05 21:50:16 -05:00
Ian Minoso
c7d02c3506
Fix repo view tabbing styles and prevent auto scroll on tab click
2016-12-05 20:29:40 -05:00
Jimmy Zelinskie
3a7119d499
Merge pull request #2209 from coreos-inc/clair-notification-read
...
Clair notification read and queue fixes
2016-12-05 19:36:59 -05:00
Joseph Schorr
9f0ce7c634
Have the security worker remove failed notifications from Clair
2016-12-05 19:08:52 -05:00
josephschorr
8870fe837c
Merge pull request #2208 from coreos-inc/revert-2191-update_signin_form
...
Revert "static: change login input type to email"
2016-12-05 19:08:34 -05:00
Joseph Schorr
97d150e281
Have QSS only add security scanner notifications once
2016-12-05 19:08:20 -05:00
josephschorr
80bb0c7449
Revert "static: change login input type to email"
2016-12-05 19:07:10 -05:00
Jake Moshenko
6456e95b24
Merge pull request #2207 from jakedt/queueisslow
...
Improve queue performance hopefully
2016-12-05 18:39:41 -05:00
Jake Moshenko
c263772703
Do not extend processing immediately after taking queue item.
2016-12-05 18:12:14 -05:00
Jake Moshenko
709edd7eb6
Reduce the update period on queue worker metrics.
2016-12-05 18:12:14 -05:00
Jake Moshenko
7c490b46c8
Only save dirty fields on Queue queries.
2016-12-05 18:12:14 -05:00
Ben Spoon
1cadc39729
landing: remove gray background
...
per rob, remove gray alternating gray background
on the home page. This was done in the quay-pages
repo, but this is still being loaded in on production
2016-12-05 13:17:22 -08:00
Ian Minoso
3bbd8ca898
Merge pull request #2202 from iminoso/borders
...
Single border line seperating the main and sidebar sections
2016-12-05 14:51:07 -05:00