vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/endpoints
History
Joseph Schorr 2c35383724 Allow OAuth and OIDC login engines to bind to fields in internal auth 
This feature is subtle but very important: Currently, when a user logs in via an "external" auth system (such as Github), they are either logged into an existing bound account or a new account is created for them in the database. While this normally works jut fine, it hits a roadblock when the *internal* auth system configured is not the database, but instead something like LDAP. In that case, *most* Enterprise customers will prefer that logging in via external auth (like OIDC) will also *automatically* bind the newly created account to the backing *internal* auth account. For example, login via PingFederate OIDC (backed by LDAP) should also bind the new QE account to the associated LDAP account, via either username or email. This change allows for this binding field to be specified, and thereafter will perform the proper lookups and bindings.
2017-02-16 16:27:53 -05:00
..
api Allow OAuth and OIDC login engines to bind to fields in internal auth 2017-02-16 16:27:53 -05:00
keyserver key server: fix tests by exporting jwk_with_kid 2016-10-25 16:14:18 -04:00
test Allow OAuth and OIDC login engines to bind to fields in internal auth 2017-02-16 16:27:53 -05:00
v1 Fix handling of None queries 2017-02-16 15:26:45 -05:00
v2 Change georeplication queuing to use new batch system 2016-12-21 17:44:30 -05:00
verbs Fix the order and number of arguments for squashing/ACI 2017-01-11 15:16:49 -05:00
__init__.py Refactor the code into modules, it was getting unweildy. 2013-09-25 12:45:12 -04:00
bitbuckettrigger.py rename auth.auth to auth.process 2016-09-29 15:24:57 -04:00
building.py replace prefix w/ canonical name list 2016-12-07 12:56:56 -05:00
common.py Merge pull request #2292 from coreos-inc/frontend-typescript 2017-02-02 14:24:35 -08:00
csrf.py Switch csrf token check to use compare_digest to prevent timing attacks 2016-12-08 23:46:31 -05:00
decorated.py *: fix legacy imports 2016-09-28 20:17:14 -04:00
decorators.py Make our JWT subjects better and log using the info 2015-12-14 14:00:33 -05:00
exception.py Add back error_message and error_type for backwards-compatibility 2016-04-13 09:11:40 -04:00
githubtrigger.py rename auth.auth to auth.process 2016-09-29 15:24:57 -04:00
gitlabtrigger.py rename auth.auth to auth.process 2016-09-29 15:24:57 -04:00
notificationevent.py Adding in cancel notifications 2016-11-30 14:38:34 -05:00
notificationhelper.py Fix unsafe mutable default params. 2016-12-06 14:00:16 -05:00
notificationmethod.py Add a defined timeout on all HTTP calls in notification methods 2016-11-08 18:28:06 -05:00
oauthlogin.py Allow OAuth and OIDC login engines to bind to fields in internal auth 2017-02-16 16:27:53 -05:00
realtime.py rename auth.auth to auth.process 2016-09-29 15:24:57 -04:00
secscan.py Have QSS only add security scanner notifications once 2016-12-05 19:08:20 -05:00
trackhelper.py Only parse request URL in track_and_log when necessary 2017-01-18 11:23:23 -05:00
web.py Have Quay always use an OAuth-specific CSRF token 2016-12-08 16:11:57 -05:00
webhooks.py build queue rate limiting: address PR comments 2016-12-06 20:40:54 -05:00
wellknown.py Add API endpoint for retrieving security status by *manifest*, rather than Docker V1 image ID 2017-02-02 17:51:18 -05:00