archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity
1,969 Commits 12 Branches 2 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
Sybren A. Stüvel
4b5a961e14 Speed up authentication by trusting g.current_user if set. 2018-01-31 10:08:17 +01:00
Sybren A. Stüvel
8a400c5c0f Gracefully handle users with empty full_name 2017-12-08 14:03:30 +01:00
Sybren A. Stüvel
2bcc26860f Removed 'subscriber' cap from 'admin' role 
This allows admins to test what happens when users do not have a
subscription. To give the user subscriber capability, just grant demo role
as well.
 2017-12-06 12:09:21 +01:00
Sybren A. Stüvel
f17453ba10 Added 'operations hash_auth_tokens' CLI command. 2017-10-05 13:04:44 +02:00
Sybren A. Stüvel
c57aefd48b Hash authentication tokens before storing in the database. 2017-10-05 12:57:16 +02:00
Sybren A. Stüvel
cf51d1a280 Added utility function current_user() that acts like flask_login.current_user 
This actually returns an AnonymousUser object, instead of None, when the
user is not logged in.

For compatibility with existing code, this function doesn't set
g.current_user to that AnonymousUser instance. We may decide to do this
later.
 2017-08-24 14:26:19 +02:00
Sybren A. Stüvel
575a7ed1a7 Introduced role-based capability system. 
It's still rather limited and hard-coded, but it works.
 2017-08-18 14:47:42 +02:00
Sybren A. Stüvel
566a23d3b6 Unified user representation for web and API calls 
Both approaches now use a pillar.auth.UserClass instance. g.current_user
is now always set to that instance, even for web entry points.

This UserClass instance can still be keyed like the old dict, but this is
for temporary compatibility and shouldn't be relied on in new or touched
code.
 2017-08-18 13:19:34 +02:00
Sybren A. Stüvel
bd13d89817 Added permission check to DELETE of nodes. 2017-07-13 17:29:46 +02:00
Sybren A. Stüvel
59a95450e5 Updated Eve, Flask, and Werkzeug. Adjusted code to make Pillar work again. 
Eve     : 0.6.3   → 0.7.3
Flask   : 0.10.1  → 0.12.2
Werkzeug: 0.11.10 → 0.11.15

Also updated some secondary requirements.
 2017-05-18 15:46:02 +02:00
Sybren A. Stüvel
fdaf4af31a Modernised some unit tests 2017-05-05 14:40:37 +02:00
Sybren A. Stüvel
69d7c5c5ce Allow service accounts to be email-less 
This removes the ability of updating service accounts through the CLI
(something we never used anyway), now that service accounts cannot be
uniquely identified by their email address.
 2017-05-05 14:34:18 +02:00
Sybren A. Stüvel
d0557445cd Fix privilege escalation leak 
A PUT request on /api/user/{user-id} by the user themselves would allow
too much, and would allow self-granting of roles (including admin),
group membership (so join any arbitrary project) and pretend to be
service accounts.
 2017-05-04 12:48:30 +02:00
Sybren A. Stüvel
bced6cae68 Ran 2to3 on unittests, same sort of manual fixups as before 2017-03-22 15:49:51 +01:00
Sybren A. Stüvel
3afeeaccd0 Removed permission keys from node type definitions. 
This prevents replace_pillar_node_type_schemas() from overwriting existing
permissions.
 2016-10-20 13:05:43 +02:00
Sybren A. Stüvel
eea934a86a Added username to public user fields 2016-10-19 16:57:17 +02:00
Francesco Siddi
2c5dc34ea2 Introducing Pillar Framework 
Refactor of pillar-server and pillar-web into a single python package. This
simplifies the overall architecture of pillar applications.

Special thanks @sybren and @venomgfx
 2016-08-19 09:19:06 +02:00