Created by Colin Watson on 2019-04-15 and last modified on 2019-09-10
Get this branch:
bzr branch lp:~cjwatson/launchpad/git-honour-access-tokens
Only Colin Watson can upload to this branch. If you are Colin Watson please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Colin Watson
Launchpad itself

Recent revisions

18658. By Colin Watson on 2019-09-10

Clarify that user authentication happens before _verifyAuthParams.

18657. By Colin Watson on 2019-09-05

Refactor auth_params verification.

The verification rules were previously scattered, and it was much too easy
to get details wrong. Consolidating them in one place makes it harder for
future developers to make mistakes.

18656. By Colin Watson on 2019-09-05

Forbid anonymous Git authentication with a macaroon.

We have no use case for this at the moment, and it's too easy to confuse
with internal services.

18655. By Colin Watson on 2019-08-29

Refactor the way macaroon verification handles users.

To minimise the chance of accidents, macaroon verification now records the
user for whom the macaroon was verified, or NO_USER if the macaroon was
positively verified as not having been issued on behalf of a particular
user. The Git XML-RPC API and the authserver double-check that the recorded
user matches what they expect, thereby avoiding problems due to a particular
issuer implementation forgetting to perform user verification.

SnapBuildMacaroonIssuer and BinaryPackageBuildMacaroonIssuer now refuse
verification if given a user.

18654. By Colin Watson on 2019-08-22

Merge devel.

18653. By Colin Watson on 2019-05-10

Merge devel.

18652. By Colin Watson on 2019-05-02

Return a uniform Unauthorized fault when verifying a git macaroon fails.

This is more in the keeping of the definition of 401 in RFC 2616, and it
avoids problems with allowing probing for visible repositories even with a
macaroon constrained to a single repository.

18651. By Colin Watson on 2019-05-02

Merge devel.

18650. By Colin Watson on 2019-04-15

Make the Git XML-RPC API honour user macaroons.

18649. By Colin Watson on 2019-04-15

Add a macaroon issuer for Git access tokens.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.