Fix 2411 on branch 1.1.0 (#2431) (#2434)

* fixes #2411

src/ui/service/token/creator.go

@@ -17,6 +17,7 @@ package token
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"strings"
 
 	"github.com/docker/distribution/registry/auth/token"
@@ -179,11 +180,7 @@ func (e *unauthorizedError) Error() string {
 
 func (g generalCreator) Create(r *http.Request) (*tokenJSON, error) {
 	var err error
-	var scopes []string
+	scopes := parseScopes(r.URL)
-	scopeParm := r.URL.Query()["scope"]
-	if len(scopeParm) > 0 {
-		scopes = strings.Split(r.URL.Query()["scope"][0], " ")
-	}
 	log.Debugf("scopes: %v", scopes)
 
 	ctx, err := filter.GetSecurityContext(r)
@@ -204,3 +201,12 @@ func (g generalCreator) Create(r *http.Request) (*tokenJSON, error) {
 	}
 	return makeToken(ctx.GetUsername(), g.service, access)
 }
+
+func parseScopes(u *url.URL) []string {
+	var sector string
+	var result []string
+	for _, sector = range u.Query()["scope"] {
+		result = append(result, strings.Split(sector, " ")...)
+	}
+	return result
+}

src/ui/service/token/token_test.go

@@ -23,6 +23,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
+	"net/url"
 	"os"
 	"path"
 	"runtime"
@@ -261,3 +262,11 @@ func TestFilterAccess(t *testing.T) {
 	assert.Nil(t, err, "Unexpected error: %v", err)
 	assert.Equal(t, ra2, *a3[0], "Mismatch after registry filter Map")
 }
+
+func TestParseScopes(t *testing.T) {
+	assert := assert.New(t)
+	u1 := "/service/token?account=admin&scope=repository%3Alibrary%2Fregistry%3Apush%2Cpull&scope=repository%3Ahello-world%2Fregistry%3Apull&service=harbor-registry"
+	r1, _ := url.Parse(u1)
+	l1 := parseScopes(r1)
+	assert.Equal([]string{"repository:library/registry:push,pull", "repository:hello-world/registry:pull"}, l1)
+}