Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-07-02 01:35:08 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10700 from reasonerjt/fix-npe-v2auth

Browse Source 
Fix nilpointer issue in v2 auth middleware
This commit is contained in:
Daniel Jiang 2020-02-11 17:58:37 +08:00 committed by GitHub
commit 64f2bc76fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/server/middleware/v2auth/auth.go
View File

@ -58,11 +58,11 @@ func (rc *reqChecker) check(req *http.Request) error {
return fmt.Errorf("unauthorized to access repository: %s, action: %s", a.Repository, action)
}
if req.Method == http.MethodPost && a.BlobMountProjectName != "" { // check permission for the source of blob mount
p, err := rc.pm.Get(a.BlobMountProjectName)
pid, err := rc.projectID(a.BlobMountProjectName)
if err != nil {
return err
}
resource := rbac.NewProjectNamespace(p.ProjectID).Resource(rbac.ResourceRepository)
resource := rbac.NewProjectNamespace(pid).Resource(rbac.ResourceRepository)
if !securityCtx.Can(rbac.ActionPull, resource) {
return fmt.Errorf("unauthorized to access repository from which to mount blob: %s, action: %s", a.BlobMountRepository, rbac.ActionPull)
}

15
src/server/middleware/v2auth/auth_test.go
View File

@ -168,11 +168,21 @@ func TestMiddleware(t *testing.T) {
BlobMountProjectName: "project_3",
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
}
ar5 := &middleware.ArtifactInfo{
Repository: "project_1/ubuntu",
Reference: "14.04",
ProjectName: "project_1",
BlobMountRepository: "project_0/ubuntu",
BlobMountProjectName: "project_0",
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
}
ctx1 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar1)
ctx2 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar2)
ctx2x := context.WithValue(context.Background(), middleware.ArtifactInfoKey, ar2) // no securityCtx
ctx3 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar3)
ctx4 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar4)
ctx5 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar5)
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
@ -180,6 +190,7 @@ func TestMiddleware(t *testing.T) {
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil)
os.Setenv("REGISTRY_CREDENTIAL_USERNAME", "testuser")
os.Setenv("REGISTRY_CREDENTIAL_PASSWORD", "testpassword")
@ -222,6 +233,10 @@ func TestMiddleware(t *testing.T) {
input: req5.WithContext(ctx4),
status: http.StatusUnauthorized,
},
{
input: req6.WithContext(ctx5),
status: http.StatusUnauthorized,
},
}
for _, c := range cases {
rec := httptest.NewRecorder()