mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-02 07:18:01 +02:00
Merge pull request #10700 from reasonerjt/fix-npe-v2auth
Fix nilpointer issue in v2 auth middleware
This commit is contained in:
commit
64f2bc76fd
@ -58,11 +58,11 @@ func (rc *reqChecker) check(req *http.Request) error {
|
|||||||
return fmt.Errorf("unauthorized to access repository: %s, action: %s", a.Repository, action)
|
return fmt.Errorf("unauthorized to access repository: %s, action: %s", a.Repository, action)
|
||||||
}
|
}
|
||||||
if req.Method == http.MethodPost && a.BlobMountProjectName != "" { // check permission for the source of blob mount
|
if req.Method == http.MethodPost && a.BlobMountProjectName != "" { // check permission for the source of blob mount
|
||||||
p, err := rc.pm.Get(a.BlobMountProjectName)
|
pid, err := rc.projectID(a.BlobMountProjectName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
resource := rbac.NewProjectNamespace(p.ProjectID).Resource(rbac.ResourceRepository)
|
resource := rbac.NewProjectNamespace(pid).Resource(rbac.ResourceRepository)
|
||||||
if !securityCtx.Can(rbac.ActionPull, resource) {
|
if !securityCtx.Can(rbac.ActionPull, resource) {
|
||||||
return fmt.Errorf("unauthorized to access repository from which to mount blob: %s, action: %s", a.BlobMountRepository, rbac.ActionPull)
|
return fmt.Errorf("unauthorized to access repository from which to mount blob: %s, action: %s", a.BlobMountRepository, rbac.ActionPull)
|
||||||
}
|
}
|
||||||
|
@ -168,11 +168,21 @@ func TestMiddleware(t *testing.T) {
|
|||||||
BlobMountProjectName: "project_3",
|
BlobMountProjectName: "project_3",
|
||||||
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
|
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
|
||||||
}
|
}
|
||||||
|
ar5 := &middleware.ArtifactInfo{
|
||||||
|
Repository: "project_1/ubuntu",
|
||||||
|
Reference: "14.04",
|
||||||
|
ProjectName: "project_1",
|
||||||
|
BlobMountRepository: "project_0/ubuntu",
|
||||||
|
BlobMountProjectName: "project_0",
|
||||||
|
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
|
||||||
|
}
|
||||||
|
|
||||||
ctx1 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar1)
|
ctx1 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar1)
|
||||||
ctx2 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar2)
|
ctx2 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar2)
|
||||||
ctx2x := context.WithValue(context.Background(), middleware.ArtifactInfoKey, ar2) // no securityCtx
|
ctx2x := context.WithValue(context.Background(), middleware.ArtifactInfoKey, ar2) // no securityCtx
|
||||||
ctx3 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar3)
|
ctx3 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar3)
|
||||||
ctx4 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar4)
|
ctx4 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar4)
|
||||||
|
ctx5 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar5)
|
||||||
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||||
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
|
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||||
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
||||||
@ -180,6 +190,7 @@ func TestMiddleware(t *testing.T) {
|
|||||||
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
|
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
|
||||||
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
|
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
|
||||||
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
|
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
|
||||||
|
req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil)
|
||||||
|
|
||||||
os.Setenv("REGISTRY_CREDENTIAL_USERNAME", "testuser")
|
os.Setenv("REGISTRY_CREDENTIAL_USERNAME", "testuser")
|
||||||
os.Setenv("REGISTRY_CREDENTIAL_PASSWORD", "testpassword")
|
os.Setenv("REGISTRY_CREDENTIAL_PASSWORD", "testpassword")
|
||||||
@ -222,6 +233,10 @@ func TestMiddleware(t *testing.T) {
|
|||||||
input: req5.WithContext(ctx4),
|
input: req5.WithContext(ctx4),
|
||||||
status: http.StatusUnauthorized,
|
status: http.StatusUnauthorized,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
input: req6.WithContext(ctx5),
|
||||||
|
status: http.StatusUnauthorized,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for _, c := range cases {
|
for _, c := range cases {
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
|
Loading…
Reference in New Issue
Block a user