mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-12 10:50:44 +01:00
Fix nilpointer issue in v2 auth middleware
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
582fac5dae
commit
9fb676c219
@ -58,11 +58,11 @@ func (rc *reqChecker) check(req *http.Request) error {
|
||||
return fmt.Errorf("unauthorized to access repository: %s, action: %s", a.Repository, action)
|
||||
}
|
||||
if req.Method == http.MethodPost && a.BlobMountProjectName != "" { // check permission for the source of blob mount
|
||||
p, err := rc.pm.Get(a.BlobMountProjectName)
|
||||
pid, err := rc.projectID(a.BlobMountProjectName)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
resource := rbac.NewProjectNamespace(p.ProjectID).Resource(rbac.ResourceRepository)
|
||||
resource := rbac.NewProjectNamespace(pid).Resource(rbac.ResourceRepository)
|
||||
if !securityCtx.Can(rbac.ActionPull, resource) {
|
||||
return fmt.Errorf("unauthorized to access repository from which to mount blob: %s, action: %s", a.BlobMountRepository, rbac.ActionPull)
|
||||
}
|
||||
|
@ -168,11 +168,21 @@ func TestMiddleware(t *testing.T) {
|
||||
BlobMountProjectName: "project_3",
|
||||
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
|
||||
}
|
||||
ar5 := &middleware.ArtifactInfo{
|
||||
Repository: "project_1/ubuntu",
|
||||
Reference: "14.04",
|
||||
ProjectName: "project_1",
|
||||
BlobMountRepository: "project_0/ubuntu",
|
||||
BlobMountProjectName: "project_0",
|
||||
BlobMountDigest: "sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f",
|
||||
}
|
||||
|
||||
ctx1 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar1)
|
||||
ctx2 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar2)
|
||||
ctx2x := context.WithValue(context.Background(), middleware.ArtifactInfoKey, ar2) // no securityCtx
|
||||
ctx3 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar3)
|
||||
ctx4 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar4)
|
||||
ctx5 := context.WithValue(baseCtx, middleware.ArtifactInfoKey, ar5)
|
||||
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
||||
@ -180,6 +190,7 @@ func TestMiddleware(t *testing.T) {
|
||||
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
|
||||
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
|
||||
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
|
||||
req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil)
|
||||
|
||||
os.Setenv("REGISTRY_CREDENTIAL_USERNAME", "testuser")
|
||||
os.Setenv("REGISTRY_CREDENTIAL_PASSWORD", "testpassword")
|
||||
@ -222,6 +233,10 @@ func TestMiddleware(t *testing.T) {
|
||||
input: req5.WithContext(ctx4),
|
||||
status: http.StatusUnauthorized,
|
||||
},
|
||||
{
|
||||
input: req6.WithContext(ctx5),
|
||||
status: http.StatusUnauthorized,
|
||||
},
|
||||
}
|
||||
for _, c := range cases {
|
||||
rec := httptest.NewRecorder()
|
||||
|
Loading…
Reference in New Issue
Block a user