Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-23 02:35:17 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #14768 from reasonerjt/fix-14711

Browse Source 
Return 401 for GET request to /v2 API for public artifacts.
This commit is contained in:
Daniel Jiang 2021-04-29 15:23:45 +08:00 committed by GitHub
commit c2ab1769b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/server/middleware/v2auth/auth.go
View File

@ -60,7 +60,8 @@ func (rc *reqChecker) check(req *http.Request) (string, error) {
return getChallenge(req, al), fmt.Errorf("unauthorized to list catalog") return getChallenge(req, al), fmt.Errorf("unauthorized to list catalog")
} }
} }
if a.target == repository && req.Header.Get(authHeader) == "" && req.Method == http.MethodHead { // make sure 401 is returned for CLI HEAD, see #11271 if a.target == repository && req.Header.Get(authHeader) == "" &&
(req.Method == http.MethodHead || req.Method == http.MethodGet) { // make sure 401 is returned for CLI HEAD, see #11271
return getChallenge(req, al), fmt.Errorf("authorize header needed to send HEAD to repository") return getChallenge(req, al), fmt.Errorf("authorize header needed to send HEAD to repository")
} else if a.target == repository { } else if a.target == repository {
pn := strings.Split(a.name, "/")[0] pn := strings.Split(a.name, "/")[0]

14
src/server/middleware/v2auth/auth_test.go
View File

@ -153,6 +153,10 @@ func TestMiddleware(t *testing.T) {
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil) req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil) req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
req1c, _ := http.NewRequest(http.MethodHead, "/v2/project_1/hello-world/manifest/v1", nil) req1c, _ := http.NewRequest(http.MethodHead, "/v2/project_1/hello-world/manifest/v1", nil)
req1d, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
req1d.Header.Set("Authorization", "Bearer xxx")
req1e, _ := http.NewRequest(http.MethodHead, "/v2/project_1/hello-world/manifest/v1", nil)
req1e.Header.Set("Authorization", "Bearer xxx")
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil) req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil) req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil) req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
@ -165,7 +169,7 @@ func TestMiddleware(t *testing.T) {
}{ }{
{ {
input: req1a.WithContext(ctx1), input: req1a.WithContext(ctx1),
status: http.StatusOK, status: http.StatusUnauthorized,
}, },
{ {
input: req1b.WithContext(ctx1), input: req1b.WithContext(ctx1),
@ -175,6 +179,14 @@ func TestMiddleware(t *testing.T) {
input: req1c.WithContext(ctx1), input: req1c.WithContext(ctx1),
status: http.StatusUnauthorized, status: http.StatusUnauthorized,
}, },
{
input: req1d.WithContext(ctx1),
status: http.StatusOK,
},
{
input: req1e.WithContext(ctx1),
status: http.StatusOK,
},
{ {
input: req2.WithContext(ctx2), input: req2.WithContext(ctx2),
status: http.StatusUnauthorized, status: http.StatusUnauthorized,