mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 20:26:13 +01:00
Merge pull request #14768 from reasonerjt/fix-14711
Return 401 for GET request to /v2 API for public artifacts.
This commit is contained in:
commit
c2ab1769b3
@ -60,7 +60,8 @@ func (rc *reqChecker) check(req *http.Request) (string, error) {
|
||||
return getChallenge(req, al), fmt.Errorf("unauthorized to list catalog")
|
||||
}
|
||||
}
|
||||
if a.target == repository && req.Header.Get(authHeader) == "" && req.Method == http.MethodHead { // make sure 401 is returned for CLI HEAD, see #11271
|
||||
if a.target == repository && req.Header.Get(authHeader) == "" &&
|
||||
(req.Method == http.MethodHead || req.Method == http.MethodGet) { // make sure 401 is returned for CLI HEAD, see #11271
|
||||
return getChallenge(req, al), fmt.Errorf("authorize header needed to send HEAD to repository")
|
||||
} else if a.target == repository {
|
||||
pn := strings.Split(a.name, "/")[0]
|
||||
|
@ -153,6 +153,10 @@ func TestMiddleware(t *testing.T) {
|
||||
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req1c, _ := http.NewRequest(http.MethodHead, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req1d, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req1d.Header.Set("Authorization", "Bearer xxx")
|
||||
req1e, _ := http.NewRequest(http.MethodHead, "/v2/project_1/hello-world/manifest/v1", nil)
|
||||
req1e.Header.Set("Authorization", "Bearer xxx")
|
||||
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
|
||||
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
|
||||
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
|
||||
@ -165,7 +169,7 @@ func TestMiddleware(t *testing.T) {
|
||||
}{
|
||||
{
|
||||
input: req1a.WithContext(ctx1),
|
||||
status: http.StatusOK,
|
||||
status: http.StatusUnauthorized,
|
||||
},
|
||||
{
|
||||
input: req1b.WithContext(ctx1),
|
||||
@ -175,6 +179,14 @@ func TestMiddleware(t *testing.T) {
|
||||
input: req1c.WithContext(ctx1),
|
||||
status: http.StatusUnauthorized,
|
||||
},
|
||||
{
|
||||
input: req1d.WithContext(ctx1),
|
||||
status: http.StatusOK,
|
||||
},
|
||||
{
|
||||
input: req1e.WithContext(ctx1),
|
||||
status: http.StatusOK,
|
||||
},
|
||||
{
|
||||
input: req2.WithContext(ctx2),
|
||||
status: http.StatusUnauthorized,
|
||||
|
Loading…
Reference in New Issue
Block a user