Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-12 02:41:50 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11349 from reasonerjt/fix-10602

Browse Source 
Not checking for registry credentials in v2auth
This commit is contained in:
Daniel Jiang 2020-03-31 10:26:33 +08:00 committed by GitHub
commit fdb82ae4fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/server/middleware/v2auth/auth.go
View File

@ -35,10 +35,6 @@ type reqChecker struct {
} }
func (rc *reqChecker) check(req *http.Request) error { func (rc *reqChecker) check(req *http.Request) error {
if rc.hasRegistryCred(req) {
// TODO: May consider implement a local authorizer for registry, more details see #10602
return nil
}
securityCtx, ok := security.FromContext(req.Context()) securityCtx, ok := security.FromContext(req.Context())
if !ok { if !ok {
return fmt.Errorf("the security context got from request is nil") return fmt.Errorf("the security context got from request is nil")
@ -87,12 +83,6 @@ func (rc *reqChecker) projectID(name string) (int64, error) {
return p.ProjectID, nil return p.ProjectID, nil
} }
func (rc *reqChecker) hasRegistryCred(req *http.Request) bool {
u, p, ok := req.BasicAuth()
regUser, regPass := config.RegistryCredential()
return ok && u == regUser && p == regPass
}
func getAction(req *http.Request) rbac.Action { func getAction(req *http.Request) rbac.Action {
pushActions := map[string]struct{}{ pushActions := map[string]struct{}{
http.MethodPost: {}, http.MethodPost: {},

15
src/server/middleware/v2auth/auth_test.go
View File

@ -153,28 +153,17 @@ func TestMiddleware(t *testing.T) {
ctx1 := lib.WithArtifactInfo(baseCtx, ar1) ctx1 := lib.WithArtifactInfo(baseCtx, ar1)
ctx2 := lib.WithArtifactInfo(baseCtx, ar2) ctx2 := lib.WithArtifactInfo(baseCtx, ar2)
ctx2x := lib.WithArtifactInfo(context.Background(), ar2) // no securityCtx
ctx3 := lib.WithArtifactInfo(baseCtx, ar3) ctx3 := lib.WithArtifactInfo(baseCtx, ar3)
ctx4 := lib.WithArtifactInfo(baseCtx, ar4) ctx4 := lib.WithArtifactInfo(baseCtx, ar4)
ctx5 := lib.WithArtifactInfo(baseCtx, ar5) ctx5 := lib.WithArtifactInfo(baseCtx, ar5)
req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil) req1a, _ := http.NewRequest(http.MethodGet, "/v2/project_1/hello-world/manifest/v1", nil)
req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil) req1b, _ := http.NewRequest(http.MethodDelete, "/v2/project_1/hello-world/manifest/v1", nil)
req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil) req2, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
req2x, _ := http.NewRequest(http.MethodGet, "/v2/library/ubuntu/manifest/14.04", nil)
req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil) req3, _ := http.NewRequest(http.MethodGet, "/v2/_catalog", nil)
req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil) req4, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_2/ubuntu", nil)
req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil) req5, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_3/ubuntu", nil)
req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil) req6, _ := http.NewRequest(http.MethodPost, "/v2/project_1/ubuntu/blobs/uploads/mount=?mount=sha256:08e4a417ff4e3913d8723a05cc34055db01c2fd165b588e049c5bad16ce6094f&from=project_0/ubuntu", nil)
os.Setenv("REGISTRY_CREDENTIAL_USERNAME", "testuser")
os.Setenv("REGISTRY_CREDENTIAL_PASSWORD", "testpassword")
defer func() {
os.Unsetenv("REGISTRY_CREDENTIAL_USERNAME")
os.Unsetenv("REGISTRY_CREDENTIAL_PASSWORD")
}()
req2x.SetBasicAuth("testuser", "testpassword")
cases := []struct { cases := []struct {
input *http.Request input *http.Request
status int status int
@ -191,10 +180,6 @@ func TestMiddleware(t *testing.T) {
input: req2.WithContext(ctx2), input: req2.WithContext(ctx2),
status: http.StatusUnauthorized, status: http.StatusUnauthorized,
}, },
{
input: req2x.WithContext(ctx2x),
status: http.StatusOK,
},
{ {
input: req3.WithContext(baseCtx), input: req3.WithContext(baseCtx),
status: http.StatusUnauthorized, status: http.StatusUnauthorized,