Browse Source

Fix token basic auth header issue

When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.

Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Josh Hawn 10 năm trước cách đây
mục cha
commit
8bfdad9a0d
3 tập tin đã thay đổi với 9 bổ sung2 xóa
  1. 3 0
      graph/pull.go
  2. 2 0
      registry/session_v2.go
  3. 4 2
      registry/token.go

+ 3 - 0
graph/pull.go

@@ -387,6 +387,9 @@ func (s *TagStore) pullV2Repository(eng *engine.Engine, r *registry.Session, out
 		if err != nil {
 			return err
 		}
+		if len(tags) == 0 {
+			return registry.ErrDoesNotExist
+		}
 		for _, t := range tags {
 			if downloaded, err := s.pullV2Tag(eng, r, out, endpoint, repoInfo, t, sf, parallel, auth); err != nil {
 				return err

+ 2 - 0
registry/session_v2.go

@@ -128,6 +128,8 @@ func (r *Session) HeadV2ImageBlob(ep *Endpoint, imageName, sumType, sum string,
 	case res.StatusCode >= 200 && res.StatusCode < 400:
 		// return something indicating no push needed
 		return true, nil
+	case res.StatusCode == 401:
+		return false, errLoginRequired
 	case res.StatusCode == 404:
 		// return something indicating blob push needed
 		return false, nil

+ 4 - 2
registry/token.go

@@ -51,10 +51,12 @@ func getToken(username, password string, params map[string]string, registryEndpo
 		reqParams.Add("scope", scopeField)
 	}
 
-	reqParams.Add("account", username)
+	if username != "" {
+		reqParams.Add("account", username)
+		req.SetBasicAuth(username, password)
+	}
 
 	req.URL.RawQuery = reqParams.Encode()
-	req.SetBasicAuth(username, password)
 
 	resp, err := client.Do(req)
 	if err != nil {