From a79fabbfe84117696a19671f4aa88b82d0f64fc1 Mon Sep 17 00:00:00 2001
From: Jameson Hyde <jameson.hyde@docker.com>
Date: Sat, 1 Dec 2018 11:25:49 -0500
Subject: [PATCH] If url includes scheme, urlPath will drop hostname, which
 would not match the auth check

Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>
(cherry picked from commit 754fb8d9d03895ae3ab60d2ad778152b0d835206)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
---
 pkg/authorization/authz.go           |  6 ++---
 pkg/authorization/authz_unix_test.go | 35 ++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/pkg/authorization/authz.go b/pkg/authorization/authz.go
index f63b88518a..f504b13d73 100644
--- a/pkg/authorization/authz.go
+++ b/pkg/authorization/authz.go
@@ -56,11 +56,11 @@ type Ctx struct {
 
 func isChunked(r *http.Request) bool {
 	//RFC 7230 specifies that content length is to be ignored if Transfer-Encoding is chunked
-	if strings.ToLower(r.Header.Get("Transfer-Encoding")) == "chunked" {
+	if strings.EqualFold(r.Header.Get("Transfer-Encoding"), "chunked") {
 		return true
 	}
 	for _, v := range r.TransferEncoding {
-		if 0 == strings.Compare(strings.ToLower(v), "chunked") {
+		if strings.EqualFold(v, "chunked") {
 			return true
 		}
 	}
@@ -162,7 +162,7 @@ func drainBody(body io.ReadCloser) ([]byte, io.ReadCloser, error) {
 
 func isAuthEndpoint(urlPath string) (bool, error) {
 	// eg www.test.com/v1.24/auth/optional?optional1=something&optional2=something (version optional)
-	matched, err := regexp.MatchString(`^[^\/]+\/(v\d[\d\.]*\/)?auth.*`, urlPath)
+	matched, err := regexp.MatchString(`^[^\/]*\/(v\d[\d\.]*\/)?auth.*`, urlPath)
 	if err != nil {
 		return false, err
 	}
diff --git a/pkg/authorization/authz_unix_test.go b/pkg/authorization/authz_unix_test.go
index 0fc51d32a1..8f45d3ac92 100644
--- a/pkg/authorization/authz_unix_test.go
+++ b/pkg/authorization/authz_unix_test.go
@@ -259,6 +259,41 @@ func TestSendBody(t *testing.T) {
 				contentType: "application/json;charset=UTF8",
 				expected:    false,
 			},
+			{
+				url:         "www.nothing.com/v1.24/auth/test",
+				contentType: "application/json;charset=UTF8",
+				expected:    false,
+			},
+			{
+				url:         "https://www.nothing.com/v1.24/auth/test",
+				contentType: "application/json;charset=UTF8",
+				expected:    false,
+			},
+			{
+				url:         "http://nothing.com/v1.24/auth/test",
+				contentType: "application/json;charset=UTF8",
+				expected:    false,
+			},
+			{
+				url:         "www.nothing.com/test?p1=/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				url:         "http://www.nothing.com/test?p1=/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				url:         "www.nothing.com/something/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				url:         "https://www.nothing.com/something/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
 		}
 	)