diff options
Diffstat (limited to 'pkg/auth')
-rw-r--r-- | pkg/auth/auth.go | 6 | ||||
-rw-r--r-- | pkg/auth/auth_test.go | 37 |
2 files changed, 40 insertions, 3 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 73822eecf..60c40a40b 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -115,7 +115,7 @@ func getAuthCredentials(r *http.Request) (*types.DockerAuthConfig, string, error } // Fallback to looking for a single-auth header (i.e., one config). - authConfigs, err = singleAuthHeader(r) + authConfigs, err = parseSingleAuthHeader(r) if err != nil { return nil, "", err } @@ -309,9 +309,9 @@ func imageAuthToDockerAuth(authConfig types.DockerAuthConfig) dockerAPITypes.Aut } } -// singleAuthHeader extracts a DockerAuthConfig from the request's header. +// parseSingleAuthHeader extracts a DockerAuthConfig from the request's header. // The header content is a single DockerAuthConfig. -func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) { +func parseSingleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) { authHeader := r.Header.Get(string(XRegistryAuthHeader)) authConfig := dockerAPITypes.AuthConfig{} // Accept "null" and handle it as empty value for compatibility reason with Docker. diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go index 97e7fe1ec..a0b97b106 100644 --- a/pkg/auth/auth_test.go +++ b/pkg/auth/auth_test.go @@ -68,6 +68,43 @@ func TestAuthConfigsToAuthFile(t *testing.T) { } } +func TestParseSingleAuthHeader(t *testing.T) { + for _, tc := range []struct { + input string + shouldErr bool + expected map[string]types.DockerAuthConfig + }{ + { + input: "", // An empty (or missing) header + expected: map[string]types.DockerAuthConfig{"0": {}}, + }, + { + input: "null", + expected: map[string]types.DockerAuthConfig{"0": {}}, + }, + // Invalid JSON + {input: "@", shouldErr: true}, + // Success + { + input: base64.URLEncoding.EncodeToString([]byte(`{"username":"u1","password":"p1"}`)), + expected: map[string]types.DockerAuthConfig{ + "0": {Username: "u1", Password: "p1"}, + }, + }, + } { + req, err := http.NewRequest(http.MethodPost, "/", nil) + require.NoError(t, err, tc.input) + req.Header.Set(XRegistryAuthHeader.String(), tc.input) + res, err := parseSingleAuthHeader(req) + if tc.shouldErr { + assert.Error(t, err, tc.input) + } else { + require.NoError(t, err, tc.input) + assert.Equal(t, tc.expected, res, tc.input) + } + } +} + func TestParseMultiAuthHeader(t *testing.T) { for _, tc := range []struct { input string |