From 9251b6c8cfaa5db738212c467c79f8c3aceb5b7d Mon Sep 17 00:00:00 2001 From: troyready Date: Tue, 2 Mar 2021 18:12:29 -0800 Subject: add /auth for docker compatibility This endpoint just validates credentials: https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977 Fixes: #9564 Signed-off-by: troyready --- test/apiv2/rest_api/test_rest_v2_0_0.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'test') diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py index c0b61ea85..062cf9386 100644 --- a/test/apiv2/rest_api/test_rest_v2_0_0.py +++ b/test/apiv2/rest_api/test_rest_v2_0_0.py @@ -555,16 +555,17 @@ class TestApi(unittest.TestCase): self.assertIn(name, payload["VolumesDeleted"]) self.assertGreater(payload["SpaceReclaimed"], 0) - def test_auth_compat(self): - r = requests.post( - PODMAN_URL + "/v1.40/auth", - json={ - "username": "bozo", - "password": "wedontneednopasswords", - "serveraddress": "https://localhost/v1.40/", - }, - ) - self.assertEqual(r.status_code, 404, r.content) + # TBD: how to test auth endpoint (which in turn requires a docker registry to connect to) + # def test_auth_compat(self): + # r = requests.post( + # PODMAN_URL + "/v1.40/auth", + # json={ + # "username": "bozo", + # "password": "wedontneednopasswords", + # "serveraddress": "https://localhost/v1.40/", + # }, + # ) + # self.assertEqual(r.status_code, 404, r.content) def test_version(self): r = requests.get(PODMAN_URL + "/v1.40/version") -- cgit v1.2.3-54-g00ecf From 955aaccc55218cd0022a1180df4c15bb27674a8f Mon Sep 17 00:00:00 2001 From: troyready Date: Wed, 10 Mar 2021 19:16:03 -0800 Subject: fix use with localhost (testing) Signed-off-by: troyready --- pkg/api/handlers/compat/auth.go | 12 ++++++++++-- test/apiv2/60-auth.at | 24 +++++++++--------------- test/apiv2/rest_api/test_rest_v2_0_0.py | 12 ------------ 3 files changed, 19 insertions(+), 29 deletions(-) (limited to 'test') diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go index e914301f4..2c152fbc2 100644 --- a/pkg/api/handlers/compat/auth.go +++ b/pkg/api/handlers/compat/auth.go @@ -16,6 +16,13 @@ import ( "github.com/pkg/errors" ) +func stripAddressOfScheme(address string) string { + for _, s := range []string{"https", "http"} { + address = strings.TrimPrefix(address, s+"://") + } + return address +} + func Auth(w http.ResponseWriter, r *http.Request) { var authConfig docker.AuthConfig err := json.NewDecoder(r.Body).Decode(&authConfig) @@ -25,7 +32,7 @@ func Auth(w http.ResponseWriter, r *http.Request) { } skipTLS := types.NewOptionalBool(false) - if strings.HasPrefix(authConfig.ServerAddress, "http://localhost/") || strings.HasPrefix(authConfig.ServerAddress, "http://localhost:") { + if strings.HasPrefix(authConfig.ServerAddress, "https://localhost/") || strings.HasPrefix(authConfig.ServerAddress, "https://localhost:") || strings.HasPrefix(authConfig.ServerAddress, "localhost:") { // support for local testing skipTLS = types.NewOptionalBool(true) } @@ -37,7 +44,8 @@ func Auth(w http.ResponseWriter, r *http.Request) { DockerInsecureSkipTLSVerify: skipTLS, SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), } - if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, authConfig.ServerAddress); err == nil { + registry := stripAddressOfScheme(authConfig.ServerAddress) + if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, registry); err == nil { utils.WriteResponse(w, http.StatusOK, entities.AuthReport{ IdentityToken: "", Status: "Login Succeeded", diff --git a/test/apiv2/60-auth.at b/test/apiv2/60-auth.at index 378955cd7..cfde519c1 100644 --- a/test/apiv2/60-auth.at +++ b/test/apiv2/60-auth.at @@ -5,25 +5,19 @@ start_registry -# FIXME FIXME FIXME: remove the 'if false' for use with PR 9589 -if false; then - -# FIXME FIXME: please forgive the horrible POST params format; I have an -# upcoming PR which should fix that. - # Test with wrong password. Confirm bad status and appropriate error message -t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"WrOnGPassWord\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \ +t POST /v1.40/auth username=$REGISTRY_USERNAME password=WrOnGPassWord serveraddress=localhost:$REGISTRY_PORT/ \ 400 \ .Status~'.* invalid username/password' -# Test with the right password. Confirm status message and reasonable token -t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \ +# Test with the right password. Confirm status message +t POST /v1.40/auth username=$REGISTRY_USERNAME password=$REGISTRY_PASSWORD serveraddress=localhost:$REGISTRY_PORT/ \ 200 \ .Status="Login Succeeded" \ - .IdentityToken~[a-zA-Z0-9] - -# FIXME: now what? Try something-something using that token? -token=$(jq -r .IdentityToken <<<"$output") -# ... + .IdentityToken="" -fi # FIXME FIXME FIXME: remove when working +# Same test with url scheme provided +t POST /v1.40/auth username=$REGISTRY_USERNAME password=$REGISTRY_PASSWORD serveraddress=https://localhost:$REGISTRY_PORT/ \ + 200 \ + .Status="Login Succeeded" \ + .IdentityToken="" diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py index 062cf9386..d7910f555 100644 --- a/test/apiv2/rest_api/test_rest_v2_0_0.py +++ b/test/apiv2/rest_api/test_rest_v2_0_0.py @@ -555,18 +555,6 @@ class TestApi(unittest.TestCase): self.assertIn(name, payload["VolumesDeleted"]) self.assertGreater(payload["SpaceReclaimed"], 0) - # TBD: how to test auth endpoint (which in turn requires a docker registry to connect to) - # def test_auth_compat(self): - # r = requests.post( - # PODMAN_URL + "/v1.40/auth", - # json={ - # "username": "bozo", - # "password": "wedontneednopasswords", - # "serveraddress": "https://localhost/v1.40/", - # }, - # ) - # self.assertEqual(r.status_code, 404, r.content) - def test_version(self): r = requests.get(PODMAN_URL + "/v1.40/version") self.assertEqual(r.status_code, 200, r.content) -- cgit v1.2.3-54-g00ecf