From c82d3181e453ef57a8bfde61e54dc7912cca50de Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Tue, 13 Aug 2019 16:27:32 +0200
Subject: [PATCH 1/2] don't log Authorization header when Basic Auth fails

Basic auth looks at the Authorization header and checks that its
purpose is to serve for basic auth (starts with "Basic"). It would
log it if this check fails which might print the bearer token in
cases where e.g. service account already has its token and just wants
to access the armored endpoints.
---
 oauthproxy.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index 7ae629b50..2a1eb5178 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -771,7 +771,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
 	if session == nil {
 		session, err = p.CheckBasicAuth(req)
 		if err != nil {
-			log.Printf("%s %s", remoteAddr, err)
+			log.Printf("basicauth: %s %s", remoteAddr, err)
 		}
 	}
 
@@ -779,7 +779,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
 	if session == nil {
 		session, err = p.CheckRequestAuth(req)
 		if err != nil {
-			log.Printf("%s %s", remoteAddr, err)
+			log.Printf("requestauth: %s %s", remoteAddr, err)
 		}
 		tokenProvidedByClient = true
 	}
@@ -829,7 +829,7 @@ func (p *OAuthProxy) CheckBasicAuth(req *http.Request) (*providers.SessionState,
 	}
 	s := strings.SplitN(auth, " ", 2)
 	if len(s) != 2 || s[0] != "Basic" {
-		return nil, fmt.Errorf("invalid Authorization header %s", req.Header.Get("Authorization"))
+		return nil, fmt.Errorf("Authorization header does not start with 'Basic', skipping basic authentication")
 	}
 	b, err := b64.StdEncoding.DecodeString(s[1])
 	if err != nil {

From 32bc66e5d784822e7c96b840ea3f15d0352637ca Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Wed, 14 Aug 2019 09:21:27 +0200
Subject: [PATCH 2/2] travis: replace DOCKER_OPTS with insecure registries
 config

---
 .travis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 22d573f0f..65041ad27 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,8 +7,8 @@ install:
   - echo "Skip go get"
 
 before_script:
-  - echo 'DOCKER_OPTS="--insecure-registry 172.30.0.0/16 -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock"' | sudo tee --append /etc/default/docker
-  - sudo service docker restart
+  - "sudo cat /etc/docker/daemon.json | jq '. + {\"insecure-registries\": [\"172.30.0.0/16\"]}' | sudo tee /etc/docker/daemon.json"
+  - sudo systemctl restart docker
   - sudo docker run -d -p 5000:5000 --restart=always --name registry registry:2
   - sudo ps aux | grep docker