Skip to content
This repository has been archived by the owner on Jul 13, 2024. It is now read-only.

Commit

Permalink
Prompt for basic auth on all endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
Robert Lestak committed Aug 12, 2019
1 parent 4159b7f commit 713018e
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 21 deletions.
5 changes: 4 additions & 1 deletion registrymanager/pkg/catalog/catalog.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ import (
"github.com/umg/docker-registry-manager/pkg/users"
)

// BasicAuthRealm is the string name of the realm
const BasicAuthRealm string = "Docker Registry"

// Catalog contains the repositories list
type Catalog struct {
Repositories []string `json:"repositories"`
Expand Down Expand Up @@ -48,7 +51,7 @@ func fullCatalog() (*Catalog, error) {
func Handler(w http.ResponseWriter, r *http.Request) {
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", `Basic realm="Docker Registry"`)
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
Expand Down
6 changes: 5 additions & 1 deletion registrymanager/pkg/proxy/proxy.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package proxy

import (
"fmt"
"net/http"
"net/http/httputil"
"os"
Expand All @@ -9,11 +10,14 @@ import (
"github.com/umg/docker-registry-manager/pkg/users"
)

// BasicAuthRealm is the string name of the realm
const BasicAuthRealm string = "Docker Registry"

// Registry autheniticates the user and then forwards requests to the registry
func Registry(w http.ResponseWriter, r *http.Request) {
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", `Basic realm="Docker Registry"`)
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
Expand Down
60 changes: 41 additions & 19 deletions registrymanager/pkg/users/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ import (
"strings"
)

// BasicAuthRealm is the string name of the realm
const BasicAuthRealm string = "Docker Registry"

// GetCurrent returns the user for the current request
func GetCurrent(r *http.Request) (*User, error) {
un, pass, _ := r.BasicAuth()
Expand Down Expand Up @@ -46,6 +49,13 @@ func reqIsAdmin(r *http.Request) bool {

// CreateHandler creates a user
func CreateHandler(w http.ResponseWriter, r *http.Request) {
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
if !reqIsAdmin(r) {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
Expand Down Expand Up @@ -90,9 +100,11 @@ func CreateHandler(w http.ResponseWriter, r *http.Request) {

// PasswordChangeHandler changes a password for a user
func PasswordChangeHandler(w http.ResponseWriter, r *http.Request) {
un, p, _ := r.BasicAuth()
if un == "" || p == "" {
fmt.Fprint(w, "username and password required")
un, p, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
u := &User{
Expand Down Expand Up @@ -121,7 +133,7 @@ func PasswordChangeHandler(w http.ResponseWriter, r *http.Request) {
return
}
if u.AD {
http.Error(w, http.StatusText(http.StatusNetworkAuthenticationRequired), http.StatusBadRequest)
http.Error(w, http.StatusText(http.StatusNetworkAuthenticationRequired), http.StatusNetworkAuthenticationRequired)
return
}
u, err := u.ChangePass()
Expand All @@ -134,9 +146,11 @@ func PasswordChangeHandler(w http.ResponseWriter, r *http.Request) {

// UpdateHandler enables an admin to change a user's password
func UpdateHandler(w http.ResponseWriter, r *http.Request) {
un, p, _ := r.BasicAuth()
if un == "" || p == "" {
fmt.Fprint(w, "username and password required")
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
if !reqIsAdmin(r) {
Expand Down Expand Up @@ -178,9 +192,11 @@ func UpdateHandler(w http.ResponseWriter, r *http.Request) {

// DeleteHandler enables an admin to delete a user
func DeleteHandler(w http.ResponseWriter, r *http.Request) {
un, p, _ := r.BasicAuth()
if un == "" || p == "" {
fmt.Fprint(w, "username and password required")
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
if !reqIsAdmin(r) {
Expand All @@ -200,9 +216,11 @@ func DeleteHandler(w http.ResponseWriter, r *http.Request) {

// ChangeNamespacesHandler enables an admin to change a user's namespace
func ChangeNamespacesHandler(w http.ResponseWriter, r *http.Request) {
un, p, _ := r.BasicAuth()
if un == "" || p == "" {
fmt.Fprint(w, "username and password required")
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
if !reqIsAdmin(r) {
Expand All @@ -223,9 +241,11 @@ func ChangeNamespacesHandler(w http.ResponseWriter, r *http.Request) {

// GetHandler returns the data for a user
func GetHandler(w http.ResponseWriter, r *http.Request) {
un, p, _ := r.BasicAuth()
if un == "" || p == "" {
fmt.Fprint(w, "username and password required")
un, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
u := &User{
Expand All @@ -249,9 +269,11 @@ func GetHandler(w http.ResponseWriter, r *http.Request) {

// ListHandler enables an admin to list all users
func ListHandler(w http.ResponseWriter, r *http.Request) {
un, p, _ := r.BasicAuth()
if un == "" || p == "" {
fmt.Fprint(w, "username and password required")
_, _, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, BasicAuthRealm))
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(http.StatusText(http.StatusUnauthorized) + "\n"))
return
}
if !reqIsAdmin(r) {
Expand Down

0 comments on commit 713018e

Please sign in to comment.