github.com/adityamillind98/moby@v23.0.0-rc.4+incompatible/distribution/registry_unit_test.go (about) 1 package distribution // import "github.com/docker/docker/distribution" 2 3 import ( 4 "context" 5 "net/http" 6 "net/http/httptest" 7 "net/url" 8 "strings" 9 "testing" 10 11 "github.com/docker/distribution/reference" 12 "github.com/docker/docker/api/types" 13 registrytypes "github.com/docker/docker/api/types/registry" 14 "github.com/docker/docker/registry" 15 "github.com/sirupsen/logrus" 16 ) 17 18 const secretRegistryToken = "mysecrettoken" 19 20 type tokenPassThruHandler struct { 21 reached bool 22 gotToken bool 23 shouldSend401 func(url string) bool 24 } 25 26 func (h *tokenPassThruHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 27 h.reached = true 28 if strings.Contains(r.Header.Get("Authorization"), secretRegistryToken) { 29 logrus.Debug("Detected registry token in auth header") 30 h.gotToken = true 31 } 32 if h.shouldSend401 == nil || h.shouldSend401(r.RequestURI) { 33 w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`) 34 w.WriteHeader(401) 35 } 36 } 37 38 func testTokenPassThru(t *testing.T, ts *httptest.Server) { 39 uri, err := url.Parse(ts.URL) 40 if err != nil { 41 t.Fatalf("could not parse url from test server: %v", err) 42 } 43 44 endpoint := registry.APIEndpoint{ 45 Mirror: false, 46 URL: uri, 47 Version: 2, 48 Official: false, 49 TrimHostname: false, 50 TLSConfig: nil, 51 } 52 n, _ := reference.ParseNormalizedNamed("testremotename") 53 repoInfo := ®istry.RepositoryInfo{ 54 Name: n, 55 Index: ®istrytypes.IndexInfo{ 56 Name: "testrepo", 57 Mirrors: nil, 58 Secure: false, 59 Official: false, 60 }, 61 Official: false, 62 } 63 imagePullConfig := &ImagePullConfig{ 64 Config: Config{ 65 MetaHeaders: http.Header{}, 66 AuthConfig: &types.AuthConfig{ 67 RegistryToken: secretRegistryToken, 68 }, 69 }, 70 } 71 p := newPuller(endpoint, repoInfo, imagePullConfig, nil) 72 ctx := context.Background() 73 p.repo, err = newRepository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull") 74 if err != nil { 75 t.Fatal(err) 76 } 77 78 logrus.Debug("About to pull") 79 // We expect it to fail, since we haven't mock'd the full registry exchange in our handler above 80 tag, _ := reference.WithTag(n, "tag_goes_here") 81 _ = p.pullRepository(ctx, tag) 82 } 83 84 func TestTokenPassThru(t *testing.T) { 85 handler := &tokenPassThruHandler{shouldSend401: func(url string) bool { return url == "/v2/" }} 86 ts := httptest.NewServer(handler) 87 defer ts.Close() 88 89 testTokenPassThru(t, ts) 90 91 if !handler.reached { 92 t.Fatal("Handler not reached") 93 } 94 if !handler.gotToken { 95 t.Fatal("Failed to receive registry token") 96 } 97 } 98 99 func TestTokenPassThruDifferentHost(t *testing.T) { 100 handler := new(tokenPassThruHandler) 101 ts := httptest.NewServer(handler) 102 defer ts.Close() 103 104 tsredirect := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 105 if r.RequestURI == "/v2/" { 106 w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`) 107 w.WriteHeader(401) 108 return 109 } 110 http.Redirect(w, r, ts.URL+r.URL.Path, http.StatusMovedPermanently) 111 })) 112 defer tsredirect.Close() 113 114 testTokenPassThru(t, tsredirect) 115 116 if !handler.reached { 117 t.Fatal("Handler not reached") 118 } 119 if handler.gotToken { 120 t.Fatal("Redirect should not forward Authorization header to another host") 121 } 122 }