github.com/reds/docker@v1.11.2-rc1/distribution/registry_unit_test.go (about) 1 package distribution 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "net/url" 7 "os" 8 "strings" 9 "testing" 10 11 "github.com/Sirupsen/logrus" 12 "github.com/docker/docker/reference" 13 "github.com/docker/docker/registry" 14 "github.com/docker/docker/utils" 15 "github.com/docker/engine-api/types" 16 registrytypes "github.com/docker/engine-api/types/registry" 17 "golang.org/x/net/context" 18 ) 19 20 const secretRegistryToken = "mysecrettoken" 21 22 type tokenPassThruHandler struct { 23 reached bool 24 gotToken bool 25 shouldSend401 func(url string) bool 26 } 27 28 func (h *tokenPassThruHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 29 h.reached = true 30 if strings.Contains(r.Header.Get("Authorization"), secretRegistryToken) { 31 logrus.Debug("Detected registry token in auth header") 32 h.gotToken = true 33 } 34 if h.shouldSend401 == nil || h.shouldSend401(r.RequestURI) { 35 w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`) 36 w.WriteHeader(401) 37 } 38 } 39 40 func testTokenPassThru(t *testing.T, ts *httptest.Server) { 41 tmp, err := utils.TestDirectory("") 42 if err != nil { 43 t.Fatal(err) 44 } 45 defer os.RemoveAll(tmp) 46 47 uri, err := url.Parse(ts.URL) 48 if err != nil { 49 t.Fatalf("could not parse url from test server: %v", err) 50 } 51 52 endpoint := registry.APIEndpoint{ 53 Mirror: false, 54 URL: uri, 55 Version: 2, 56 Official: false, 57 TrimHostname: false, 58 TLSConfig: nil, 59 //VersionHeader: "verheader", 60 } 61 n, _ := reference.ParseNamed("testremotename") 62 repoInfo := ®istry.RepositoryInfo{ 63 Named: n, 64 Index: ®istrytypes.IndexInfo{ 65 Name: "testrepo", 66 Mirrors: nil, 67 Secure: false, 68 Official: false, 69 }, 70 Official: false, 71 } 72 imagePullConfig := &ImagePullConfig{ 73 MetaHeaders: http.Header{}, 74 AuthConfig: &types.AuthConfig{ 75 RegistryToken: secretRegistryToken, 76 }, 77 } 78 puller, err := newPuller(endpoint, repoInfo, imagePullConfig) 79 if err != nil { 80 t.Fatal(err) 81 } 82 p := puller.(*v2Puller) 83 ctx := context.Background() 84 p.repo, _, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull") 85 if err != nil { 86 t.Fatal(err) 87 } 88 89 logrus.Debug("About to pull") 90 // We expect it to fail, since we haven't mock'd the full registry exchange in our handler above 91 tag, _ := reference.WithTag(n, "tag_goes_here") 92 _ = p.pullV2Repository(ctx, tag) 93 } 94 95 func TestTokenPassThru(t *testing.T) { 96 handler := &tokenPassThruHandler{shouldSend401: func(url string) bool { return url == "/v2/" }} 97 ts := httptest.NewServer(handler) 98 defer ts.Close() 99 100 testTokenPassThru(t, ts) 101 102 if !handler.reached { 103 t.Fatal("Handler not reached") 104 } 105 if !handler.gotToken { 106 t.Fatal("Failed to receive registry token") 107 } 108 } 109 110 func TestTokenPassThruDifferentHost(t *testing.T) { 111 handler := new(tokenPassThruHandler) 112 ts := httptest.NewServer(handler) 113 defer ts.Close() 114 115 tsredirect := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 116 if r.RequestURI == "/v2/" { 117 w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`) 118 w.WriteHeader(401) 119 return 120 } 121 http.Redirect(w, r, ts.URL+r.URL.Path, http.StatusMovedPermanently) 122 })) 123 defer tsredirect.Close() 124 125 testTokenPassThru(t, tsredirect) 126 127 if !handler.reached { 128 t.Fatal("Handler not reached") 129 } 130 if handler.gotToken { 131 t.Fatal("Redirect should not forward Authorization header to another host") 132 } 133 }