reg/registry/tokentransport_test.go

package registry

import (
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"

	"github.com/docker/docker/api/types"
)

func TestErrBasicAuth(t *testing.T) {
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.URL.Path == "/" {
			w.Header().Set("www-authenticate", `Basic realm="Registry Realm",service="Docker registry"`)
			w.WriteHeader(http.StatusUnauthorized)
		} else {
			w.WriteHeader(http.StatusOK)
		}
	}))
	defer ts.Close()

	authConfig := types.AuthConfig{
		Username:      "j3ss",
		Password:      "ss3j",
		ServerAddress: ts.URL,
	}
	r, err := New(authConfig.ServerAddress, authConfig, Opt{Insecure: true, Debug: true})
	if err != nil {
		t.Fatalf("expected no error creating client, got %v", err)
	}
	token, err := r.Token(ts.URL)
	if err != ErrBasicAuth {
		t.Fatalf("expected ErrBasicAuth getting token, got %v", err)
	}
	if token != "" {
		t.Fatalf("expected empty token, got %v", err)
	}
}

var authURI string

func oauthFlow(w http.ResponseWriter, r *http.Request) {
	if strings.HasPrefix(r.URL.Path, "/oauth2/accesstoken") {
		w.Header().Set("Content-Type", "application/json")
		w.WriteHeader(http.StatusOK)
		w.Write([]byte(`{"access_token":"abcdef1234"}`))
		return
	}
	if strings.HasPrefix(r.URL.Path, "/oauth2/token") {
		w.Header().Set("Content-Type", "application/json")
		w.WriteHeader(http.StatusOK)
		w.Write([]byte(`{"token":"abcdef1234"}`))
		return
	}
	auth := r.Header.Get("authorization")
	if !strings.HasPrefix(auth, "Bearer") {
		w.Header().Set("Content-Type", "application/json; charset=utf-8")
		if authURI != "" {
			w.Header().Set("www-authenticate", `Bearer realm="`+authURI+`/oauth2/token",service="my.endpoint.here"`)
		}
		w.WriteHeader(http.StatusUnauthorized)
		w.Write([]byte(`{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}`))
		return
	}
	w.WriteHeader(http.StatusOK)
}

func TestBothTokenAndAccessTokenWork(t *testing.T) {
	ts := httptest.NewServer(http.HandlerFunc(oauthFlow))
	defer ts.Close()

	for _, which := range []string{"token", "accesstoken"} {
		authURI = ts.URL + "/oauth2/" + which + "?service=my.endpoint.here"
		authConfig := types.AuthConfig{
			Username:      "abc",
			Password:      "123",
			ServerAddress: ts.URL,
		}
		authConfig.Email = "me@email.com"
		r, err := New(authConfig, Opt{Insecure: true, Debug: true})
		if err != nil {
			t.Fatalf("expected no error creating client, got %v", err)
		}
		token, err := r.Token(ts.URL)
		if err != nil {
			t.Fatalf("err getting token from url: %v err: %v", ts.URL, err)
		}
		if token == "" {
			t.Fatalf("error got empty token")
		}
	}
}
Use a distinguished error value for basic auth. (#120) Rather than returning an error that requires pattern-matching from `parseChallenge` when the challenge header requires basic authentication, return a distinguished error value. This makes checking for this error a bit easier. This commit also updates the check in `r.Headers` to use the new error value and adds a couple of regression tests. 2018-07-26 17:13:58 -04:00			`package registry`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
support 'access_token' for compatibility with OAuth 2.0 https://docs.docker.com/registry/spec/auth/token/#requesting-a-token (#124) 2018-11-14 10:01:36 -05:00			`"strings"`
Use a distinguished error value for basic auth. (#120) Rather than returning an error that requires pattern-matching from `parseChallenge` when the challenge header requires basic authentication, return a distinguished error value. This makes checking for this error a bit easier. This commit also updates the check in `r.Headers` to use the new error value and adds a couple of regression tests. 2018-07-26 17:13:58 -04:00			`"testing"`

			`"github.com/docker/docker/api/types"`
			`)`

			`func TestErrBasicAuth(t *testing.T) {`
			`ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if r.URL.Path == "/" {`
			w.Header().Set("www-authenticate", `Basic realm="Registry Realm",service="Docker registry"`)
			`w.WriteHeader(http.StatusUnauthorized)`
			`} else {`
			`w.WriteHeader(http.StatusOK)`
			`}`
			`}))`
			`defer ts.Close()`

			`authConfig := types.AuthConfig{`
			`Username: "j3ss",`
			`Password: "ss3j",`
			`ServerAddress: ts.URL,`
			`}`
add --auth-url parameter (#90) (#105) Signed-off-by: Alex Zillion <alex@alexzillion.com> 2018-11-14 10:06:30 -05:00			`r, err := New(authConfig.ServerAddress, authConfig, Opt{Insecure: true, Debug: true})`
Use a distinguished error value for basic auth. (#120) Rather than returning an error that requires pattern-matching from `parseChallenge` when the challenge header requires basic authentication, return a distinguished error value. This makes checking for this error a bit easier. This commit also updates the check in `r.Headers` to use the new error value and adds a couple of regression tests. 2018-07-26 17:13:58 -04:00			`if err != nil {`
			`t.Fatalf("expected no error creating client, got %v", err)`
			`}`
			`token, err := r.Token(ts.URL)`
			`if err != ErrBasicAuth {`
			`t.Fatalf("expected ErrBasicAuth getting token, got %v", err)`
			`}`
			`if token != "" {`
			`t.Fatalf("expected empty token, got %v", err)`
			`}`
			`}`
support 'access_token' for compatibility with OAuth 2.0 https://docs.docker.com/registry/spec/auth/token/#requesting-a-token (#124) 2018-11-14 10:01:36 -05:00
			`var authURI string`

			`func oauthFlow(w http.ResponseWriter, r *http.Request) {`
			`if strings.HasPrefix(r.URL.Path, "/oauth2/accesstoken") {`
			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(http.StatusOK)`
			w.Write([]byte(`{"access_token":"abcdef1234"}`))
			`return`
			`}`
			`if strings.HasPrefix(r.URL.Path, "/oauth2/token") {`
			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(http.StatusOK)`
			w.Write([]byte(`{"token":"abcdef1234"}`))
			`return`
			`}`
			`auth := r.Header.Get("authorization")`
			`if !strings.HasPrefix(auth, "Bearer") {`
			`w.Header().Set("Content-Type", "application/json; charset=utf-8")`
			`if authURI != "" {`
			w.Header().Set("www-authenticate", `Bearer realm="`+authURI+`/oauth2/token",service="my.endpoint.here"`)
			`}`
			`w.WriteHeader(http.StatusUnauthorized)`
			w.Write([]byte(`{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}`))
			`return`
			`}`
			`w.WriteHeader(http.StatusOK)`
			`}`

			`func TestBothTokenAndAccessTokenWork(t *testing.T) {`
			`ts := httptest.NewServer(http.HandlerFunc(oauthFlow))`
			`defer ts.Close()`

			`for _, which := range []string{"token", "accesstoken"} {`
			`authURI = ts.URL + "/oauth2/" + which + "?service=my.endpoint.here"`
			`authConfig := types.AuthConfig{`
			`Username: "abc",`
			`Password: "123",`
			`ServerAddress: ts.URL,`
			`}`
			`authConfig.Email = "me@email.com"`
			`r, err := New(authConfig, Opt{Insecure: true, Debug: true})`
			`if err != nil {`
			`t.Fatalf("expected no error creating client, got %v", err)`
			`}`
			`token, err := r.Token(ts.URL)`
			`if err != nil {`
			`t.Fatalf("err getting token from url: %v err: %v", ts.URL, err)`
			`}`
			`if token == "" {`
			`t.Fatalf("error got empty token")`
			`}`
			`}`
			`}`