From 0ff43808ca17edbad97695b1c7838163b0cc44e6 Mon Sep 17 00:00:00 2001
From: Chris Smith <csmith@users.noreply.github.com>
Date: Mon, 11 Dec 2017 15:42:19 +0000
Subject: [PATCH] Add more useful error for bad credentials. (#51)

* Add more useful error for bad credentials.

The www-authenticate: basic response currently gets caught by
the token transport, which fails to parse it and spits out
a rather oblique "malformed auth challenge header" error.

Make the token transport ignore basic auth types, and make
the error transport handle a 401 response.

* Format authchallenge.go correctly.
---
 registry/authchallenge.go  | 5 +++++
 registry/errortransport.go | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/registry/authchallenge.go b/registry/authchallenge.go
index bd796fc7..3bb051e1 100644
--- a/registry/authchallenge.go
+++ b/registry/authchallenge.go
@@ -10,6 +10,7 @@ import (
 var (
 	authChallengeRegex = regexp.MustCompile(
 		`^\s*Bearer\s+realm="([^"]+)",service="([^"]+)"\s*$`)
+	basicRegex     = regexp.MustCompile(`^\s*Basic\s+.*$`)
 	challengeRegex = regexp.MustCompile(
 		`^\s*Bearer\s+realm="([^"]+)",service="([^"]+)",scope="([^"]+)"\s*$`)
 
@@ -26,6 +27,10 @@ func parseAuthHeader(header http.Header) (*authService, error) {
 }
 
 func parseChallenge(challengeHeader string) (*authService, error) {
+	if basicRegex.MatchString(challengeHeader) {
+		return nil, nil
+	}
+
 	match := challengeRegex.FindAllStringSubmatch(challengeHeader, -1)
 
 	if len(match) != 1 {
diff --git a/registry/errortransport.go b/registry/errortransport.go
index 853b26ce..63282d29 100644
--- a/registry/errortransport.go
+++ b/registry/errortransport.go
@@ -29,7 +29,7 @@ func (t *ErrorTransport) RoundTrip(request *http.Request) (*http.Response, error
 		return resp, err
 	}
 
-	if resp.StatusCode >= 500 {
+	if resp.StatusCode >= 500 || resp.StatusCode == http.StatusUnauthorized {
 		defer resp.Body.Close()
 		body, err := ioutil.ReadAll(resp.Body)
 		if err != nil {