Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings

Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-04-22 14:35:59 +00:00 · 2015-04-22 14:35:59 +00:00 · 0ecaa7f40a
parent 8a204f59e7
commit 0ecaa7f40a
4 changed files with 13 additions and 2 deletions
--- a/cmd/registry/config.yml
+++ b/cmd/registry/config.yml
@ -26,6 +26,10 @@ storage:
    maintenance:
        uploadpurging:
            enabled: false
+auth:
+    basic:
+       realm: test-realm
+       path: /tmp/registry-dev/.htpasswd
 http:
    addr: :5000
    secret: asecretforlocaldevelopment
--- a/cmd/registry/main.go
+++ b/cmd/registry/main.go
@ -18,6 +18,7 @@ import (
 	"github.com/docker/distribution/configuration"
 	"github.com/docker/distribution/context"
 	_ "github.com/docker/distribution/health"
+	_ "github.com/docker/distribution/registry/auth/basic"
 	_ "github.com/docker/distribution/registry/auth/silly"
 	_ "github.com/docker/distribution/registry/auth/token"
 	"github.com/docker/distribution/registry/handlers"
--- a/registry/auth/basic/access.go
+++ b/registry/auth/basic/access.go
@ -6,7 +6,6 @@
 // system crypt() may be as well.
 //
 // This authentication method MUST be used under TLS, as simple token-replay attack is possible.
-
 package basic

 import (
@ -33,7 +32,9 @@ type challenge struct {

 var _ auth.AccessController = &accessController{}
 var (
+	// ErrPasswordRequired - returned when no auth token is given.
 	ErrPasswordRequired  = errors.New("authorization credential required")
+   	// ErrInvalidCredential - returned when the auth token does not authenticate correctly.
 	ErrInvalidCredential = errors.New("invalid authorization credential")
 )

@ -98,7 +99,7 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
 }

 func (ch *challenge) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	header := fmt.Sprintf("Realm realm=%q", ch.realm)
+	header := fmt.Sprintf("Basic realm=%q", ch.realm)
 	w.Header().Set("WWW-Authenticate", header)
 	w.WriteHeader(http.StatusUnauthorized)
 }
--- a/registry/auth/basic/htpasswd.go
+++ b/registry/auth/basic/htpasswd.go
@ -8,17 +8,22 @@ import (
 	"os"
 )

+// ErrSHARequired - returned in error field of challenge when the htpasswd was not made using SHA1 algorithm.
+// 	            (SHA1 is considered obsolete but the alternative for htpasswd is MD5, or system crypt...)
 var ErrSHARequired = errors.New("htpasswd file must use SHA (htpasswd -s)")

+// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it.
 type HTPasswd struct {
 	path   string
 	reader *csv.Reader
 }

+// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file.
 func NewHTPasswd(htpath string) *HTPasswd {
 	return &HTPasswd{path: htpath}
 }

+// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file.
 func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) {

 	// Hash the credential.