URL parse auth endpoints to normalize hostname to lowercase.

It is possible for a middlebox to lowercase the URL at somepoint causing a lookup in the auth challenges table to fail. Lowercase hostname before using as keys to challenge map. Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-02-26 14:18:09 -08:00 · 2016-02-26 14:18:09 -08:00 · e09891e2cf
commit e09891e2cf
parent bb4d128523
5 changed files with 61 additions and 17 deletions
--- a/docs/client/auth/authchallenge_test.go
+++ b/docs/client/auth/authchallenge_test.go
@ -1,7 +1,10 @@
 package auth

 import (
+	"fmt"
 	"net/http"
+	"net/url"
+	"strings"
 	"testing"
 )

@ -36,3 +39,43 @@ func TestAuthChallengeParse(t *testing.T) {
 	}

 }
+
+func TestAuthChallengeNormalization(t *testing.T) {
+	testAuthChallengeNormalization(t, "reg.EXAMPLE.com")
+	testAuthChallengeNormalization(t, "bɿɒʜɔiɿ-ɿɘƚƨim-ƚol-ɒ-ƨʞnɒʜƚ.com")
+}
+
+func testAuthChallengeNormalization(t *testing.T, host string) {
+
+	scm := NewSimpleChallengeManager()
+
+	url, err := url.Parse(fmt.Sprintf("http://%s/v2/", host))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resp := &http.Response{
+		Request: &http.Request{
+			URL: url,
+		},
+		Header:     make(http.Header),
+		StatusCode: http.StatusUnauthorized,
+	}
+	resp.Header.Add("WWW-Authenticate", fmt.Sprintf("Bearer realm=\"https://%s/token\",service=\"registry.example.com\"", host))
+
+	err = scm.AddResponse(resp)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	lowered := *url
+	lowered.Host = strings.ToLower(lowered.Host)
+	c, err := scm.GetChallenges(lowered)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(c) == 0 {
+		t.Fatal("Expected challenge for lower-cased-host URL")
+	}
+}