Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings

Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
This commit is contained in:
Dave Trombley 2015-04-22 14:35:59 +00:00 committed by Stephen J Day
parent 8a204f59e7
commit 0ecaa7f40a
4 changed files with 13 additions and 2 deletions

View file

@ -26,6 +26,10 @@ storage:
maintenance: maintenance:
uploadpurging: uploadpurging:
enabled: false enabled: false
auth:
basic:
realm: test-realm
path: /tmp/registry-dev/.htpasswd
http: http:
addr: :5000 addr: :5000
secret: asecretforlocaldevelopment secret: asecretforlocaldevelopment

View file

@ -18,6 +18,7 @@ import (
"github.com/docker/distribution/configuration" "github.com/docker/distribution/configuration"
"github.com/docker/distribution/context" "github.com/docker/distribution/context"
_ "github.com/docker/distribution/health" _ "github.com/docker/distribution/health"
_ "github.com/docker/distribution/registry/auth/basic"
_ "github.com/docker/distribution/registry/auth/silly" _ "github.com/docker/distribution/registry/auth/silly"
_ "github.com/docker/distribution/registry/auth/token" _ "github.com/docker/distribution/registry/auth/token"
"github.com/docker/distribution/registry/handlers" "github.com/docker/distribution/registry/handlers"

View file

@ -6,7 +6,6 @@
// system crypt() may be as well. // system crypt() may be as well.
// //
// This authentication method MUST be used under TLS, as simple token-replay attack is possible. // This authentication method MUST be used under TLS, as simple token-replay attack is possible.
package basic package basic
import ( import (
@ -33,7 +32,9 @@ type challenge struct {
var _ auth.AccessController = &accessController{} var _ auth.AccessController = &accessController{}
var ( var (
// ErrPasswordRequired - returned when no auth token is given.
ErrPasswordRequired = errors.New("authorization credential required") ErrPasswordRequired = errors.New("authorization credential required")
// ErrInvalidCredential - returned when the auth token does not authenticate correctly.
ErrInvalidCredential = errors.New("invalid authorization credential") ErrInvalidCredential = errors.New("invalid authorization credential")
) )
@ -98,7 +99,7 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut
} }
func (ch *challenge) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (ch *challenge) ServeHTTP(w http.ResponseWriter, r *http.Request) {
header := fmt.Sprintf("Realm realm=%q", ch.realm) header := fmt.Sprintf("Basic realm=%q", ch.realm)
w.Header().Set("WWW-Authenticate", header) w.Header().Set("WWW-Authenticate", header)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
} }

View file

@ -8,17 +8,22 @@ import (
"os" "os"
) )
// ErrSHARequired - returned in error field of challenge when the htpasswd was not made using SHA1 algorithm.
// (SHA1 is considered obsolete but the alternative for htpasswd is MD5, or system crypt...)
var ErrSHARequired = errors.New("htpasswd file must use SHA (htpasswd -s)") var ErrSHARequired = errors.New("htpasswd file must use SHA (htpasswd -s)")
// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it.
type HTPasswd struct { type HTPasswd struct {
path string path string
reader *csv.Reader reader *csv.Reader
} }
// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file.
func NewHTPasswd(htpath string) *HTPasswd { func NewHTPasswd(htpath string) *HTPasswd {
return &HTPasswd{path: htpath} return &HTPasswd{path: htpath}
} }
// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file.
func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) { func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) {
// Hash the credential. // Hash the credential.