From 23f8ca88e1a39f34d7fe84d122eb7897b30f659b Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Wed, 23 Aug 2017 19:24:24 -0400 Subject: [PATCH] If the request already has the scope, don't force token fetch AuthorizeRequest() injects the 'pull' scope if `from` is set unconditionally. If the current token already has that scope, it will be inserted into the scope list twice and `addedScopes` will be set to true, resulting in a new token being fetched that has no net new scopes. Instead, check whether `additionalScopes` are actually new. Signed-off-by: Clayton Coleman --- registry/client/auth/session.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/registry/client/auth/session.go b/registry/client/auth/session.go index bc7b66db..db86c9b0 100644 --- a/registry/client/auth/session.go +++ b/registry/client/auth/session.go @@ -279,6 +279,9 @@ func (th *tokenHandler) getToken(params map[string]string, additionalScopes ...s } var addedScopes bool for _, scope := range additionalScopes { + if hasScope(scopes, scope) { + continue + } scopes = append(scopes, scope) addedScopes = true } @@ -302,6 +305,15 @@ func (th *tokenHandler) getToken(params map[string]string, additionalScopes ...s return th.tokenCache, nil } +func hasScope(scopes []string, scope string) bool { + for _, s := range scopes { + if s == scope { + return true + } + } + return false +} + type postTokenResponse struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"`