potyarkin/distribution
1
0
Fork 0
forked from TrueCloudLab/distribution
Code Pull requests Activity

Ensure that unset Context.Name only allowed on base route

Browse source 
If Context.Name is not set, the acceess controller may allow an unintended
request through. By only allowing a request to proceed without a name on the
base route, we provide some protection if future bugs forget to set the context
properly.
This commit is contained in:
Stephen J Day 2014-12-18 17:20:35 -08:00
parent e50fcc0ab9
commit b1f36c3fe5
3 changed files with 55 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app_test.go
View file

@ -177,6 +177,11 @@ func TestNewApp(t *testing.T) {
t.Fatalf("unexpected content-type: %v != %v", req.Header.Get("Content-Type"), "application/json")
}
expectedAuthHeader := "Bearer realm=\"realm-test\",service=\"service-test\""
if req.Header.Get("Authorization") != expectedAuthHeader {
t.Fatalf("unexpected authorization header: %q != %q", req.Header.Get("Authorization"), expectedAuthHeader)
}
var errs v2.Errors
dec := json.NewDecoder(req.Body)
if err := dec.Decode(&errs); err != nil {