mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
fix: add challenge for HTTP Basic Authentication to container registry (#11678)
After the [first attempt](https://codeberg.org/forgejo/forgejo/pulls/11393) to introduce a separate challenge for HTTP Basic Authentication failed and had to be [backed out](https://codeberg.org/forgejo/forgejo/pulls/11616) because two challenges in a single header field were not widely supported, we're trying it again. This time a second header `WWW-Authenticate` header is emitted. Example: ``` $ curl -v -u andreas --basic http://192.168.178.62:3000/v2 Enter host password for user 'andreas': * Trying 192.168.178.62:3000... * Connected to 192.168.178.62 (192.168.178.62) port 3000 * using HTTP/1.x * Server auth using Basic with user 'andreas' > GET /v2 HTTP/1.1 > Host: 192.168.178.62:3000 > Authorization: Basic ***** > User-Agent: curl/8.15.0 > Accept: */* > * Request completely sent off < HTTP/1.1 401 Unauthorized < Content-Length: 50 < Content-Type: application/json < Docker-Distribution-Api-Version: registry/2.0 < Www-Authenticate: Bearer realm="http://192.168.178.62:3000/v2/token",service="container_registry",scope="*" * Basic authentication problem, ignoring. < Www-Authenticate: Basic realm="Forgejo Container Registry" < Date: Sat, 14 Mar 2026 15:09:50 GMT < {"errors":[{"code":"UNAUTHORIZED","message":""}]} ``` Tested with Docker 29.1.3, Podman 5.8.0, and Apple container 0.9.0. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [ ] `make pr-go` before pushing ### Tests for JavaScript changes (can be removed for Go changes) - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11678 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
This commit is contained in:
Andreas Ahlenstorf
Mathieu Fenniak
parent
a480324595
commit
8fed6bcc9b
3 changed files with 10 additions and 3 deletions
|
|
@ -63,7 +63,10 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
|
|||
Token string `json:"token"`
|
||||
}
|
||||
|
||||
authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
|
||||
authenticate := []string{
|
||||
`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
|
||||
`Basic realm="Forgejo Container Registry"`,
|
||||
}
|
||||
|
||||
t.Run("User", func(t *testing.T) {
|
||||
req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
|
||||
|
|
|
|||
|
|
@ -91,7 +91,10 @@ func TestPackageContainer(t *testing.T) {
|
|||
Token string `json:"token"`
|
||||
}
|
||||
|
||||
authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
|
||||
authenticate := []string{
|
||||
`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
|
||||
`Basic realm="Forgejo Container Registry"`,
|
||||
}
|
||||
|
||||
t.Run("Anonymous", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue