8000 Add support for `Basic Authentication` to `proxyingRegistry` by oliver-goetz · Pull Request #4263 · distribution/distribution · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add support for Basic Authentication to proxyingRegistry #4263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 14, 2024
Merged

Add support for Basic Authentication to proxyingRegistry #4263

merged 1 commit into from
May 14, 2024

Conversation

oliver-goetz
Copy link
Contributor
@oliver-goetz oliver-goetz commented Jan 19, 2024
edited
Loading

This PR adds support for Basic Authentication to registry proxy.
Before it supported Bearer tokens only. However, basic auth was already almost implemented as there was already an appropriate AuthenticationHandler used to obtain Bearer tokens.

Fixes #3153

@github-actions github-actions bot added the area/proxy Related to registry as a pull-through cache label Jan 19, 2024
@oliver-goetz oliver-goetz force-pushed the enh/support-basic-auth branch from 0c60866 to a6f5498 Compare January 19, 2024 18:40
@oliver-goetz
Copy link
Contributor Author

Could someone help me finding out why these CodeQL are triggered? I don't see it.

@oliver-goetz oliver-goetz force-pushed the enh/support-basic-auth branch 2 times, most recently from a680eee to 800a567 Compare February 5, 2024 15:52
@Jamstah
Copy link
Collaborator
Jamstah commented Feb 5, 2024

Looking at the codeql, you haven't introduced any new issues, the issue already exists in the repo. Because you're editing the code where the issue exists, codeql is flagging this pr.

Is there a reason you're renaming the struct? You might get away with it if you don't :)

@oliver-goetz
Copy link
Contributor Author

Looking at the codeql, you haven't introduced any new issues, the issue already exists in the repo. Because you're editing the code where the issue exists, codeql is flagging this pr.

Is there a reason you're renaming the struct? You might get away with it if you don't :)

Good idea, let's see if it helps 😅

@oliver-goetz
Copy link
Contributor Author
oliver-goetz commented Feb 6, 2024
edited
Loading

It is working, crazy 😄
The Github App just shows the wrong status 😞 It is not tested yet.

@oliver-goetz
Add support for Basic Authentication to proxyingRegistry
1e8ea03 
Signed-off-by: oliver-goetz <o.goetz@sap.com>
@oliver-goetz oliver-goetz force-pushed the enh/support-basic-auth branch from f5b476d to 1e8ea03 Compare February 7, 2024 02:08
@ialidzhikov
Copy link
Contributor

The Github App just shows the wrong status 😞 It is not tested yet.

@milosgajdos can you help retesting the above failing check?

Can you also help reviewing this PR? Thanks in advance!

@milosgajdos
Copy link
Member

Yeah, I've no idea if these are legit or false positives. These warnings are about logging sensitive data -- I think we "hydrate" context with all kinds of garbage in this project, so I'd have to spend some time and trace/investigate these, but I'm short of time nowadays, so you'll have to wait unless one of 10+ other maintainers have more time

@Jamstah Jamstah modified the milestone: Registry/3.0.0 Mar 18, 2024
@dimitar-kostadinov dimitar-kostadinov mentioned this pull request Apr 18, 2024
Merged
@Jamstah
Copy link
Collaborator
Jamstah commented May 1, 2024
edited
Loading

My guess here is that the app struct embeds the context instead of using it as a field, so the context/app are mingled. As app contains sensitive data, CodeQL assumes the context does too.

Having a look at breaking it into a field to see if it cleans up the codeql errors.

Edit: Nope, not that.

@milosgajdos milosgajdos added this to the Registry/3.0.0 milestone May 4, 2024
@Jamstah
Copy link
Collaborator
Jamstah commented May 14, 2024

Having had a really good look through and played with a couple of options for removing the errors, such as removing a whole load of stuff from the context, I feel its really a false positive.

I've raised that here: github/codeql#16486

I suggest we go ahead and merge this.

@milosgajdos
Copy link
Member

I suggest we go ahead and merge this.

I'm wondering if we should mark these as false positives as they'll probably keep cropping up on all the subsequent PRs potentially confusing contribuors

@Jamstah
Copy link
Collaborator
Jamstah commented May 14, 2024

Only when this code is touched, and I'd like to see what the codeql team say about them first. They may have insight that I've missed.

milosgajdos
milosgajdos approved these changes May 14, 2024
View reviewed changes
Copy link
Member
@milosgajdos milosgajdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@milosgajdos milosgajdos merged commit 6a9b0cf into distribution:main May 14, 2024
@ialidzhikov ialidzhikov mentioned this pull request Jun 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jamstah Jamstah Jamstah approved these changes

@milosgajdos milosgajdos milosgajdos approved these changes

Assignees
No one assigned
Labels
area/proxy Related to registry as a pull-through cache
Projects
None yet
Milestone
Registry/3.0.0
Development

Successfully merging this pull request may close these issues.

Pull through proxy does not support basic auth
4 participants
@oliver-goetz @Jamstah @ialidzhikov @milosgajdos
0