Fix token pushes for v2 auth, tokens have no user

2015-11-18 19:04:40 -05:00 · 2015-11-18 19:04:40 -05:00 · c27f91f7cf
commit c27f91f7cf
parent 4c0e215c2f
1 changed files with 11 additions and 5 deletions
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@ -9,7 +9,7 @@ from cachetools import lru_cache
 from app import app
 from data import model
 from auth.auth import process_auth
-from auth.auth_context import get_authenticated_user
+from auth.auth_context import get_authenticated_user, get_validated_token
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
                              CreateRepositoryPermission)
 from endpoints.v2 import v2_bp
@ -54,6 +54,10 @@ def generate_registry_jwt():
  logger.debug('Scope request: %s', scope_param)

  user = get_authenticated_user()
+  logger.debug('Authenticated user: %s', user)
+
+  token = get_validated_token()
+  logger.debug('Authenticated token: %s', token)
  access = []
  if scope_param is not None:
    match = SCOPE_REGEX.match(scope_param)
@ -74,17 +78,19 @@ def generate_registry_jwt():
    if not REPOSITORY_NAME_REGEX.match(reponame):
      abort(400)

-    if 'pull' in actions and 'push' in actions:
-      if user is None:
-        abort(401)
+    if ('pull' in actions or 'push' in actions) and user is None and token is None:
+      # We are trying to perform a registry action without auth
+      abort(401)

+    if 'pull' in actions and 'push' in actions:
      repo = model.repository.get_repository(namespace, reponame)
      if repo:
        if not ModifyRepositoryPermission(namespace, reponame).can():
          abort(403)
      else:
-        if not CreateRepositoryPermission(namespace).can():
+        if not CreateRepositoryPermission(namespace).can() or user is None:
          abort(403)
+
        logger.debug('Creating repository: %s/%s', namespace, reponame)
        model.repository.create_repository(namespace, reponame, user)
    elif 'pull' in actions: