Handle empty scopes and always send the WWW-Authenticate header, as per spec

Fixes #1045
2015-12-09 15:07:37 -05:00 · 2015-12-09 15:07:37 -05:00 · ca7d36bf14
commit ca7d36bf14
parent c8f43ed08e
10 changed files with 47 additions and 41 deletions
--- a/endpoints/v2/blob.py
+++ b/endpoints/v2/blob.py
@ -4,12 +4,12 @@ import re
 from flask import make_response, url_for, request, redirect, Response, abort as flask_abort

 from app import storage, app
+from auth.registry_jwt_auth import process_registry_jwt_auth
 from data import model, database
 from digest import digest_tools
 from endpoints.v2 import v2_bp, require_repo_read, require_repo_write, get_input_stream
 from endpoints.v2.errors import (BlobUnknown, BlobUploadInvalid, BlobUploadUnknown, Unsupported,
                                 NameUnknown)
-from auth.jwt_auth import process_jwt_auth
 from endpoints.decorators import anon_protect
 from util.cache import cache_control
 from util.registry.filelike import wrap_with_handler, StreamSlice
@ -53,7 +53,7 @@ def _base_blob_fetch(namespace, repo_name, digest):


@v2_bp.route(BLOB_DIGEST_ROUTE, methods=['HEAD'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_read
@anon_protect
@cache_control(max_age=31436000)
@ -68,7 +68,7 @@ def check_blob_exists(namespace, repo_name, digest):


@v2_bp.route(BLOB_DIGEST_ROUTE, methods=['GET'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_read
@anon_protect
@cache_control(max_age=31536000)
@ -101,7 +101,7 @@ def _render_range(num_uploaded_bytes, with_bytes_prefix=True):


@v2_bp.route('/<namespace>/<repo_name>/blobs/uploads/', methods=['POST'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_write
@anon_protect
 def start_blob_upload(namespace, repo_name):
@ -134,7 +134,7 @@ def start_blob_upload(namespace, repo_name):


@v2_bp.route('/<namespace>/<repo_name>/blobs/uploads/<upload_uuid>', methods=['GET'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_write
@anon_protect
 def fetch_existing_upload(namespace, repo_name, upload_uuid):
@ -290,7 +290,7 @@ def _finish_upload(namespace, repo_name, upload_obj, expected_digest):


@v2_bp.route('/<namespace>/<repo_name>/blobs/uploads/<upload_uuid>', methods=['PATCH'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_write
@anon_protect
 def upload_chunk(namespace, repo_name, upload_uuid):
@ -308,7 +308,7 @@ def upload_chunk(namespace, repo_name, upload_uuid):


@v2_bp.route('/<namespace>/<repo_name>/blobs/uploads/<upload_uuid>', methods=['PUT'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_write
@anon_protect
 def monolithic_upload_or_last_chunk(namespace, repo_name, upload_uuid):
@ -326,7 +326,7 @@ def monolithic_upload_or_last_chunk(namespace, repo_name, upload_uuid):


@v2_bp.route('/<namespace>/<repo_name>/blobs/uploads/<upload_uuid>', methods=['DELETE'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_write
@anon_protect
 def cancel_upload(namespace, repo_name, upload_uuid):
@ -345,7 +345,7 @@ def cancel_upload(namespace, repo_name, upload_uuid):


@v2_bp.route('/<namespace>/<repo_name>/blobs/<digest>', methods=['DELETE'])
-@process_jwt_auth
+@process_registry_jwt_auth
@require_repo_write
@anon_protect
 def delete_digest(namespace, repo_name, upload_uuid):