Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibly incorrect auth error message for 401 Unauthorized if sendCredentialsOverHttp is true #704

Closed
chanseokoh opened this issue Jul 24, 2018 · 0 comments
Closed

Possibly incorrect auth error message for 401 Unauthorized if sendCredentialsOverHttp is true #704

chanseokoh opened this issue Jul 24, 2018 · 0 comments
Assignees
@chanseokoh
Labels
area/jib-core

Comments

@chanseokoh
Copy link
Member

chanseokoh commented Jul 24, 2018
edited
Loading

RegistryEndpointCaller.call():

    boolean isHttpProtocol = "http".equals(url.getProtocol());
    ...

      if (!isHttpProtocol || Boolean.getBoolean("sendCredentialsOverHttp")) {
        requestBuilder.setAuthorization(authorization);
      }
      ...
        } else if (httpResponseException.getStatusCode()
            == HttpStatusCodes.STATUS_CODE_UNAUTHORIZED) {
          if (isHttpProtocol) {
            // Using HTTP, so credentials weren't sent.
            throw new RegistryCredentialsNotSentException(...);

          } else {
            // Using HTTPS, so credentials are missing.
            throw new RegistryUnauthorizedException(...);
          }

So the following check is problematic, because if sendCredentialsOverHttp is set, the credentials were sent.

          if (isHttpProtocol) {
            // Using HTTP, so credentials weren't sent.

The correct way is

    boolean isHttpProtocol = "http".equals(url.getProtocol());
    ...

      boolean sendCredentials = !isHttpProtocol || Boolean.getBoolean("sendCredentialsOverHttp";
      if (sendCredentials) {
        requestBuilder.setAuthorization(authorization);
      }
      ...
        } else if (httpResponseException.getStatusCode()
            == HttpStatusCodes.STATUS_CODE_UNAUTHORIZED) {
          if (!sendCredentials) {
            // Did not send credentials.
            throw new RegistryCredentialsNotSentException(...);

          } else {
            // Credentials are either missing or wrong.
            throw new RegistryUnauthorizedException(...);
          }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chanseokoh chanseokoh

Labels
area/jib-core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chanseokoh