Skip to content

Commit

Permalink
Fixes #36827 - Container registries on Katello now return the correct…
Browse files Browse the repository at this point in the history
… header information: changed expires_at to expires_in. This is calculated from existing tokens. Fixed proxies controller tests to respect these changes.

Updated minimum token time to 60 seconds to match docker spec.

Expanded to make verification easier.

Rubocop fixes
  • Loading branch information
qcjames53 committed Oct 13, 2023
1 parent a578284 commit 34df39f
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ def authorize_repository_read

def token
if !require_user_authorization?
personal_token = OpenStruct.new(token: 'unauthenticated', issued_at: Time.now, expires_at: Time.now + 3)
personal_token = OpenStruct.new(token: 'unauthenticated', issued_at: Time.now, expires_at: 60.seconds.from_now)
else
personal_token = PersonalAccessToken.where(user_id: User.current.id, name: 'registry').first
if personal_token.nil?
Expand All @@ -147,8 +147,15 @@ def token
end
end

expiration_seconds = (personal_token.expires_at.to_time - Time.now).seconds.to_int
issue_time = Time.now.rfc3339

response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
render json: { token: personal_token.token, expires_at: personal_token.expires_at, issued_at: personal_token.created_at }
render json: {
token: personal_token.token,
expires_in: expiration_seconds,
issued_at: issue_time
}
end

def pull_manifest
Expand Down
32 changes: 22 additions & 10 deletions test/controllers/api/registry/registry_proxies_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -136,13 +136,16 @@ def setup_permissions
PersonalAccessToken.expects(:where)
.with(user_id: User.current.id, name: 'registry')
.returns([])
expiration = Time.now
issue_time = Time.now
expiry_time = 30.minutes.from_now
tolerance = 3.seconds

token = mock('token')
token.stubs(:token).returns("12345")
token.stubs(:generate_token).returns("12345")
token.stubs(:user_id).returns(User.current.id)
token.stubs(:expires_at).returns("#{expiration}")
token.stubs(:created_at).returns("#{expiration}")
token.stubs(:expires_at).returns("#{expiry_time.rfc3339}")
token.stubs(:created_at).returns("#{issue_time.rfc3339}")
token.stubs('save!').returns(true)
PersonalAccessToken.expects(:new).returns(token)

Expand All @@ -151,18 +154,24 @@ def setup_permissions
assert_equal 'registry/2.0', response.headers['Docker-Distribution-API-Version']
body = JSON.parse(response.body)
assert_equal "12345", body['token']
assert_equal "#{expiration}", body['expires_at']
assert_equal "#{expiration}", body['issued_at']

response_issue_time = body['issued_at'].to_time
response_expiry_time = response_issue_time + body['expires_in'].seconds
assert (response_expiry_time - tolerance) < expiry_time
assert (response_expiry_time + tolerance) > expiry_time
end

it "token - has 'registry' token" do
expiration = Time.now
issue_time = Time.now
expiry_time = 30.minutes.from_now
tolerance = 3.seconds

token = mock('token')
token.stubs(:token).returns("12345")
token.stubs(:generate_token).returns("12345")
token.stubs(:user_id).returns(User.current.id)
token.stubs(:expires_at).returns("#{expiration}")
token.stubs(:created_at).returns("#{expiration}")
token.stubs(:expires_at).returns("#{expiry_time.rfc3339}")
token.stubs(:created_at).returns("#{issue_time.rfc3339}")
token.stubs('save!').returns(true)
token.expects('expires_at=').returns(true)
PersonalAccessToken.expects(:where)
Expand All @@ -175,8 +184,11 @@ def setup_permissions
assert_equal 'registry/2.0', response.headers['Docker-Distribution-API-Version']
body = JSON.parse(response.body)
assert_equal "12345", body['token']
assert_equal "#{expiration}", body['expires_at']
assert_equal "#{expiration}", body['issued_at']

response_issue_time = body['issued_at'].to_time
response_expiry_time = response_issue_time + body['expires_in'].seconds
assert (response_expiry_time - tolerance) < expiry_time
assert (response_expiry_time + tolerance) > expiry_time
end

it "token - unscoped is authorized" do
Expand Down

0 comments on commit 34df39f

Please sign in to comment.