JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2630 from tonistiigi/cross-repo-fix 

Fix cross-repo push fallback when access to the source repo is not granted
master
Tõnis Tiigi 2022-02-14 14:23:38 -08:00 committed by GitHub
parent 61027554b7 ed0408ac52
commit 0b9cd24a74
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
session/auth/authprovider/authprovider.go
View File

@ -28,6 +28,8 @@ import (
"google.golang.org/grpc/status"
)
const defaultExpiration = 60
func NewDockerAuthProvider(stderr io.Writer) session.Attachable {
return &authProvider{
config: config.LoadDefaultConfigFile(stderr),
@ -196,6 +198,9 @@ func (ap *authProvider) getAuthorityKey(host string, salt []byte) (ed25519.Priva
}
func toTokenResponse(token string, issuedAt time.Time, expires int) *auth.FetchTokenResponse {
if expires == 0 {
expires = defaultExpiration
}
resp := &auth.FetchTokenResponse{
Token: token,
ExpiresIn: int64(expires),

19
util/resolver/authorizer.go
View File

@ -23,6 +23,8 @@ import (
"github.com/sirupsen/logrus"
)
const defaultExpiration = 60
type authHandlerNS struct {
counter int64 // needs to be 64bit aligned for 32bit systems
@ -351,6 +353,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
if err != nil {
return nil, err
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = time.Unix(resp.IssuedAt, 0), int(resp.ExpiresIn)
token = resp.Token
return nil, nil
@ -378,6 +383,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
if err != nil {
return nil, err
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
token = resp.AccessToken
return nil, nil
@ -389,6 +397,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
}
return nil, err
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
token = resp.Token
return nil, nil
@ -398,6 +409,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
if err != nil {
return nil, errors.Wrap(err, "failed to fetch anonymous token")
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
token = resp.Token
@ -405,11 +419,6 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
}
func invalidAuthorization(c auth.Challenge, responses []*http.Response) error {
lastResponse := responses[len(responses)-1]
if lastResponse.StatusCode == http.StatusUnauthorized {
return errors.Wrapf(docker.ErrInvalidAuthorization, "authorization status: %v", lastResponse.StatusCode)
}
errStr := c.Parameters["error"]
if errStr == "" {
return nil