replacing the query parameter by the basic authentication user name

rubens21 · Feb 5, 2022 · 936a07c · 936a07c
1 parent c6a2f06
commit 936a07c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/auth.go b/auth.go
@@ -30,8 +30,9 @@ type Authenticator interface {
 // this function should return the list of authorized actions and a nil error. an empty list must be returned
 // if requesting user is unauthorized
 type Authorizer interface {
-	Authorize(req *AuthorizationRequest, username string) ([]string, error)
+	Authorize(req *AuthorizationRequest) ([]string, error)
 }
+
 // TokenGenerator: an implementation should create a valid JWT according to the spec here
 // https://github.com/docker/distribution/blob/1b9ab303a477ded9bdd3fc97e9119fa8f9e58fca/docs/spec/auth/jwt.md
 // a default implementation that follows the spec is used when it is not provided
@@ -49,7 +50,7 @@ func (d *DefaultAuthenticator) Authenticate(username, password string) error {
 // DefaultAuthorizer makes authorization successful by default
 type DefaultAuthorizer struct{}
 
-func (d *DefaultAuthorizer) Authorize(req *AuthorizationRequest, username string) ([]string, error) {
+func (d *DefaultAuthorizer) Authorize(req *AuthorizationRequest) ([]string, error) {
 	return []string{"pull", "push"}, nil
 }
 

diff --git a/server.go b/server.go
@@ -15,7 +15,7 @@ type AuthServer struct {
 	authorizer     Authorizer
 	authenticator  Authenticator
 	tokenGenerator TokenGenerator
-	crt, key string
+	crt, key       string
 }
 
 // NewAuthServer creates a new AuthServer
@@ -53,8 +53,8 @@ func (srv *AuthServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "unauthorized: invalid auth credentials", http.StatusUnauthorized)
 		return
 	}
-	req := srv.parseRequest(r)
-	actions, err := srv.authorizer.Authorize(req, username)
+	req := srv.parseRequest(r, username)
+	actions, err := srv.authorizer.Authorize(req)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusUnauthorized)
 		return
@@ -69,11 +69,11 @@ func (srv *AuthServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	srv.ok(w, tk)
 }
 
-func (srv *AuthServer) parseRequest(r *http.Request) *AuthorizationRequest {
+func (srv *AuthServer) parseRequest(r *http.Request, username string) *AuthorizationRequest {
 	q := r.URL.Query()
 	req := &AuthorizationRequest{
 		Service: q.Get("service"),
-		Account: q.Get("account"),
+		Account: username,
 	}
 	parts := strings.Split(r.URL.Query().Get("scope"), ":")
 	if len(parts) > 0 {
@@ -85,9 +85,6 @@ func (srv *AuthServer) parseRequest(r *http.Request) *AuthorizationRequest {
 	if len(parts) > 2 {
 		req.Actions = strings.Split(parts[2], ",")
 	}
-	if req.Account == "" {
-		req.Account = req.Name
-	}
 	return req
 }