If url includes scheme, urlPath will drop hostname, which would not match the auth check
Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>
(cherry picked from commit 754fb8d9d03895ae3ab60d2ad778152b0d835206)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
diff --git a/pkg/authorization/authz.go b/pkg/authorization/authz.go
index f63b885..f504b13 100644
--- a/pkg/authorization/authz.go
+++ b/pkg/authorization/authz.go
@@ -56,11 +56,11 @@
func isChunked(r *http.Request) bool {
//RFC 7230 specifies that content length is to be ignored if Transfer-Encoding is chunked
- if strings.ToLower(r.Header.Get("Transfer-Encoding")) == "chunked" {
+ if strings.EqualFold(r.Header.Get("Transfer-Encoding"), "chunked") {
return true
}
for _, v := range r.TransferEncoding {
- if 0 == strings.Compare(strings.ToLower(v), "chunked") {
+ if strings.EqualFold(v, "chunked") {
return true
}
}
@@ -162,7 +162,7 @@
func isAuthEndpoint(urlPath string) (bool, error) {
// eg www.test.com/v1.24/auth/optional?optional1=something&optional2=something (version optional)
- matched, err := regexp.MatchString(`^[^\/]+\/(v\d[\d\.]*\/)?auth.*`, urlPath)
+ matched, err := regexp.MatchString(`^[^\/]*\/(v\d[\d\.]*\/)?auth.*`, urlPath)
if err != nil {
return false, err
}
diff --git a/pkg/authorization/authz_unix_test.go b/pkg/authorization/authz_unix_test.go
index 0fc51d3..8f45d3a 100644
--- a/pkg/authorization/authz_unix_test.go
+++ b/pkg/authorization/authz_unix_test.go
@@ -259,6 +259,41 @@
contentType: "application/json;charset=UTF8",
expected: false,
},
+ {
+ url: "www.nothing.com/v1.24/auth/test",
+ contentType: "application/json;charset=UTF8",
+ expected: false,
+ },
+ {
+ url: "https://www.nothing.com/v1.24/auth/test",
+ contentType: "application/json;charset=UTF8",
+ expected: false,
+ },
+ {
+ url: "http://nothing.com/v1.24/auth/test",
+ contentType: "application/json;charset=UTF8",
+ expected: false,
+ },
+ {
+ url: "www.nothing.com/test?p1=/auth",
+ contentType: "application/json;charset=UTF8",
+ expected: true,
+ },
+ {
+ url: "http://www.nothing.com/test?p1=/auth",
+ contentType: "application/json;charset=UTF8",
+ expected: true,
+ },
+ {
+ url: "www.nothing.com/something/auth",
+ contentType: "application/json;charset=UTF8",
+ expected: true,
+ },
+ {
+ url: "https://www.nothing.com/something/auth",
+ contentType: "application/json;charset=UTF8",
+ expected: true,
+ },
}
)