diff options
| author | Stan Hu <stanhu@gmail.com> | 2016-05-31 03:18:33 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2016-05-31 03:18:33 +0000 |
| commit | 9951243bf4450b0282936dd1093cd87bc678f619 (patch) | |
| tree | dafa9954c6a29e9d476c7ee639dfdf5bd3cda481 /app/services | |
| parent | b5decabb00d027e94478c3a0169ef92e14fc6ab9 (diff) | |
| parent | 7ec1fa212d23911792674e947863f3e71f91834f (diff) | |
| download | gitlab-ce-9951243bf4450b0282936dd1093cd87bc678f619.tar.gz | |
Merge branch 'make-container-registry-authentication-service-compatible-with-older-docker' into 'master'
Make authentication service for Container Registry to be compatible with < Docker 1.11
This removes the usage of `offline_token` which is only present when using `Docker 1.11.x` instead we relay on `scope`. This should make it compatible with any client starting from 1.6 (I did test only 1.8 and up).
Right now we return 403 if unauthorized user doesn't have access to anything. In all other cases we return token, but with empty `access`, which simply disallow requested action.
See merge request !4363
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 2bbab643e69..5090bd8f6e6 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -5,9 +5,7 @@ module Auth def execute return error('not found', 404) unless registry.enabled - if params[:offline_token] - return error('unauthorized', 401) unless current_user || project - else + unless current_user || project return error('forbidden', 403) unless scope end |