Skip to content
Snippets Groups Projects
Unverified Commit 4c258e27 authored by Joe's avatar Joe Committed by GitHub
Browse files

fix: Remove authorization header from core.windows.net requests… (#5274)

parent 58fd6569
No related branches found
No related tags found
No related merge requests found
/**
* @copyright 2020-present by Avid Technology, Inc.
*/
import is from '@sindresorhus/is';
import hasha from 'hasha';
import URL from 'url';
......@@ -420,19 +424,8 @@ async function getTags(
}
}
export function getConfigResponse(
url: string,
headers: OutgoingHttpHeaders
): Promise<GotResponse> {
return got(url, {
headers,
hooks: {
beforeRedirect: [
(options: any): void => {
if (
options.search &&
options.search.indexOf('X-Amz-Algorithm') !== -1
) {
export function getConfigResponseBeforeRedirectHook(options: any): void {
if (options.search?.includes('X-Amz-Algorithm')) {
// if there is no port in the redirect URL string, then delete it from the redirect options.
// This can be evaluated for removal after upgrading to Got v10
const portInUrl = options.href.split('/')[2].split(':')[1];
......@@ -445,8 +438,25 @@ export function getConfigResponse(
// eslint-disable-next-line no-param-reassign
delete options.headers.authorization;
}
},
],
if (
options.href?.includes('blob.core.windows.net') &&
options.headers?.authorization
) {
// docker registry is hosted on Azure blob, redirect url includes authentication.
// eslint-disable-next-line no-param-reassign
delete options.headers.authorization;
}
}
export function getConfigResponse(
url: string,
headers: OutgoingHttpHeaders
): Promise<GotResponse> {
return got(url, {
headers,
hooks: {
beforeRedirect: [getConfigResponseBeforeRedirectHook],
},
});
}
......
......@@ -411,4 +411,88 @@ describe('api/docker', () => {
expect(res).toBeNull();
});
});
describe('getConfigResponseBeforeRedirectHook', () => {
it('leaves a non-Amazon or Microsoft request unmodified', () => {
const emptyOpts = {};
docker.getConfigResponseBeforeRedirectHook(emptyOpts);
expect(emptyOpts).toEqual({});
const nonAmzOpts = {
search: 'my-search-string',
};
docker.getConfigResponseBeforeRedirectHook(nonAmzOpts);
expect(nonAmzOpts).toEqual({
search: 'my-search-string',
});
const nonMsOpts = {
href: 'https://myurl.com',
};
docker.getConfigResponseBeforeRedirectHook(nonMsOpts);
expect(nonMsOpts).toEqual({
href: 'https://myurl.com',
});
});
it('removes the authorization header for Azure requests', () => {
const href = 'https://myaccount.blob.core.windows.net/xyz';
const opts = {
href,
};
docker.getConfigResponseBeforeRedirectHook(opts);
expect(opts).toEqual({ href });
const optsWithHeadersNoAuth = {
href,
headers: {},
};
docker.getConfigResponseBeforeRedirectHook(opts);
expect(optsWithHeadersNoAuth).toEqual({
href,
headers: {},
});
const optsWithAuth = {
href,
headers: {
authorization: 'Bearer xyz',
},
};
docker.getConfigResponseBeforeRedirectHook(optsWithAuth);
expect(optsWithAuth.headers).toBeDefined();
expect(optsWithAuth.headers.authorization).not.toBeDefined();
});
it('removes the authorization header for Amazon requests', () => {
const href = 'https://amazon.com';
const search = 'X-Amz-Algorithm';
const authorization = 'Bearer xyz';
const opts = {
href,
search,
headers: {
authorization,
},
};
docker.getConfigResponseBeforeRedirectHook(opts);
expect(opts).toEqual({ search, href, headers: {} });
});
it('removes the port when not specified in URL', () => {
const href = 'https://amazon.com/xyz';
const search = 'X-Amz-Algorithm';
const authorization = 'Bearer xyz';
const port = 8080;
const opts = {
href,
search,
port,
headers: {
authorization,
},
};
docker.getConfigResponseBeforeRedirectHook(opts);
expect(opts).toEqual({ search, href, headers: {} });
});
});
});
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment