daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

If the request already has the scope, don't force token fetch 

AuthorizeRequest() injects the 'pull' scope if `from` is set
unconditionally. If the current token already has that scope, it will
be inserted into the scope list twice and `addedScopes` will be set to
true, resulting in a new token being fetched that has no net new scopes.

Instead, check whether `additionalScopes` are actually new.

Signed-off-by: Clayton Coleman <ccoleman@redhat.com>
master
Clayton Coleman 2017-08-23 19:24:24 -04:00
parent 5f6282db7d
commit 23f8ca88e1
No known key found for this signature in database
GPG Key ID: 3D16906B4F1C5CB3
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
registry/client/auth/session.go
View File

@ -279,6 +279,9 @@ func (th *tokenHandler) getToken(params map[string]string, additionalScopes ...s
} }
var addedScopes bool var addedScopes bool
for _, scope := range additionalScopes { for _, scope := range additionalScopes {
if hasScope(scopes, scope) {
continue
}
scopes = append(scopes, scope) scopes = append(scopes, scope)
addedScopes = true addedScopes = true
} }
@ -302,6 +305,15 @@ func (th *tokenHandler) getToken(params map[string]string, additionalScopes ...s
return th.tokenCache, nil return th.tokenCache, nil
} }
func hasScope(scopes []string, scope string) bool {
for _, s := range scopes {
if s == scope {
return true
}
}
return false
}
type postTokenResponse struct { type postTokenResponse struct {
AccessToken string `json:"access_token"` AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"` RefreshToken string `json:"refresh_token"`