github/distribution
1
0
Fork 0
mirror of https://github.com/distribution/distribution.git synced 2025-04-27 19:15:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix broken signing algorithm configuration for token authentication (#4578)

Browse Source
This commit is contained in:
Milos Gajdos 2025-02-24 07:41:25 -08:00 committed by GitHub
commit 9e96aec357
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
registry/auth/token/accesscontroller.go
View File

@ -197,7 +197,7 @@ func checkOptions(options map[string]interface{}) (tokenAccessOptions, error) {
vals = append(vals, "")
continue
}
return opts, fmt.Errorf("token auth requires a valid option string: %q", key)
return tokenAccessOptions{}, fmt.Errorf("token auth requires a valid option string: %q", key)
}
vals = append(vals, val)
}
@ -208,7 +208,7 @@ func checkOptions(options map[string]interface{}) (tokenAccessOptions, error) {
if ok {
autoRedirect, ok := autoRedirectVal.(bool)
if !ok {
return opts, errors.New("token auth requires a valid option bool: autoredirect")
return tokenAccessOptions{}, errors.New("token auth requires a valid option bool: autoredirect")
}
opts.autoRedirect = autoRedirect
}
@ -217,7 +217,7 @@ func checkOptions(options map[string]interface{}) (tokenAccessOptions, error) {
if ok {
autoRedirectPath, ok := autoRedirectPathVal.(string)
if !ok {
return opts, errors.New("token auth requires a valid option string: autoredirectpath")
return tokenAccessOptions{}, errors.New("token auth requires a valid option string: autoredirectpath")
}
opts.autoRedirectPath = autoRedirectPath
}
@ -228,11 +228,19 @@ func checkOptions(options map[string]interface{}) (tokenAccessOptions, error) {
signingAlgos, ok := options["signingalgorithms"]
if ok {
signingAlgorithmsVals, ok := signingAlgos.([]string)
signingAlgorithmsVals, ok := signingAlgos.([]interface{})
if !ok {
return opts, errors.New("signingalgorithms must be a list of signing algorithms")
return tokenAccessOptions{}, errors.New("signingalgorithms must be a list of signing algorithms")
}
for _, signingAlgorithmVal := range signingAlgorithmsVals {
signingAlgorithm, ok := signingAlgorithmVal.(string)
if !ok {
return tokenAccessOptions{}, errors.New("signingalgorithms must be a list of signing algorithms")
}
opts.signingAlgorithms = append(opts.signingAlgorithms, signingAlgorithm)
}
opts.signingAlgorithms = signingAlgorithmsVals
}
return opts, nil
@ -298,11 +306,11 @@ func getJwks(path string) (*jose.JSONWebKeySet, error) {
func getSigningAlgorithms(algos []string) ([]jose.SignatureAlgorithm, error) {
signAlgVals := make([]jose.SignatureAlgorithm, 0, len(algos))
for _, alg := range algos {
alg, ok := signingAlgorithms[alg]
signAlg, ok := signingAlgorithms[alg]
if !ok {
return nil, fmt.Errorf("unsupported signing algorithm: %s", alg)
}
signAlgVals = append(signAlgVals, alg)
signAlgVals = append(signAlgVals, signAlg)
}
return signAlgVals, nil
}