mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
Merge pull request #82148 from bbourbie/fix_docker_credential
fix: adding padding the encoded docker auth field
This commit is contained in:
commit
5675ef858e
@ -282,7 +282,20 @@ func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) {
|
||||
// decodeDockerConfigFieldAuth deserializes the "auth" field from dockercfg into a
|
||||
// username and a password. The format of the auth field is base64(<username>:<password>).
|
||||
func decodeDockerConfigFieldAuth(field string) (username, password string, err error) {
|
||||
decoded, err := base64.StdEncoding.DecodeString(field)
|
||||
|
||||
var decoded []byte
|
||||
|
||||
// StdEncoding can only decode padded string
|
||||
// RawStdEncoding can only decode unpadded string
|
||||
// a string is correctly padded if and only if its length is a multiple of 4
|
||||
if (len(field) % 4) == 0 {
|
||||
// decode padded data
|
||||
decoded, err = base64.StdEncoding.DecodeString(field)
|
||||
} else {
|
||||
// decode unpadded data
|
||||
decoded, err = base64.RawStdEncoding.DecodeString(field)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
@ -17,6 +17,7 @@ limitations under the License.
|
||||
package credentialprovider
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
@ -208,6 +209,34 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) {
|
||||
password: "bar",
|
||||
},
|
||||
|
||||
// some test as before but with field not well padded
|
||||
{
|
||||
input: "Zm9vOmJhcg",
|
||||
username: "foo",
|
||||
password: "bar",
|
||||
},
|
||||
|
||||
// standard encoding (with padding)
|
||||
{
|
||||
input: base64.StdEncoding.EncodeToString([]byte("foo:bar")),
|
||||
username: "foo",
|
||||
password: "bar",
|
||||
},
|
||||
|
||||
// raw encoding (without padding)
|
||||
{
|
||||
input: base64.RawStdEncoding.EncodeToString([]byte("foo:bar")),
|
||||
username: "foo",
|
||||
password: "bar",
|
||||
},
|
||||
|
||||
// the input is encoded with encodeDockerConfigFieldAuth (standard encoding)
|
||||
{
|
||||
input: encodeDockerConfigFieldAuth("foo", "bar"),
|
||||
username: "foo",
|
||||
password: "bar",
|
||||
},
|
||||
|
||||
// good base64 data, but no colon separating username & password
|
||||
{
|
||||
input: "cGFudHM=",
|
||||
|
Loading…
Reference in New Issue
Block a user