Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login on failure with Nexus with basic auth #85

Open
a186710 opened this issue Mar 24, 2023 · 2 comments
Open

Login on failure with Nexus with basic auth #85

a186710 opened this issue Mar 24, 2023 · 2 comments

Comments

@a186710
Copy link

a186710 commented Mar 24, 2023

Hello,

I have a Nexus repository with basic auth enabled (not anonymous pull). I see two issues when pulling:

  1. Login fails even with docker/config.json having credentials properly set
  2. oras-py expects realm of WWW-authenticate to be an URL which is not what Nexus does

Note that pulling the same artifact with Go oras works fine.

I have a doubt on how basic auth is handled in provider.py when using config.json:

  1. In _load_auth if a matching token is found, it sets _basic_auth but does not change the headers like set_basic_auth does. Shouldn't it be:
            # Case 2: no auth there (wonky file)
            elif not auth:
                return False
            self._basic_auth = auth
            self.set_header("Authorization", "Basic %s" % self._basic_auth)# <<< add
            return True
  1. get_manifest does not load self.header when doing the query while a lot of other methods do. Shouldn't it be something like:
        headers = {"Accept": ";".join(allowed_media_type)}
        headers.update(self.headers) # <<< add
        url = f"{self.prefix}://{container.get_manifest_url()}"  # type: ignore
        response = self.do_request(url, "GET", headers=headers)

If I make these two changes, it works but I'm not sure whether this is entirely correct. If it is, I can submit an MR.

*** .venv/lib/python3.10/site-packages/oras/provider.py     2023-03-24 18:54:38.717625157 +0100
--- provider.py 2023-03-24 19:00:13.727639413 +0100
***************
*** 110,115 ****
--- 110,116 ----
              elif not auth:
                  return False
              self._basic_auth = auth
+             self.set_header("Authorization", "Basic %s" % self._basic_auth)
              return True
          return False
  
***************
*** 694,699 ****
--- 695,701 ----
          if not allowed_media_type:
              allowed_media_type = [oras.defaults.default_manifest_media_type]
          headers = {"Accept": ";".join(allowed_media_type)}
+         headers.update(self.headers)
          url = f"{self.prefix}://{container.get_manifest_url()}"  # type: ignore
          response = self.do_request(url, "GET", headers=headers)
          self._check_200_response(response)
@vsoch
Copy link
Contributor

vsoch commented Mar 24, 2023

If you'd like to debug against nexus and submit a pull request with changes, this would be appreciated! I don't have access so I wouldn't be able to make changes and then test them. Thanks!

@a186710
Copy link
Author

a186710 commented Mar 27, 2023

Done

a186710 added a commit to a186710/oras-py that referenced this issue Mar 27, 2023
@a186710
Update CHANGELOG/Version bump, issue fix for oras-project#85
aa8b2c6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vsoch @a186710