From acfa5e65069e7b2d00bd3d6d8d044e8823131ff1 Mon Sep 17 00:00:00 2001 From: git-hyagi <45576767+git-hyagi@users.noreply.github.com> Date: Thu, 7 Nov 2024 08:14:34 -0300 Subject: [PATCH] Fix an issue with auth header validation fixes: #1812 (cherry picked from commit 0921267216b90fbfc20d0454931e07109b8b8956) --- CHANGES/1812.bugfix | 2 ++ pulp_container/app/downloaders.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 CHANGES/1812.bugfix diff --git a/CHANGES/1812.bugfix b/CHANGES/1812.bugfix new file mode 100644 index 000000000..bc1b1f9aa --- /dev/null +++ b/CHANGES/1812.bugfix @@ -0,0 +1,2 @@ +Fixed a bug where the authentication scheme in the authorization header +was not being parsed correctly. diff --git a/pulp_container/app/downloaders.py b/pulp_container/app/downloaders.py index 1a29c0a7c..dfb62c1a1 100644 --- a/pulp_container/app/downloaders.py +++ b/pulp_container/app/downloaders.py @@ -82,7 +82,7 @@ async def _run(self, handle_401=True, extra_data=None): # Need to retry request if handle_401 and e.status == 401 and response_auth_header is not None: # check if bearer or basic - if "Bearer" in response_auth_header: + if "bearer" in response_auth_header.lower(): # Token has not been updated during request if ( self.registry_auth["bearer"] is None @@ -91,7 +91,7 @@ async def _run(self, handle_401=True, extra_data=None): self.registry_auth["bearer"] = None await self.update_token(response_auth_header, this_token, repo_name) return await self._run(handle_401=False, extra_data=extra_data) - elif "Basic" in response_auth_header: + elif "basic" in response_auth_header.lower(): if self.remote.username: basic = aiohttp.BasicAuth(self.remote.username, self.remote.password) self.registry_auth["basic"] = basic.encode()