fix: Unable to pull docker image anonymously even if permission allow…

…s (OD-1970)
theonedev · Jun 28, 2024 · 8ef4776 · 8ef4776
1 parent dd1599c
commit 8ef4776
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 10 deletions.
diff --git a/...r/src/main/java/io/onedev/server/plugin/pack/container/ContainerAuthenticationFilter.java b/...r/src/main/java/io/onedev/server/plugin/pack/container/ContainerAuthenticationFilter.java
@@ -69,12 +69,10 @@ protected boolean onPreHandle(ServletRequest request, ServletResponse response,
  request.setAttribute(ATTR_BUILD_ID, jobContext.getBuildId());
  var bearerToken = substringAfter(authValue, ":");
  var accessToken = accessTokenManager.findByValue(bearerToken);
- if (accessToken != null) {
+ // Do not throw IncorrectCredentialException if no access token found 
+ // as the bearer token can be a faked token for anonymous access
+ if (accessToken != null) 
  ThreadContext.bind(accessToken.asSubject());
- } else {
- throw new ClientException(SC_UNAUTHORIZED, ErrorCode.UNAUTHORIZED,
- "Unknown user name or incorrect credentials");
- }
  } else {
  throw new ClientException(SC_UNAUTHORIZED, ErrorCode.UNAUTHORIZED, 
  "Unsupported authorization: " + substringBefore(authHeader, " "));

diff --git a/...pack-container/src/main/java/io/onedev/server/plugin/pack/container/ContainerServlet.java b/...pack-container/src/main/java/io/onedev/server/plugin/pack/container/ContainerServlet.java
@@ -54,8 +54,6 @@ public class ContainerServlet extends HttpServlet {
 
  private final SessionManager sessionManager;
 
- private final AccessTokenManager accessTokenManager;
-
  private final ProjectManager projectManager;
 
  private final PackBlobManager packBlobManager;
@@ -69,11 +67,10 @@ public class ContainerServlet extends HttpServlet {
  @Inject
  public ContainerServlet(SettingManager settingManager, BuildManager buildManager, 
  ObjectMapper objectMapper, SessionManager sessionManager, 
- AccessTokenManager accessTokenManager, ProjectManager projectManager, 
- PackBlobManager packBlobManager, PackManager packManager) {
+ ProjectManager projectManager, PackBlobManager packBlobManager, 
+ PackManager packManager) {
  this.settingManager = settingManager;
  this.sessionManager = sessionManager;
- this.accessTokenManager = accessTokenManager;
  this.projectManager = projectManager;
  this.packBlobManager = packBlobManager;
  this.packManager = packManager;