Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4362

Proxy authentication fails when the upstream registry doesn't return the correct www-authenticate header

XMLWordPrintable

    • False
    • None
    • False
    • Quay Enterprise

      When the upstream registry is Sonatype Nexus, the following authenticate header is returned to Quay:

      www-authenticate: BASIC realm=...

      Because Quay expects the authenticate header to contain the word Basic, this authentication always fails, see here:

      https://github.com/quay/quay/blob/31e5b00b3c8a07582d144452789e2599a3c3cc19/proxy/__init__.py#L180

      This means that proxying upstream Nexus registries becomes impossible and will always fail on our end. We could modify the check by converting the scheme to lower case:

              if str(scheme).lower() == "basic" and auth is not None:
            # attach basic auth header to session
            requests.auth.HTTPBasicAuth(auth[0], auth[1])(self._session)
            return

              rhn-support-ibazulic Ivan Bazulic
              rhn-support-ibazulic Ivan Bazulic
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: