From 74f24d5b0c8f5b7d9b721f4215a72e62b610130b Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Fri, 28 Feb 2020 17:47:57 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20Revert=20"fix:=20Remove=20authorization?=
=?UTF-8?q?=20header=20from=20core.windows.net=20requests=E2=80=A6=20(#527?=
=?UTF-8?q?4)"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 4c258e27b65d6dd4810a5225fcbf9c8f8f31c1db.
# Conflicts:
# lib/datasource/docker/index.ts
---
lib/datasource/docker/index.spec.ts | 84 -----------------------------
lib/datasource/docker/index.ts | 51 +++++++-----------
2 files changed, 20 insertions(+), 115 deletions(-)
diff --git a/lib/datasource/docker/index.spec.ts b/lib/datasource/docker/index.spec.ts
index 0fa01253fb..18a3ff86e9 100644
--- a/lib/datasource/docker/index.spec.ts
+++ b/lib/datasource/docker/index.spec.ts
@@ -411,88 +411,4 @@ describe('api/docker', () => {
expect(res).toBeNull();
});
});
- describe('getConfigResponseBeforeRedirectHook', () => {
- it('leaves a non-Amazon or Microsoft request unmodified', () => {
- const emptyOpts = {};
- docker.getConfigResponseBeforeRedirectHook(emptyOpts);
- expect(emptyOpts).toEqual({});
-
- const nonAmzOpts = {
- search: 'my-search-string',
- };
- docker.getConfigResponseBeforeRedirectHook(nonAmzOpts);
- expect(nonAmzOpts).toEqual({
- search: 'my-search-string',
- });
-
- const nonMsOpts = {
- href: 'https://myurl.com',
- };
- docker.getConfigResponseBeforeRedirectHook(nonMsOpts);
- expect(nonMsOpts).toEqual({
- href: 'https://myurl.com',
- });
- });
-
- it('removes the authorization header for Azure requests', () => {
- const href = 'https://myaccount.blob.core.windows.net/xyz';
- const opts = {
- href,
- };
- docker.getConfigResponseBeforeRedirectHook(opts);
- expect(opts).toEqual({ href });
-
- const optsWithHeadersNoAuth = {
- href,
- headers: {},
- };
- docker.getConfigResponseBeforeRedirectHook(opts);
- expect(optsWithHeadersNoAuth).toEqual({
- href,
- headers: {},
- });
-
- const optsWithAuth = {
- href,
- headers: {
- authorization: 'Bearer xyz',
- },
- };
- docker.getConfigResponseBeforeRedirectHook(optsWithAuth);
- expect(optsWithAuth.headers).toBeDefined();
- expect(optsWithAuth.headers.authorization).not.toBeDefined();
- });
-
- it('removes the authorization header for Amazon requests', () => {
- const href = 'https://amazon.com';
- const search = 'X-Amz-Algorithm';
- const authorization = 'Bearer xyz';
- const opts = {
- href,
- search,
- headers: {
- authorization,
- },
- };
- docker.getConfigResponseBeforeRedirectHook(opts);
- expect(opts).toEqual({ search, href, headers: {} });
- });
-
- it('removes the port when not specified in URL', () => {
- const href = 'https://amazon.com/xyz';
- const search = 'X-Amz-Algorithm';
- const authorization = 'Bearer xyz';
- const port = 8080;
- const opts = {
- href,
- search,
- port,
- headers: {
- authorization,
- },
- };
- docker.getConfigResponseBeforeRedirectHook(opts);
- expect(opts).toEqual({ search, href, headers: {} });
- });
- });
});
diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts
index 46a7b5c1e4..12d1469621 100644
--- a/lib/datasource/docker/index.ts
+++ b/lib/datasource/docker/index.ts
@@ -1,7 +1,3 @@
-/**
- * @copyright 2020-present by Avid Technology, Inc.
- */
-
import is from '@sindresorhus/is';
import hasha from 'hasha';
import URL from 'url';
@@ -414,32 +410,6 @@ async function getTags(
}
}
-export function getConfigResponseBeforeRedirectHook(options: any): void {
- if (options.search?.includes('X-Amz-Algorithm')) {
- // if there is no port in the redirect URL string, then delete it from the redirect options.
- // This can be evaluated for removal after upgrading to Got v10
- const portInUrl = options.href.split('/')[2].split(':')[1];
- if (!portInUrl) {
- // eslint-disable-next-line no-param-reassign
- delete options.port; // Redirect will instead use 80 or 443 for HTTP or HTTPS respectively
- }
-
- // docker registry is hosted on amazon, redirect url includes authentication.
- // eslint-disable-next-line no-param-reassign
- delete options.headers.authorization;
- }
-
- if (options.href && options.headers?.authorization) {
- const { host } = URL.parse(options.href);
- // prettier-ignore
- if (host && host.endsWith('blob.core.windows.net')) { // lgtm [js/incomplete-url-substring-sanitization]
- // docker registry is hosted on Azure blob, redirect url includes authentication.
- // eslint-disable-next-line no-param-reassign
- delete options.headers.authorization;
- }
- }
-}
-
export function getConfigResponse(
url: string,
headers: OutgoingHttpHeaders
@@ -447,7 +417,26 @@ export function getConfigResponse(
return got(url, {
headers,
hooks: {
- beforeRedirect: [getConfigResponseBeforeRedirectHook],
+ beforeRedirect: [
+ (options: any): void => {
+ if (
+ options.search &&
+ options.search.indexOf('X-Amz-Algorithm') !== -1
+ ) {
+ // if there is no port in the redirect URL string, then delete it from the redirect options.
+ // This can be evaluated for removal after upgrading to Got v10
+ const portInUrl = options.href.split('/')[2].split(':')[1];
+ if (!portInUrl) {
+ // eslint-disable-next-line no-param-reassign
+ delete options.port; // Redirect will instead use 80 or 443 for HTTP or HTTPS respectively
+ }
+
+ // docker registry is hosted on amazon, redirect url includes authentication.
+ // eslint-disable-next-line no-param-reassign
+ delete options.headers.authorization;
+ }
+ },
+ ],
},
});
}
--
GitLab