Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return all catalog repos when token-auth disabled #1668

Merged
merged 1 commit into from
Jun 20, 2024

Conversation

git-hyagi
Copy link
Contributor

With token-auth disabled, allow non-authed users to see all repos (public and private) in catalog.

closes: #1651

@@ -0,0 +1,2 @@
Modified the `_catalog` endpoint to allow non-authed users to see all repos in catalog
(private and public) even when token-auth is disabled.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/even//

@@ -519,6 +519,9 @@ def get_queryset(self, *args, **kwargs):
distribution_permission = "container.pull_containerdistribution"
namespace_permission = "container.namespace_pull_containerdistribution"

if settings.get("TOKEN_AUTH_DISABLED", True):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is dangerous because if the setting is not defined then it will se set to True

Do instead if settings.get("TOKEN_AUTH_DISABLED", False)

With token-auth disabled, allow non-authed users to see all
repos (public and private) in catalog.

closes: pulp#1651
@git-hyagi git-hyagi force-pushed the token-auth-disabled-list branch from 8fcd685 to 5f4b85a Compare June 19, 2024 17:23
@lubosmj lubosmj merged commit a6c4fad into pulp:main Jun 20, 2024
16 checks passed
@git-hyagi git-hyagi deleted the token-auth-disabled-list branch June 20, 2024 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Discrepancy beetween what a user can pull and see in catalog with token_auth off
3 participants