Project

Profile

Help

Maintenance. Planio will be undergoing a scheduled maintenance this weekend. Between Saturday, July 24 at 9:00 UTC and Sunday, July 25, 22:00 UTC your account might observe occasional downtimes which may last up to several minutes in some cases.

Story #9115

As a user during login into container registy I can authenticate against password or a token key

Added by ipanova@redhat.com 3 days ago. Updated 2 days ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Allow the user to login to the registry with API tokens or a password.

podman login -u ${username} -p ${apitoken}
podman login -u ${username} -p ${password}

Approach 1

Define a custom authentication by subclassing the DRF's BaseAuthentication class. The code flow will use most of the logic defined in the BasicAuthentication class. It will first try authenticate the current user against provided credentials as username and password and in case of failure it will then look to authenticate the user against provided token. If the provided token is associated to the current user the authentication should succeed.

class LoginView(APIView):

    authentication_classes = (CustomBasicAuthentication, JWTTokenAuthentication) 
   ....

Approach 2

Define a custom authentication class that will authenticate the current user against provided token. If the provided token is associated to the current user the authentication should succeed.

The authentication schemes are defined as a list of classes. REST framework will attempt to authenticate with each class in the list, and will set request.user and request.auth using the return value of the first class that successfully authenticates.

This custom authentication class(es) can be defined globally in DRF settings or can be used per view/viewset basis by explicitly specifying it in the view as follows:

class LoginView(APIView):

    authentication_classes = (BasicAuthentication, TokenAPIAuthentication, JWTTokenAuthentication) 
   ....

In this case it will suffice to define it in the affected views.

History

#1 Updated by ipanova@redhat.com 3 days ago

  • Description updated (diff)

#2 Updated by ipanova@redhat.com 3 days ago

  • Description updated (diff)

#3 Updated by ipanova@redhat.com 2 days ago

As a side note, not only during podman login we should handle drf token as a password but also when docker v2 api endpoints are accessed directly i.e. /v2/<name>/tags/list, /v2/<name>/manifests/<reference> , etc. This change will also have implications during pulp-to-pulp sync.

Please register to edit this issue

Also available in: Atom PDF