dxf icon indicating copy to clipboard operation
dxf copied to clipboard

Published 20 hours ago verified publisher icon davedoesdev

Cannot auth on registry that return 200 and empty _catalog for anonymous users

Open Jean-Daniel opened this issue 1 year ago • 2 comments

DXF bypass authorization if the response is OK, but some registry (zot) returns an empty _catalog and a HTTP 200 OK response for anonymous users with all required www-authenticate headers.

While I understand it would be complex to fix that for all client methods (list_repos, …), DXF should at least provides an escape hatch, and let the client force DXF.authenticate() to parse the response header and authenticate even if the result is 200 OK, so it would be possible to call something like dxf.authenticate("user", "password", force=True) to login, and then be able to fully use the registry API.

Jean-Daniel avatar Nov 28 '23 21:11 Jean-Daniel

@Jean-Daniel I've separated the logic into the _response_needs_auth. Could you create a derived class and override this method to suit?

davedoesdev avatar Nov 29 '23 22:11 davedoesdev

@Jean-Daniel have you had a chance to try this?

davedoesdev avatar Jan 01 '24 18:01 davedoesdev