search

parabuzzle / craneoperator

Gives you a simple web interface for browsing around a Docker Registry
https://hub.docker.com/r/parabuzzle/craneoperator
MIT License
127 stars 32 forks source link

Line break in long base64 Authorization header causing 401 #64

Open Kl0ven opened 3 years ago

Kl0ven commented 3 years ago

Hi,

I have a registry with a long password and i always get UNAUTHORIZED Error. Here are my finding : Using caveman debuging, I modify the file lib/helper.rb

def generateHeaders(config, session, headers={}, login={})
    username = login[:username] || session[:username] || config.registry_username
    password = login[:password] || session[:password] || config.registry_password
    if username
      headers['Authorization'] = "Basic #{base64_docker_auth(username, password)}"
      print base64_docker_auth(username, password) # printing the base64 encoded
    end
    return headers
  end

When restart the app, I find in the logs a line break in th bas64 encoded. The line feed is exactly a 60 char

12:42:15 web.1  | 172.31.204.196 - - [01/Sep/2021:12:42:15 +0000] "GET /containers HTTP/1.1" 200 797 0.0679
12:42:16 web.1  | 172.31.204.196 - - [01/Sep/2021:12:42:16 +0000] "GET /api/registryinfo HTTP/1.1" 200 202 0.0052
12:42:16 web.1  | 172.31.204.196 - - [01/Sep/2021:12:42:16 +0000] "GET /api/registryinfo HTTP/1.1" 200 202 0.0034
12:42:16 web.1  | dGhpc19pc19hX3VzZXJuYW1lOnRoaXNfaXNfYV92ZXJ5X2xvbmdfcGFzc3dv
12:42:16 web.1  | YXJkX21vcmVfdGhhbl82MA==Error talking to the docker registry!

I don't know ruby but it looks like strict_encode64(bin) does not do what it's supposed to, by including line feed. Any idea ?