Commit 06807c69 authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

mandate minimum token size

parent 7fb868df
......@@ -11,6 +11,9 @@ from .tokens import Token
log = logging.getLogger('jwt')
# tokens below this size will automatically be rejected (to prevent any
# misconfiguration)
def registry_manifest(request, repo, tag):
......@@ -142,6 +145,9 @@ def jwt_auth(request):
username, password = base64.b64decode(credentials).decode('utf-8').split(':', 1)
#log.debug('HTTP_AUTHORIZATION %s username %s', auth_header, username)
if username == "$token":
if len(password) < MIN_TOKEN_SIZE:"provided token is too short")
return HttpResponse(status=401)
actor = Runner.objects.get(token=password)"Token for runner called")
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment