Improve handling of the credential forward check

Improve SchemeHostAndPortMatches in urlutil to ensure that credentials
will be used / forwarded if chart url and repo url are the same.
The same now means, that an additional check has been added which ensures,
that the implicit ports of http and https (80/443) will be used in the
compare check if they are not given, so that
http(s)://foo.bar:443/ == http(s)://foo.bar/. Old behavior
detected a diff here and then people needed to add a --pass-credentials
flag, which is a really dangerous option if you don't know exactly
what you are doing.

Signed-off-by: Felix Becker <git@felixbecker.name>
pull/10616/head
Felix Becker 3 years ago
parent d8201c406f
commit f4f9d03d6b

@ -77,5 +77,19 @@ func SchemeHostAndPortMatches(u1, u2 *url.URL) bool {
// Host on URL (returned from url.Parse) contains the port if present. // Host on URL (returned from url.Parse) contains the port if present.
// This check ensures credentials are not passed between different // This check ensures credentials are not passed between different
// services on different ports. // services on different ports.
return u1.Scheme == u2.Scheme && u1.Host == u2.Host getPort := func(url *url.URL) string {
if url.Port() == "" {
if url.Scheme == "https" { // is always lower case
return "443"
}
if url.Scheme == "http" {
return "80"
}
}
return url.Port()
}
u1Port := getPort(u1)
u2Port := getPort(u2)
return u1.Scheme == u2.Scheme && u1.Hostname() == u2.Hostname() && u1Port == u2Port
} }

@ -55,11 +55,12 @@ func TestSchemeHostAndPortMatches(t *testing.T) {
{"https://example.com:443", "https://example.com:443", true}, {"https://example.com:443", "https://example.com:443", true},
{"http://example.com:1234", "http://example.com:5678", false}, {"http://example.com:1234", "http://example.com:5678", false},
{"https://example.com:1234", "https://example.com:5678", false}, {"https://example.com:1234", "https://example.com:5678", false},
// The following lines are subject of change, currently only there {"http://example.com:80", "http://example.com", true},
// to ensure that the existing logic works as expected and the {"https://example.com:443", "https://example.com", true},
// upcoming fix / improvement works as wanted {"http://example.com:80", "https://example.com", false},
{"http://example.com:80", "http://example.com", false}, {"https://example.com:443", "http://example.com", false},
{"https://example.com:443", "https://example.com", false}, {"http://example.com:1234", "http://example.com", false},
{"https://example.com:1234", "https://example.com", false},
} { } {
u1, _ := url.Parse(tt.a) u1, _ := url.Parse(tt.a)
u2, _ := url.Parse(tt.b) u2, _ := url.Parse(tt.b)

Loading…
Cancel
Save