diff --git a/app/controllers/katello/api/registry/registry_proxies_controller.rb b/app/controllers/katello/api/registry/registry_proxies_controller.rb index a0afd98e631..5a0a994f11b 100644 --- a/app/controllers/katello/api/registry/registry_proxies_controller.rb +++ b/app/controllers/katello/api/registry/registry_proxies_controller.rb @@ -134,7 +134,8 @@ def authorize_repository_read def token if !require_user_authorization? - personal_token = OpenStruct.new(token: 'unauthenticated', issued_at: Time.now, expires_at: Time.now + 3) + # Docker spec requires minimum token expiry to be 60 seconds + personal_token = OpenStruct.new(token: 'unauthenticated', issued_at: Time.now, expires_at: 60.seconds.from_now) else personal_token = PersonalAccessToken.where(user_id: User.current.id, name: 'registry').first if personal_token.nil? @@ -147,8 +148,15 @@ def token end end + expiration_seconds = (personal_token.expires_at.to_time - Time.now).seconds.to_int + issue_time = Time.now.rfc3339 + response.headers['Docker-Distribution-API-Version'] = 'registry/2.0' - render json: { token: personal_token.token, expires_at: personal_token.expires_at, issued_at: personal_token.created_at } + render json: { + token: personal_token.token, + expires_in: expiration_seconds, + issued_at: issue_time + } end def pull_manifest diff --git a/test/controllers/api/registry/registry_proxies_controller_test.rb b/test/controllers/api/registry/registry_proxies_controller_test.rb index 25caba3d85d..ed4ac2fa24c 100644 --- a/test/controllers/api/registry/registry_proxies_controller_test.rb +++ b/test/controllers/api/registry/registry_proxies_controller_test.rb @@ -136,13 +136,16 @@ def setup_permissions PersonalAccessToken.expects(:where) .with(user_id: User.current.id, name: 'registry') .returns([]) - expiration = Time.now + issue_time = Time.now + expiry_time = 30.minutes.from_now + tolerance = 3.seconds + token = mock('token') token.stubs(:token).returns("12345") token.stubs(:generate_token).returns("12345") token.stubs(:user_id).returns(User.current.id) - token.stubs(:expires_at).returns("#{expiration}") - token.stubs(:created_at).returns("#{expiration}") + token.stubs(:expires_at).returns("#{expiry_time.rfc3339}") + token.stubs(:created_at).returns("#{issue_time.rfc3339}") token.stubs('save!').returns(true) PersonalAccessToken.expects(:new).returns(token) @@ -151,18 +154,24 @@ def setup_permissions assert_equal 'registry/2.0', response.headers['Docker-Distribution-API-Version'] body = JSON.parse(response.body) assert_equal "12345", body['token'] - assert_equal "#{expiration}", body['expires_at'] - assert_equal "#{expiration}", body['issued_at'] + + response_issue_time = body['issued_at'].to_time + response_expiry_time = response_issue_time + body['expires_in'].seconds + assert (response_expiry_time - tolerance) < expiry_time + assert (response_expiry_time + tolerance) > expiry_time end it "token - has 'registry' token" do - expiration = Time.now + issue_time = Time.now + expiry_time = 30.minutes.from_now + tolerance = 3.seconds + token = mock('token') token.stubs(:token).returns("12345") token.stubs(:generate_token).returns("12345") token.stubs(:user_id).returns(User.current.id) - token.stubs(:expires_at).returns("#{expiration}") - token.stubs(:created_at).returns("#{expiration}") + token.stubs(:expires_at).returns("#{expiry_time.rfc3339}") + token.stubs(:created_at).returns("#{issue_time.rfc3339}") token.stubs('save!').returns(true) token.expects('expires_at=').returns(true) PersonalAccessToken.expects(:where) @@ -175,8 +184,11 @@ def setup_permissions assert_equal 'registry/2.0', response.headers['Docker-Distribution-API-Version'] body = JSON.parse(response.body) assert_equal "12345", body['token'] - assert_equal "#{expiration}", body['expires_at'] - assert_equal "#{expiration}", body['issued_at'] + + response_issue_time = body['issued_at'].to_time + response_expiry_time = response_issue_time + body['expires_in'].seconds + assert (response_expiry_time - tolerance) < expiry_time + assert (response_expiry_time + tolerance) > expiry_time end it "token - unscoped is authorized" do