Fix container auth for public instance (#37290)

Fix #37289
2026-05-20 19:11:09 +09:00 · 2026-04-19 19:52:47 +08:00
parent 30be22f30f
commit 6ed861589a
2 changed files with 24 additions and 23 deletions
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -88,37 +88,34 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}

-		defaultAuthenticateValues := []string{
+		wwwAuthenticateForPublic := []string{
+			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
+		}
+		wwwAuthenticateForRequiredSignIn := []string{
 			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
 			`Basic realm="Gitea Container Registry"`,
 		}
-
 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

 			req := NewRequest(t, "GET", setting.AppURL+"v2")
 			resp := MakeRequest(t, req, http.StatusUnauthorized)
-
-			assert.ElementsMatch(t, defaultAuthenticateValues, resp.Header().Values("WWW-Authenticate"))
+			assert.ElementsMatch(t, wwwAuthenticateForPublic, resp.Header().Values("WWW-Authenticate"))

 			req = NewRequest(t, "GET", setting.AppURL+"v2/token")
 			resp = MakeRequest(t, req, http.StatusOK)
-
-			tokenResponse := &TokenResponse{}
-			DecodeJSON(t, resp, &tokenResponse)
-
-			assert.NotEmpty(t, tokenResponse.Token)
-
+			tokenResponse := DecodeJSON(t, resp, &TokenResponse{})
+			require.NotEmpty(t, tokenResponse.Token)
 			anonymousToken = "Bearer " + tokenResponse.Token

-			req = NewRequest(t, "GET", setting.AppURL+"v2").
-				AddTokenAuth(anonymousToken)
+			req = NewRequest(t, "GET", setting.AppURL+"v2").AddTokenAuth(anonymousToken)
 			MakeRequest(t, req, http.StatusOK)

 			defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, true)()

 			req = NewRequest(t, "GET", setting.AppURL+"v2")
-			MakeRequest(t, req, http.StatusUnauthorized)
+			resp = MakeRequest(t, req, http.StatusUnauthorized)
+			assert.ElementsMatch(t, wwwAuthenticateForRequiredSignIn, resp.Header().Values("WWW-Authenticate"))

 			req = NewRequest(t, "GET", setting.AppURL+"v2/token")
 			MakeRequest(t, req, http.StatusUnauthorized)
@@ -135,17 +132,13 @@ func TestPackageContainer(t *testing.T) {

 			req := NewRequest(t, "GET", setting.AppURL+"v2")
 			resp := MakeRequest(t, req, http.StatusUnauthorized)
+			assert.ElementsMatch(t, wwwAuthenticateForPublic, resp.Header().Values("WWW-Authenticate"))

-			assert.ElementsMatch(t, defaultAuthenticateValues, resp.Header().Values("WWW-Authenticate"))
-
-			req = NewRequest(t, "GET", setting.AppURL+"v2/token").
-				AddBasicAuth(user.Name)
+			req = NewRequest(t, "GET", setting.AppURL+"v2/token").AddBasicAuth(user.Name)
 			resp = MakeRequest(t, req, http.StatusOK)
-
-			tokenResponse := &TokenResponse{}
-			DecodeJSON(t, resp, &tokenResponse)
-
+			tokenResponse := DecodeJSON(t, resp, &TokenResponse{})
 			assert.NotEmpty(t, tokenResponse.Token)
+
 			pkgMeta, err := package_service.ParseAuthorizationToken(tokenResponse.Token)
 			assert.NoError(t, err)
 			assert.Equal(t, user.ID, pkgMeta.UserID)