Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-30 22:34:13 -05:00
Code Issues Activity

fix(authn): apply fail delay only if credentials/sessions are supplied (#1920)

Browse source 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
peusebiu 2023-10-12 16:32:36 +03:00 committed by GitHub
parent ab45356d9a
commit d1fcab421a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/api/authn.go
View file

@ -675,7 +675,9 @@ func getRelyingPartyArgs(cfg *config.Config, provider string) (
} }
func authFail(w http.ResponseWriter, r *http.Request, realm string, delay int) { func authFail(w http.ResponseWriter, r *http.Request, realm string, delay int) {
if !isAuthorizationHeaderEmpty(r) || hasSessionHeader(r) {
time.Sleep(time.Duration(delay) * time.Second) time.Sleep(time.Duration(delay) * time.Second)
}
// don't send auth headers if request is coming from UI // don't send auth headers if request is coming from UI
if r.Header.Get(constants.SessionClientHeaderName) != constants.SessionClientHeaderValue { if r.Header.Get(constants.SessionClientHeaderName) != constants.SessionClientHeaderValue {