diff --git a/src/core/auth/authproxy/auth.go b/src/core/auth/authproxy/auth.go index bfed1fe74..0def2f4b1 100644 --- a/src/core/auth/authproxy/auth.go +++ b/src/core/auth/authproxy/auth.go @@ -30,9 +30,16 @@ import ( "time" ) -const refreshDuration = 5 * time.Second +const refreshDuration = 2 * time.Second const userEntryComment = "By Authproxy" +var secureTransport = &http.Transport{} +var insecureTransport = &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, +} + // Auth implements HTTP authenticator the required attributes. // The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication type Auth struct { @@ -125,6 +132,9 @@ func (a *Auth) fillInModel(u *models.User) error { func (a *Auth) ensure() error { a.Lock() defer a.Unlock() + if a.client == nil { + a.client = &http.Client{} + } if time.Now().Sub(a.settingTimeStamp) >= refreshDuration { setting, err := config.HTTPAuthProxySetting() if err != nil { @@ -134,16 +144,12 @@ func (a *Auth) ensure() error { a.SkipCertVerify = !setting.VerifyCert a.AlwaysOnboard = setting.AlwaysOnBoard } - if a.client == nil { - tr := &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: a.SkipCertVerify, - }, - } - a.client = &http.Client{ - Transport: tr, - } + if a.SkipCertVerify { + a.client.Transport = insecureTransport + } else { + a.client.Transport = secureTransport } + return nil } diff --git a/src/core/auth/authproxy/auth_test.go b/src/core/auth/authproxy/auth_test.go index 5ceecbba8..0e45b7388 100644 --- a/src/core/auth/authproxy/auth_test.go +++ b/src/core/auth/authproxy/auth_test.go @@ -15,11 +15,13 @@ package authproxy import ( + "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" cut "github.com/goharbor/harbor/src/common/utils/test" "github.com/goharbor/harbor/src/core/auth" "github.com/goharbor/harbor/src/core/auth/authproxy/test" + "github.com/goharbor/harbor/src/core/config" "github.com/stretchr/testify/assert" "net/http/httptest" "os" @@ -45,6 +47,13 @@ func TestMain(m *testing.M) { // So it won't require mocking the cfgManager settingTimeStamp: time.Now(), } + conf := map[string]interface{}{ + common.HTTPAuthProxyEndpoint: "dummy", + common.HTTPAuthProxyTokenReviewEndpoint: "dummy", + common.HTTPAuthProxyVerifyCert: "false", + } + + config.InitWithSettings(conf) rc := m.Run() if err := dao.ClearHTTPAuthProxyUsers(); err != nil { panic(err)