Merge pull request #7504 from reasonerjt/reload-auth-proxy-cert-verify

Update Transport of HTTP cient in auth proxy client
2024-09-20 17:45:44 +00:00 · 2019-04-26 23:24:33 +08:00 · 2019-04-26 23:24:33 +08:00 · b9f5f1027c
commit b9f5f1027c
parent 3c1be645bf 07d15a8553
2 changed files with 25 additions and 10 deletions
--- a/src/core/auth/authproxy/auth.go
+++ b/src/core/auth/authproxy/auth.go
@ -30,9 +30,16 @@ import (
 	"time"
 )

-const refreshDuration = 5 * time.Second
+const refreshDuration = 2 * time.Second
 const userEntryComment = "By Authproxy"

+var secureTransport = &http.Transport{}
+var insecureTransport = &http.Transport{
+	TLSClientConfig: &tls.Config{
+		InsecureSkipVerify: true,
+	},
+}
+
 // Auth implements HTTP authenticator the required attributes.
 // The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication
 type Auth struct {
@ -125,6 +132,9 @@ func (a *Auth) fillInModel(u *models.User) error {
 func (a *Auth) ensure() error {
 	a.Lock()
 	defer a.Unlock()
+	if a.client == nil {
+		a.client = &http.Client{}
+	}
 	if time.Now().Sub(a.settingTimeStamp) >= refreshDuration {
 		setting, err := config.HTTPAuthProxySetting()
 		if err != nil {
@ -134,16 +144,12 @@ func (a *Auth) ensure() error {
 		a.SkipCertVerify = !setting.VerifyCert
 		a.AlwaysOnboard = setting.AlwaysOnBoard
 	}
-	if a.client == nil {
-		tr := &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: a.SkipCertVerify,
-			},
-		}
-		a.client = &http.Client{
-			Transport: tr,
-		}
+	if a.SkipCertVerify {
+		a.client.Transport = insecureTransport
+	} else {
+		a.client.Transport = secureTransport
 	}
+
 	return nil
 }

--- a/src/core/auth/authproxy/auth_test.go
+++ b/src/core/auth/authproxy/auth_test.go
@ -15,11 +15,13 @@
 package authproxy

 import (
+	"github.com/goharbor/harbor/src/common"
 	"github.com/goharbor/harbor/src/common/dao"
 	"github.com/goharbor/harbor/src/common/models"
 	cut "github.com/goharbor/harbor/src/common/utils/test"
 	"github.com/goharbor/harbor/src/core/auth"
 	"github.com/goharbor/harbor/src/core/auth/authproxy/test"
+	"github.com/goharbor/harbor/src/core/config"
 	"github.com/stretchr/testify/assert"
 	"net/http/httptest"
 	"os"
@ -45,6 +47,13 @@ func TestMain(m *testing.M) {
 		// So it won't require mocking the cfgManager
 		settingTimeStamp: time.Now(),
 	}
+	conf := map[string]interface{}{
+		common.HTTPAuthProxyEndpoint:            "dummy",
+		common.HTTPAuthProxyTokenReviewEndpoint: "dummy",
+		common.HTTPAuthProxyVerifyCert:          "false",
+	}
+
+	config.InitWithSettings(conf)
 	rc := m.Run()
 	if err := dao.ClearHTTPAuthProxyUsers(); err != nil {
 		panic(err)