mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-03-25 13:53:03 -04:00
8fed6bcc9b
After the [first attempt](https://codeberg.org/forgejo/forgejo/pulls/11393) to introduce a separate challenge for HTTP Basic Authentication failed and had to be [backed out](https://codeberg.org/forgejo/forgejo/pulls/11616) because two challenges in a single header field were not widely supported, we're trying it again. This time a second header `WWW-Authenticate` header is emitted. Example: ``` $ curl -v -u andreas --basic http://192.168.178.62:3000/v2 Enter host password for user 'andreas': * Trying 192.168.178.62:3000... * Connected to 192.168.178.62 (192.168.178.62) port 3000 * using HTTP/1.x * Server auth using Basic with user 'andreas' > GET /v2 HTTP/1.1 > Host: 192.168.178.62:3000 > Authorization: Basic ***** > User-Agent: curl/8.15.0 > Accept: */* > * Request completely sent off < HTTP/1.1 401 Unauthorized < Content-Length: 50 < Content-Type: application/json < Docker-Distribution-Api-Version: registry/2.0 < Www-Authenticate: Bearer realm="http://192.168.178.62:3000/v2/token",service="container_registry",scope="*" * Basic authentication problem, ignoring. < Www-Authenticate: Basic realm="Forgejo Container Registry" < Date: Sat, 14 Mar 2026 15:09:50 GMT < {"errors":[{"code":"UNAUTHORIZED","message":""}]} ``` Tested with Docker 29.1.3, Podman 5.8.0, and Apple container 0.9.0. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [ ] `make pr-go` before pushing ### Tests for JavaScript changes (can be removed for Go changes) - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11678 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> |
||
|---|---|---|
| .. | ||
| e2e | ||
| fuzz | ||
| gitea-lfs-meta | ||
| gitea-repositories-meta | ||
| integration | ||
| testdata/data | ||
| mysql.ini.tmpl | ||
| pgsql.ini.tmpl | ||
| sqlite.ini.tmpl | ||
| test_utils.go | ||