Fixes #36827 - Container tokens now return docker-spec fields.

Gemfile fixes and cleaning up activesupport imports. Modified GH Ruby version, small comment tweak. Rubocop fixes
Katello · Oct 30, 2023 · 9f823eb · 9f823eb
1 parent dbc3b67
commit 9f823eb
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 6 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ jobs:
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.5
+        ruby-version: 2.7
         bundler-cache: true
     - name: Run Rubocop
       run: bundle exec rubocop

diff --git a/Gemfile b/Gemfile
@@ -9,6 +9,7 @@ group :development do
   gem 'rack-test'
   gem 'webmock'
   gem 'mocha'
+  gem 'activesupport'
   gem 'smart_proxy', :github => "theforeman/smart-proxy", :branch => 'develop'
 end
 

diff --git a/lib/smart_proxy_container_gateway/container_gateway_api.rb b/lib/smart_proxy_container_gateway/container_gateway_api.rb
@@ -1,3 +1,7 @@
+require 'active_support'
+require 'active_support/core_ext/integer'
+require 'active_support/core_ext/string'
+require 'active_support/time_with_zone'
 require 'sinatra'
 require 'smart_proxy_container_gateway/container_gateway'
 require 'smart_proxy_container_gateway/container_gateway_main'
@@ -100,18 +104,24 @@ class Api < ::Sinatra::Base
         response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
 
         unless auth_header.present? && auth_header.basic_auth?
-          one_year = (60 * 60 * 24 * 365)
-          return { token: AuthorizationHeader::UNAUTHORIZED_TOKEN, issued_at: Time.now.iso8601,
-                   expires_at: (Time.now + one_year).iso8601 }.to_json
+          return { token: AuthorizationHeader::UNAUTHORIZED_TOKEN, issued_at: Time.now.rfc3339,
+                   expires_in: 1.year.seconds.to_i }.to_json
         end
 
         token_response = ForemanApi.new.fetch_token(auth_header.raw_header, request.params)
         if token_response.code.to_i != 200
           halt token_response.code.to_i, token_response.body
         else
+          # This returned token should follow OAuth2 spec. We need some minor conversion
+          # to store the token with the expires_at time (using rfc3339).
           token_response_body = JSON.parse(token_response.body)
-          ContainerGateway.insert_token(request.params['account'], token_response_body['token'],
-                                        token_response_body['expires_at'])
+          issued_at = token_response_body["issued_at"].to_time
+          expires_at = issued_at + token_response_body["expires_in"].seconds
+          ContainerGateway.insert_token(
+            request.params['account'],
+            token_response_body['token'],
+            expires_at.rfc3339
+          )
 
           repo_response = ForemanApi.new.fetch_user_repositories(auth_header.raw_header, request.params)
           if repo_response.code.to_i != 200
@@ -120,6 +130,8 @@ class Api < ::Sinatra::Base
             ContainerGateway.update_user_repositories(request.params['account'],
                                                       JSON.parse(repo_response.body)['repositories'])
           end
+
+          # Return the original token response from Katello
           return token_response_body.to_json
         end
       end

diff --git a/smart_proxy_container_gateway.gemspec b/smart_proxy_container_gateway.gemspec
@@ -17,4 +17,5 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '~> 2.5'
   s.add_dependency 'sequel'
   s.add_dependency 'sqlite3'
+  s.add_dependency 'activesupport'
 end