Merge upstream, resolve conflicts

cesanta · Jun 10, 2024 · 474dfe0 · 474dfe0
2 parents cee70a9 + aab2ae0
commit 474dfe0
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 8 deletions.
diff --git a/auth_server/authn/data/github_auth_result.tmpl b/auth_server/authn/data/github_auth_result.tmpl
@@ -43,9 +43,11 @@
 <body>
   <p class="message">
     You are successfully authenticated for the Docker Registry{{if .Organization}} with the <code>@{{.Organization}}</code> Github organization{{end}}.
-    Use the following username and password to login into the registry:
+    Log into the registry using one of these commands:
   </p>
   <hr>
   <pre class="command"><span>$ </span>docker login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
+  <pre class="command"><span>$ </span>podman login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
+  <pre class="command"><span>$ </span>nerdctl login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
 </body>
 </html>
diff --git a/auth_server/authn/data/gitlab_auth_result.tmpl b/auth_server/authn/data/gitlab_auth_result.tmpl
@@ -43,9 +43,11 @@
 <body>
   <p class="message">
     You are successfully authenticated to the Docker Registry.
-    Use the following username and password to login into the registry:
+    Log into the registry using one of these commands:
   </p>
   <hr>
   <pre class="command"><span>$ </span>docker login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
+  <pre class="command"><span>$ </span>podman login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
+  <pre class="command"><span>$ </span>nerdctl login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
 </body>
 </html>
diff --git a/auth_server/authn/data/oidc_auth_result.tmpl b/auth_server/authn/data/oidc_auth_result.tmpl
@@ -9,9 +9,11 @@
 <body>
   <p class="message">
     You are successfully authenticated for the Docker Registry.
-    Use the following username and password to login into the registry:
+    Log into the registry using one of these commands:
   </p>
   <hr>
   <pre class="command"><span>$ </span>docker login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
+  <pre class="command"><span>$ </span>podman login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
+  <pre class="command"><span>$ </span>nerdctl login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}</pre>
 </body>
 </html>
diff --git a/auth_server/authz/acl_xorm.go b/auth_server/authz/acl_xorm.go
@@ -43,7 +43,7 @@ type XormAuthzConfig struct {
 type XormACL []XormACLEntry
 
 type XormACLEntry struct {
-	ACLEntry `xorm:"'acl_entry'"`
+	ACLEntry `xorm:"'acl_entry' JSON"`
 	Seq      int64
 }
 
@@ -138,8 +138,10 @@ func (xa *aclXormAuthz) updateACLCache() error {
 	// Get ACL from Xorm.io database connection
 	var newACL []XormACLEntry
 
-	xa.engine.OrderBy("seq").Find(&newACL)
-
+	err := xa.engine.OrderBy("seq").Find(&newACL)
+	if err != nil {
+		return err
+	}
 	var retACL ACL
 	for _, e := range newACL {
 		retACL = append(retACL, e.ACLEntry)

diff --git a/docs/auth-methods.md b/docs/auth-methods.md
@@ -15,6 +15,8 @@ github_auth:
   client_secret: "..." # or client_secret_file
   level_token_db:
     path: /data/tokens.db
+    # Optional token hash cost for bcrypt hashing
+    # token_hash_cost: 5
 ```
 
 Then specify what teams can do via acls

diff --git a/examples/reference.yml b/examples/reference.yml
@@ -117,6 +117,8 @@ google_auth:
   # Where to store server tokens. Required.
   level_token_db:
     path: "/somewhere/to/put/google_tokens.ldb"
+    # Optional token hash cost for bcrypt hashing
+    # token_hash_cost: 5
   # How long to wait when talking to Google servers. Optional.
   http_timeout: "10s"
 
@@ -136,9 +138,11 @@ github_auth:
   # want to have sensitive information checked in.
   # client_secret: "verysecret"
   client_secret_file: "/path/to/client_secret.txt"
-  # Either token_db file for storing of server tokens.
+  # Either level_token_db file for storing of server tokens.
   level_token_db:
     path: "/somewhere/to/put/github_tokens.ldb"
+    # Optional token hash cost for bcrypt hashing
+    # token_hash_cost: 5
   # or google cloud storage for storing of the sensitive information,
   gcs_token_db:
     bucket: "tokenBucket"
@@ -185,6 +189,8 @@ oidc_auth:
   # a file in which the tokens should be stored. Does not have to exist, it will be generated in this case
   level_token_db:
     path: "/path/to/tokens.ldb"
+    # Optional token hash cost for bcrypt hashing
+    # token_hash_cost: 5
   # --- optional ---
   # How long to wait when talking to the OIDC provider.
   http_timeout: "10s"
@@ -213,9 +219,11 @@ gitlab_auth:
   # want to have sensitive information checked in.
   # client_secret: "verysecret"
   client_secret_file: "/path/to/client_secret.txt"
-  # Either token_db file for storing of server tokens.
+  # Either level_token_db file for storing of server tokens.
   level_token_db:
     path: "/somewhere/to/put/gitlab_tokens.ldb"
+    # Optional token hash cost for bcrypt hashing
+    # token_hash_cost: 5
   # or google cloud storage for storing of the sensitive information,
   gcs_token_db:
     bucket: "tokenBucket"