Merge pull request moby#50371 from thaJeztah/push_auth_body

AkihiroSuda · web-flow · commit 1b072f717ade · 2025-07-11T07:22:38.000+09:00
daemon/server: remove compatibility with API v1.4 auth-config on push
diff --git a/api/types/registry/authconfig.go b/api/types/registry/authconfig.go
@@ -83,6 +83,8 @@ func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) {
 // Like [DecodeAuthConfig], this function always returns an [AuthConfig], even if an
 // error occurs. It is up to the caller to decide if authentication is required,
 // and if the error can be ignored.
+//
+// Deprecated: this function is no longer used and will be removed in the next release.
 func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) {
 	return decodeAuthConfigFromReader(rdr)
 }
diff --git a/api/types/registry/authconfig_test.go b/api/types/registry/authconfig_test.go
@@ -1,8 +1,6 @@
 package registry
 
 import (
-	"io"
-	"strings"
 	"testing"
 
 	"gotest.tools/v3/assert"
@@ -47,12 +45,6 @@ func TestDecodeAuthConfig(t *testing.T) {
 	})
 }
 
-func TestDecodeAuthConfigBody(t *testing.T) {
-	token, err := DecodeAuthConfigBody(io.NopCloser(strings.NewReader(unencoded)))
-	assert.NilError(t, err)
-	assert.Equal(t, *token, expected)
-}
-
 func TestEncodeAuthConfig(t *testing.T) {
 	token, err := EncodeAuthConfig(expected)
 	assert.NilError(t, err)
diff --git a/daemon/server/router/image/image_routes.go b/daemon/server/router/image/image_routes.go
@@ -100,6 +100,8 @@ func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrit
 
 		// For a pull it is not an error if no auth was given. Ignore invalid
 		// AuthConfig to increase compatibility with the existing API.
+		//
+		// TODO(thaJeztah): accept empty values but return an error when failing to decode.
 		authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
 		progressErr = ir.backend.PullImage(ctx, ref, platform, metaHeaders, authConfig, output)
 	} else { // import
@@ -167,16 +169,11 @@ func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter
 
 	var authConfig *registry.AuthConfig
 	if authEncoded := r.Header.Get(registry.AuthHeader); authEncoded != "" {
-		// the new format is to handle the authConfig as a header. Ignore invalid
-		// AuthConfig to increase compatibility with the existing API.
+		// Handle the authConfig as a header, but ignore invalid AuthConfig
+		// to increase compatibility with the existing API.
+		//
+		// TODO(thaJeztah): accept empty values but return an error when failing to decode.
 		authConfig, _ = registry.DecodeAuthConfig(authEncoded)
-	} else {
-		// the old format is supported for compatibility if there was no authConfig header
-		var err error
-		authConfig, err = registry.DecodeAuthConfigBody(r.Body)
-		if err != nil {
-			return errors.Wrap(err, "bad parameters and missing X-Registry-Auth")
-		}
 	}
 
 	output := ioutils.NewWriteFlusher(w)

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,8 @@ func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) {`
`83`	`83`	`// Like [DecodeAuthConfig], this function always returns an [AuthConfig], even if an`
`84`	`84`	`// error occurs. It is up to the caller to decide if authentication is required,`
`85`	`85`	`// and if the error can be ignored.`
	`86`	`+//`
	`87`	`+// Deprecated: this function is no longer used and will be removed in the next release.`
`86`	`88`	`func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) {`
`87`	`89`	`return decodeAuthConfigFromReader(rdr)`
`88`	`90`	`}`