Merge branch 'unauthenticated-container-registry-access' into 'security'

Restore unauthenticated access to public container registries

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24284

See merge request !2025

Signed-off-by: Rémy Coutable <remy@rymai.me>

1 files changed, 16 insertions, 2 deletions

diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb
index f0ef155bd7b..a3e7844b2f3 100644
--- a/spec/requests/jwt_controller_spec.rb
+++ b/spec/requests/jwt_controller_spec.rb
@@ -20,7 +20,7 @@ describe JwtController do
     end
   end
 
-  context 'when using authorized request' do
+  context 'when using authenticated request' do
     context 'using CI token' do
       let(:build) { create(:ci_build, :running) }
       let(:project) { build.project }
@@ -65,7 +65,7 @@ describe JwtController do
           let(:access_token) { create(:personal_access_token, user: user) }
           let(:headers) { { authorization: credentials(user.username, access_token.token) } }
 
-          it 'rejects the authorization attempt' do
+          it 'accepts the authorization attempt' do
             expect(response).to have_http_status(200)
           end
         end
@@ -81,6 +81,20 @@ describe JwtController do
     end
   end
 
+  context 'when using unauthenticated request' do
+    it 'accepts the authorization attempt' do
+      get '/jwt/auth', parameters
+
+      expect(response).to have_http_status(200)
+    end
+
+    it 'allows read access' do
+      expect(service).to receive(:execute).with(authentication_abilities: Gitlab::Auth.read_authentication_abilities)
+
+      get '/jwt/auth', parameters
+    end
+  end
+
   context 'unknown service' do
     subject! { get '/jwt/auth', service: 'unknown' }