From 6176c5b736b1aa71abdd6c5a19e54ffd3dae94dc Mon Sep 17 00:00:00 2001
From: Lubos Mjachky <lmjachky@redhat.com>
Date: Tue, 30 Apr 2024 14:31:13 +0200
Subject: [PATCH] Add a check for anonymous requests

closes #1605

(cherry picked from commit b4c550ead0cb522760c45732771e7a931ad5b444)
---
 CHANGES/1605.bugfix                      | 2 ++
 pulp_container/app/token_verification.py | 3 +++
 2 files changed, 5 insertions(+)
 create mode 100644 CHANGES/1605.bugfix

diff --git a/CHANGES/1605.bugfix b/CHANGES/1605.bugfix
new file mode 100644
index 000000000..564466c4f
--- /dev/null
+++ b/CHANGES/1605.bugfix
@@ -0,0 +1,2 @@
+Fixed a bug that caused the registry to not accept requests from anonymous users when token
+authentication was disabled.
diff --git a/pulp_container/app/token_verification.py b/pulp_container/app/token_verification.py
index 119a61f26..5e04fb2a6 100644
--- a/pulp_container/app/token_verification.py
+++ b/pulp_container/app/token_verification.py
@@ -74,6 +74,9 @@ def authenticate(self, request):
 
         If basic authentication could not success, remote webserver authentication is considered.
         """
+        if request.headers.get("Authorization") == "Basic Og==":
+            return (AnonymousUser, None)
+
         try:
             user = super().authenticate(request)
         except AuthenticationFailed: