[NEXUS-16159] "Require user tokens for repository authentication" now enforced properly - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.0, 3.8.0
Fix Version/s: 3.22.0
Component/s: APT, Bower, cocoapods, Docker, User Token
Labels:

Story Points:
0
Release Note:

Yes
Notability:
3

Description

When User token is enabled and the Require user tokens for repository authentication is also enabled, docker requests are still allowed to use plain text credentials instead of being forced to use user token credentials.

The changes made by NEXUS-11231 seem to only affect Maven and Raw format repositories.

Expected

When Require user tokens for repository authentication is enabled, all non user-token credentials should be blocked for all repository formats.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screen Shot 2020-02-13 at 4.16.02 PM.png
02/13/20 09:16 PM
1.69 MB
Joe Tom
Screenshot 2020-05-14 at 1.41.05 PM.png
05/14/20 08:11 AM
190 kB
divyalingam

Issue Links

causes

NEXUS-23830 docker anonymous pull fails with 401 when user tokens are enabled

Closed

is related to

NEXUS-18312 Docker download counts not working

Closed

relates

NEXUS-23765 Plain text login to docker group permitted despite user tokens being enabled

Closed

NEXUS-24803 align user token content protection for non-content requests

mentioned in: Page Loading...

Activity

People

Assignee:: Matthew Piggott

Reporter:: Peter Lynch

Last Updated By:: Wes Wannemacher

Team:: NXRM - Operations/Groot

Votes:: 2 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 02/15/18 02:19 PM

Updated:: 08/07/20 05:11 PM

Resolved:: 02/21/20 08:25 PM

Date of First Response:: 15/Feb/18 4:08 PM

Details

Description

Expected

Attachments

Attachments

Issue Links

Activity

People

Dates

tigCommentSecurity.panel-title