From 8bfdad9a0dee26b45b15f985977769ef37888f8a Mon Sep 17 00:00:00 2001
From: Josh Hawn <josh.hawn@docker.com>
Date: Fri, 30 Jan 2015 16:11:47 -0800
Subject: [PATCH] Fix token basic auth header issue

When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.

Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
---
 graph/pull.go          | 3 +++
 registry/session_v2.go | 2 ++
 registry/token.go      | 6 ++++--
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/graph/pull.go b/graph/pull.go
index 492c1cb797..df00bc868e 100644
--- a/graph/pull.go
+++ b/graph/pull.go
@@ -387,6 +387,9 @@ func (s *TagStore) pullV2Repository(eng *engine.Engine, r *registry.Session, out
 		if err != nil {
 			return err
 		}
+		if len(tags) == 0 {
+			return registry.ErrDoesNotExist
+		}
 		for _, t := range tags {
 			if downloaded, err := s.pullV2Tag(eng, r, out, endpoint, repoInfo, t, sf, parallel, auth); err != nil {
 				return err
diff --git a/registry/session_v2.go b/registry/session_v2.go
index dbef7df1ee..da5371d83b 100644
--- a/registry/session_v2.go
+++ b/registry/session_v2.go
@@ -128,6 +128,8 @@ func (r *Session) HeadV2ImageBlob(ep *Endpoint, imageName, sumType, sum string,
 	case res.StatusCode >= 200 && res.StatusCode < 400:
 		// return something indicating no push needed
 		return true, nil
+	case res.StatusCode == 401:
+		return false, errLoginRequired
 	case res.StatusCode == 404:
 		// return something indicating blob push needed
 		return false, nil
diff --git a/registry/token.go b/registry/token.go
index 2504863048..c79a8ca6c5 100644
--- a/registry/token.go
+++ b/registry/token.go
@@ -51,10 +51,12 @@ func getToken(username, password string, params map[string]string, registryEndpo
 		reqParams.Add("scope", scopeField)
 	}
 
-	reqParams.Add("account", username)
+	if username != "" {
+		reqParams.Add("account", username)
+		req.SetBasicAuth(username, password)
+	}
 
 	req.URL.RawQuery = reqParams.Encode()
-	req.SetBasicAuth(username, password)
 
 	resp, err := client.Do(req)
 	if err != nil {