oci-auth: Don't ask for authentication if anon auth fails with weird error

If the initial anonymous fails for any other reason than "not authorized" we immediately fail the operation instead of asking for user/password. The later is creating a very bad UX in case of e.g. networking or infrastructure issues, as described in #3753. (cherry picked from commit 09d57249f4)
2026-04-03 06:47:19 -04:00 · 2020-08-13 13:55:29 +02:00
parent 5c63fba452
commit aa739a18f0
1 changed files with 15 additions and 2 deletions
--- a/oci-authenticator/flatpak-oci-authenticator.c
+++ b/oci-authenticator/flatpak-oci-authenticator.c
@@ -525,8 +525,21 @@ handle_request_ref_tokens (FlatpakAuthenticator *f_authenticator,
        have_auth = TRUE;
      else
        {
-          g_debug ("Anonymous authentication failed: %s", error->message);
-          g_clear_error (&error);
+          if (g_error_matches (error, FLATPAK_ERROR, FLATPAK_ERROR_NOT_AUTHORIZED))
+            {
+              g_debug ("Anonymous authentication failed: %s", error->message);
+              g_clear_error (&error);
+
+              /* Continue trying with authentication below */
+            }
+          else
+            {
+              /* We failed with some weird reason (network issue maybe?) and it is unlikely
+               * that adding some authentication will fix it. It will just cause a bad UX like
+               * described in #3753, so just return the error early.
+               */
+              return error_request (request, sender, error);
+            }
        }
    }