From aa739a18f0e45bf4db0a3385c2f4aa4c819c836f Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 13 Aug 2020 13:55:29 +0200 Subject: [PATCH] oci-auth: Don't ask for authentication if anon auth fails with weird error If the initial anonymous fails for any other reason than "not authorized" we immediately fail the operation instead of asking for user/password. The later is creating a very bad UX in case of e.g. networking or infrastructure issues, as described in #3753. (cherry picked from commit 09d57249f4a7a167c98eb7d6b5a677867bc2a435) --- oci-authenticator/flatpak-oci-authenticator.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/oci-authenticator/flatpak-oci-authenticator.c b/oci-authenticator/flatpak-oci-authenticator.c index f970f983..14654174 100644 --- a/oci-authenticator/flatpak-oci-authenticator.c +++ b/oci-authenticator/flatpak-oci-authenticator.c @@ -525,8 +525,21 @@ handle_request_ref_tokens (FlatpakAuthenticator *f_authenticator, have_auth = TRUE; else { - g_debug ("Anonymous authentication failed: %s", error->message); - g_clear_error (&error); + if (g_error_matches (error, FLATPAK_ERROR, FLATPAK_ERROR_NOT_AUTHORIZED)) + { + g_debug ("Anonymous authentication failed: %s", error->message); + g_clear_error (&error); + + /* Continue trying with authentication below */ + } + else + { + /* We failed with some weird reason (network issue maybe?) and it is unlikely + * that adding some authentication will fix it. It will just cause a bad UX like + * described in #3753, so just return the error early. + */ + return error_request (request, sender, error); + } } }