From 7c9d09d09be9e7433946880b7aa71cfa4b520842 Mon Sep 17 00:00:00 2001
From: Keisuke Minami <keisuke.minami@toshiba.co.jp>
Date: Thu, 22 Sep 2022 10:32:11 +0900
Subject: [PATCH] Fix basic auth on notary cli

Signed-off-by: Keisuke Minami <keisuke.minami@toshiba.co.jp>
---
 cmd/notary/tuf.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/cmd/notary/tuf.go b/cmd/notary/tuf.go
index 47985501b..cae5dfb4d 100644
--- a/cmd/notary/tuf.go
+++ b/cmd/notary/tuf.go
@@ -949,8 +949,6 @@ func tokenAuth(trustServerURL string, baseTransport *http.Transport, gun data.GU
 		return nil, err
 	}
 
-	ps := passwordStore{anonymous: permission == readOnly}
-
 	var actions []string
 	switch permission {
 	case admin:
@@ -963,8 +961,8 @@ func tokenAuth(trustServerURL string, baseTransport *http.Transport, gun data.GU
 		return nil, fmt.Errorf("Invalid permission requested for token authentication of gun %s", gun)
 	}
 
-	tokenHandler := auth.NewTokenHandler(authTransport, ps, gun.String(), actions...)
-	basicHandler := auth.NewBasicHandler(ps)
+	tokenHandler := auth.NewTokenHandler(authTransport, passwordStore{anonymous: permission == readOnly}, gun.String(), actions...)
+	basicHandler := auth.NewBasicHandler(passwordStore{anonymous: false}) // non-anonymous access will be required when basic challenge is returned
 
 	modifier := auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)