daemon/server: remove compatibility with API v1.4 auth-config on push

Docker [API v1.4] and lower expected registry authentication to be sent in
the request body when pushing or pulling ("creating") images. [API v1.5]
(Docker v0.6.1) changed this to this to use a `X-Registry-Auth` header
instead.

This change was implemented in d04beb7f43,
which kept a fallback for clients using old (< v1.5) API versions which
would send authentication in the request body.

Given that we no longer support API versions older than v1.24, and clients
using API v1.5 would be over 12 Years old.

[API v1.4]: https://github.com/moby/moby/blob/v0.6.1/docs/sources/api/docker_remote_api_v1.4.rst#push-an-image-on-the-registry
[API v1.5]: https://github.com/moby/moby/blob/v0.6.2/docs/sources/api/docker_remote_api_v1.5.rst#push-an-image-on-the-registry

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

api/types/registry/authconfig.go

@@ -83,6 +83,8 @@ func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) {
 // Like [DecodeAuthConfig], this function always returns an [AuthConfig], even if an
 // error occurs. It is up to the caller to decide if authentication is required,
 // and if the error can be ignored.
+//
+// Deprecated: this function is no longer used and will be removed in the next release.
 func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) {
 	return decodeAuthConfigFromReader(rdr)
 }

api/types/registry/authconfig_test.go

@@ -1,8 +1,6 @@
 package registry
 
 import (
-	"io"
-	"strings"
 	"testing"
 
 	"gotest.tools/v3/assert"
@@ -47,12 +45,6 @@ func TestDecodeAuthConfig(t *testing.T) {
 	})
 }
 
-func TestDecodeAuthConfigBody(t *testing.T) {
-	token, err := DecodeAuthConfigBody(io.NopCloser(strings.NewReader(unencoded)))
-	assert.NilError(t, err)
-	assert.Equal(t, *token, expected)
-}
-
 func TestEncodeAuthConfig(t *testing.T) {
 	token, err := EncodeAuthConfig(expected)
 	assert.NilError(t, err)

daemon/server/router/image/image_routes.go

@@ -100,6 +100,8 @@ func (ir *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrit
 
 		// For a pull it is not an error if no auth was given. Ignore invalid
 		// AuthConfig to increase compatibility with the existing API.
+		//
+		// TODO(thaJeztah): accept empty values but return an error when failing to decode.
 		authConfig, _ := registry.DecodeAuthConfig(r.Header.Get(registry.AuthHeader))
 		progressErr = ir.backend.PullImage(ctx, ref, platform, metaHeaders, authConfig, output)
 	} else { // import
@@ -167,16 +169,11 @@ func (ir *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter
 
 	var authConfig *registry.AuthConfig
 	if authEncoded := r.Header.Get(registry.AuthHeader); authEncoded != "" {
-		// the new format is to handle the authConfig as a header. Ignore invalid
-		// AuthConfig to increase compatibility with the existing API.
+		// Handle the authConfig as a header, but ignore invalid AuthConfig
+		// to increase compatibility with the existing API.
+		//
+		// TODO(thaJeztah): accept empty values but return an error when failing to decode.
 		authConfig, _ = registry.DecodeAuthConfig(authEncoded)
-	} else {
-		// the old format is supported for compatibility if there was no authConfig header
-		var err error
-		authConfig, err = registry.DecodeAuthConfigBody(r.Body)
-		if err != nil {
-			return errors.Wrap(err, "bad parameters and missing X-Registry-Auth")
-		}
 	}
 
 	output := ioutils.NewWriteFlusher(w)