From 8bba8422d7abc23addc270b2f4fc0acf94bc0afc Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Tue, 23 May 2023 13:52:50 +0200
Subject: [PATCH] blueprints: support custom ports for OCI blueprints (#5727)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/blueprints/tests/test_oci.py | 23 +++++++++++++++++++++++
 authentik/blueprints/v1/oci.py         |  9 +++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/authentik/blueprints/tests/test_oci.py b/authentik/blueprints/tests/test_oci.py
index dd54e2602..963e3797f 100644
--- a/authentik/blueprints/tests/test_oci.py
+++ b/authentik/blueprints/tests/test_oci.py
@@ -32,6 +32,29 @@ class TestBlueprintOCI(TransactionTestCase):
                 "foo",
             )
 
+    def test_successful_port(self):
+        """Successful retrieval with custom port"""
+        with Mocker() as mocker:
+            mocker.get(
+                "https://ghcr.io:1234/v2/goauthentik/blueprints/test/manifests/latest",
+                json={
+                    "layers": [
+                        {
+                            "mediaType": OCI_MEDIA_TYPE,
+                            "digest": "foo",
+                        }
+                    ]
+                },
+            )
+            mocker.get("https://ghcr.io:1234/v2/goauthentik/blueprints/test/blobs/foo", text="foo")
+
+            self.assertEqual(
+                BlueprintInstance(
+                    path="oci://ghcr.io:1234/goauthentik/blueprints/test:latest"
+                ).retrieve(),
+                "foo",
+            )
+
     def test_manifests_error(self):
         """Test manifests request erroring"""
         with Mocker() as mocker:
diff --git a/authentik/blueprints/v1/oci.py b/authentik/blueprints/v1/oci.py
index b05d3c52f..bda7bcf73 100644
--- a/authentik/blueprints/v1/oci.py
+++ b/authentik/blueprints/v1/oci.py
@@ -39,11 +39,16 @@ class BlueprintOCIClient:
         self.logger = get_logger().bind(url=self.sanitized_url)
 
         self.ref = "latest"
+        # Remove the leading slash of the path to convert it to an image name
         path = self.url.path[1:]
-        if ":" in self.url.path:
+        if ":" in path:
+            # if there's a colon in the path, use everything after it as a ref
             path, _, self.ref = path.partition(":")
+        base_url = f"https://{self.url.hostname}"
+        if self.url.port:
+            base_url += f":{self.url.port}"
         self.client = NewClient(
-            f"https://{self.url.hostname}",
+            base_url,
             WithUserAgent(authentik_user_agent()),
             WithUsernamePassword(self.url.username, self.url.password),
             WithDefaultName(path),