podman-login: adhere to user input

* Do not try to login with existing credentials when the user specifies a
  username or password on the CLI.

* Improve error messages.

* Use specified tls-verify switch and cert-dir for all requests.

Fixes: #2092
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
Valentin Rothberg
2019-01-07 11:10:51 +01:00
parent 1e4db4b0b8
commit 2c75cd92aa

View File

@ -62,12 +62,18 @@ func loginCmd(c *cli.Context) error {
return errors.Errorf("too many arguments, login takes only 1 argument")
}
if len(args) == 0 {
return errors.Errorf("registry must be given")
return errors.Errorf("please specify a registry to login to")
}
server := registryFromFullName(scrubServer(args[0]))
authfile := getAuthFile(c.String("authfile"))
sc := common.GetSystemContext("", authfile, false)
if c.IsSet("tls-verify") {
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
}
if c.String("cert-dir") != "" {
sc.DockerCertPath = c.String("cert-dir")
}
if c.IsSet("get-login") {
user, err := config.GetUserLoggedIn(sc, server)
@ -87,39 +93,25 @@ func loginCmd(c *cli.Context) error {
// username of user logged in to server (if one exists)
userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server)
if err != nil {
return errors.Wrapf(err, "error getting logged-in user")
return errors.Wrapf(err, "error reading auth file")
}
ctx := getContext()
var (
username string
password string
)
if userFromAuthFile != "" {
username = userFromAuthFile
password = passFromAuthFile
// If no username and no password is specified, try to use existing ones.
if c.String("username") == "" && c.String("password") == "" {
fmt.Println("Authenticating with existing credentials...")
if err := docker.CheckAuth(ctx, sc, username, password, server); err == nil {
if err := docker.CheckAuth(ctx, sc, userFromAuthFile, passFromAuthFile, server); err == nil {
fmt.Println("Existing credentials are valid. Already logged in to", server)
return nil
}
fmt.Println("Existing credentials are invalid, please enter valid username and password")
}
username, password, err = getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile)
username, password, err := getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile)
if err != nil {
return errors.Wrapf(err, "error getting username and password")
}
if c.IsSet("tls-verify") {
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
}
if c.String("cert-dir") != "" {
sc.DockerCertPath = c.String("cert-dir")
}
if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil {
// Write the new credentials to the authfile
if err = config.SetAuthentication(sc, server, username, password); err != nil {
@ -131,14 +123,15 @@ func loginCmd(c *cli.Context) error {
fmt.Println("Login Succeeded!")
return nil
case docker.ErrUnauthorizedForCredentials:
return errors.Errorf("error logging into %q: invalid username/password\n", server)
return errors.Errorf("error logging into %q: invalid username/password", server)
default:
return errors.Wrapf(err, "error authenticating creds for %q", server)
}
}
// getUserAndPass gets the username and password from STDIN if not given
// using the -u and -p flags
// using the -u and -p flags. If the username prompt is left empty, the
// displayed userFromAuthFile will be used instead.
func getUserAndPass(username, password, userFromAuthFile string) (string, string, error) {
var err error
reader := bufio.NewReader(os.Stdin)
@ -152,7 +145,10 @@ func getUserAndPass(username, password, userFromAuthFile string) (string, string
if err != nil {
return "", "", errors.Wrapf(err, "error reading username")
}
// If no username provided, use userFromAuthFile instead.
// If the user just hit enter, use the displayed user from the
// the authentication file. This allows to do a lazy
// `$ podman login -p $NEW_PASSWORD` without specifying the
// user.
if strings.TrimSpace(username) == "" {
username = userFromAuthFile
}