opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-21 17:38:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman-login: adhere to user input

Browse Source 
* Do not try to login with existing credentials when the user specifies a
  username or password on the CLI.

* Improve error messages.

* Use specified tls-verify switch and cert-dir for all requests.

Fixes: #2092
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
Valentin Rothberg
2019-01-07 11:10:51 +01:00
parent 1e4db4b0b8
commit 2c75cd92aa
1 changed files with 19 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
cmd/podman/login.go
View File

@ -62,12 +62,18 @@ func loginCmd(c *cli.Context) error {
return errors.Errorf("too many arguments, login takes only 1 argument") return errors.Errorf("too many arguments, login takes only 1 argument")
} }
if len(args) == 0 { if len(args) == 0 {
return errors.Errorf("registry must be given") return errors.Errorf("please specify a registry to login to")
} }
server := registryFromFullName(scrubServer(args[0])) server := registryFromFullName(scrubServer(args[0]))
authfile := getAuthFile(c.String("authfile")) authfile := getAuthFile(c.String("authfile"))
sc := common.GetSystemContext("", authfile, false) sc := common.GetSystemContext("", authfile, false)
if c.IsSet("tls-verify") {
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
}
if c.String("cert-dir") != "" {
sc.DockerCertPath = c.String("cert-dir")
}
if c.IsSet("get-login") { if c.IsSet("get-login") {
user, err := config.GetUserLoggedIn(sc, server) user, err := config.GetUserLoggedIn(sc, server)
@ -87,39 +93,25 @@ func loginCmd(c *cli.Context) error {
// username of user logged in to server (if one exists) // username of user logged in to server (if one exists)
userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server) userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server)
if err != nil { if err != nil {
return errors.Wrapf(err, "error getting logged-in user") return errors.Wrapf(err, "error reading auth file")
} }
ctx := getContext() ctx := getContext()
// If no username and no password is specified, try to use existing ones.
var ( if c.String("username") == "" && c.String("password") == "" {
username string
password string
)
if userFromAuthFile != "" {
username = userFromAuthFile
password = passFromAuthFile
fmt.Println("Authenticating with existing credentials...") fmt.Println("Authenticating with existing credentials...")
if err := docker.CheckAuth(ctx, sc, username, password, server); err == nil { if err := docker.CheckAuth(ctx, sc, userFromAuthFile, passFromAuthFile, server); err == nil {
fmt.Println("Existing credentials are valid. Already logged in to", server) fmt.Println("Existing credentials are valid. Already logged in to", server)
return nil return nil
} }
fmt.Println("Existing credentials are invalid, please enter valid username and password") fmt.Println("Existing credentials are invalid, please enter valid username and password")
} }
username, password, err = getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile) username, password, err := getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile)
if err != nil { if err != nil {
return errors.Wrapf(err, "error getting username and password") return errors.Wrapf(err, "error getting username and password")
} }
if c.IsSet("tls-verify") {
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
}
if c.String("cert-dir") != "" {
sc.DockerCertPath = c.String("cert-dir")
}
if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil { if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil {
// Write the new credentials to the authfile // Write the new credentials to the authfile
if err = config.SetAuthentication(sc, server, username, password); err != nil { if err = config.SetAuthentication(sc, server, username, password); err != nil {
@ -131,14 +123,15 @@ func loginCmd(c *cli.Context) error {
fmt.Println("Login Succeeded!") fmt.Println("Login Succeeded!")
return nil return nil
case docker.ErrUnauthorizedForCredentials: case docker.ErrUnauthorizedForCredentials:
return errors.Errorf("error logging into %q: invalid username/password\n", server) return errors.Errorf("error logging into %q: invalid username/password", server)
default: default:
return errors.Wrapf(err, "error authenticating creds for %q", server) return errors.Wrapf(err, "error authenticating creds for %q", server)
} }
} }
// getUserAndPass gets the username and password from STDIN if not given // getUserAndPass gets the username and password from STDIN if not given
// using the -u and -p flags // using the -u and -p flags. If the username prompt is left empty, the
// displayed userFromAuthFile will be used instead.
func getUserAndPass(username, password, userFromAuthFile string) (string, string, error) { func getUserAndPass(username, password, userFromAuthFile string) (string, string, error) {
var err error var err error
reader := bufio.NewReader(os.Stdin) reader := bufio.NewReader(os.Stdin)
@ -152,7 +145,10 @@ func getUserAndPass(username, password, userFromAuthFile string) (string, string
if err != nil { if err != nil {
return "", "", errors.Wrapf(err, "error reading username") return "", "", errors.Wrapf(err, "error reading username")
} }
// If no username provided, use userFromAuthFile instead. // If the user just hit enter, use the displayed user from the
// the authentication file. This allows to do a lazy
// `$ podman login -p $NEW_PASSWORD` without specifying the
// user.
if strings.TrimSpace(username) == "" { if strings.TrimSpace(username) == "" {
username = userFromAuthFile username = userFromAuthFile
} }