Merge pull request #1835 from dhiltgen/refined_login_warning

Refine warning for storing registry passwords
2019-04-16 10:36:24 +02:00 · 2019-04-16 10:36:24 +02:00 · 49bd6b729d
parent f02d94afbb 5b3f171482
commit 49bd6b729d
2 changed files with 23 additions and 1 deletions
--- a/cli/command/registry/login.go
+++ b/cli/command/registry/login.go
@ -143,7 +143,8 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
 	creds := dockerCli.ConfigFile().GetCredentialsStore(serverAddress)

 	store, isDefault := creds.(isFileStore)
-	if isDefault {
+	// Display a warning if we're storing the users password (not a token)
+	if isDefault && authConfig.Password != "" {
 		err = displayUnencryptedWarning(dockerCli, store.GetFilename())
 		if err != nil {
 			return err
--- a/cli/command/registry/login_test.go
+++ b/cli/command/registry/login_test.go
@ -24,6 +24,7 @@ var testAuthErrors = map[string]error{
 }

 var expiredPassword = "I_M_EXPIRED"
+var useToken = "I_M_TOKEN"

 type fakeClient struct {
 	client.Client
@ -37,6 +38,11 @@ func (c fakeClient) RegistryLogin(ctx context.Context, auth types.AuthConfig) (r
 	if auth.Password == expiredPassword {
 		return registrytypes.AuthenticateOKBody{}, fmt.Errorf("Invalid Username or Password")
 	}
+	if auth.Password == useToken {
+		return registrytypes.AuthenticateOKBody{
+			IdentityToken: auth.Password,
+		}, nil
+	}
 	err := testAuthErrors[auth.Username]
 	return registrytypes.AuthenticateOKBody{}, err
 }
@ -90,6 +96,11 @@ func TestRunLogin(t *testing.T) {
 		Username:      validUsername,
 		Password:      expiredPassword,
 	}
+	validIdentityToken := configtypes.AuthConfig{
+		ServerAddress: storedServerAddress,
+		Username:      validUsername,
+		IdentityToken: useToken,
+	}
 	testCases := []struct {
 		inputLoginOption  loginOptions
 		inputStoredCred   *configtypes.AuthConfig
@ -134,6 +145,16 @@ func TestRunLogin(t *testing.T) {
 			inputStoredCred: &validAuthConfig,
 			expectedErr:     testAuthErrMsg,
 		},
+		{
+			inputLoginOption: loginOptions{
+				serverAddress: storedServerAddress,
+				user:          validUsername,
+				password:      useToken,
+			},
+			inputStoredCred:   &validIdentityToken,
+			expectedErr:       "",
+			expectedSavedCred: validIdentityToken,
+		},
 	}
 	for i, tc := range testCases {
 		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {