Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server. Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
This commit is contained in:
parent
9a2cef38e3
commit
e123ca925e
80
docs/auth.go
80
docs/auth.go
@ -1,7 +1,6 @@
|
|||||||
package registry
|
package registry
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -24,10 +23,7 @@ func Login(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, er
|
|||||||
// loginV1 tries to register/login to the v1 registry server.
|
// loginV1 tries to register/login to the v1 registry server.
|
||||||
func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {
|
func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {
|
||||||
var (
|
var (
|
||||||
status string
|
|
||||||
respBody []byte
|
|
||||||
err error
|
err error
|
||||||
respStatusCode = 0
|
|
||||||
serverAddress = authConfig.ServerAddress
|
serverAddress = authConfig.ServerAddress
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -39,38 +35,6 @@ func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string,
|
|||||||
|
|
||||||
loginAgainstOfficialIndex := serverAddress == IndexServer
|
loginAgainstOfficialIndex := serverAddress == IndexServer
|
||||||
|
|
||||||
// to avoid sending the server address to the server it should be removed before being marshaled
|
|
||||||
authCopy := *authConfig
|
|
||||||
authCopy.ServerAddress = ""
|
|
||||||
|
|
||||||
jsonBody, err := json.Marshal(authCopy)
|
|
||||||
if err != nil {
|
|
||||||
return "", fmt.Errorf("Config Error: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
|
|
||||||
b := strings.NewReader(string(jsonBody))
|
|
||||||
resp1, err := registryEndpoint.client.Post(serverAddress+"users/", "application/json; charset=utf-8", b)
|
|
||||||
if err != nil {
|
|
||||||
return "", fmt.Errorf("Server Error: %s", err)
|
|
||||||
}
|
|
||||||
defer resp1.Body.Close()
|
|
||||||
respStatusCode = resp1.StatusCode
|
|
||||||
respBody, err = ioutil.ReadAll(resp1.Body)
|
|
||||||
if err != nil {
|
|
||||||
return "", fmt.Errorf("Server Error: [%#v] %s", respStatusCode, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if respStatusCode == 201 {
|
|
||||||
if loginAgainstOfficialIndex {
|
|
||||||
status = "Account created. Please use the confirmation link we sent" +
|
|
||||||
" to your e-mail to activate it."
|
|
||||||
} else {
|
|
||||||
// *TODO: Use registry configuration to determine what this says, if anything?
|
|
||||||
status = "Account created. Please see the documentation of the registry " + serverAddress + " for instructions how to activate it."
|
|
||||||
}
|
|
||||||
} else if respStatusCode == 400 {
|
|
||||||
if string(respBody) == "\"Username or email already exists\"" {
|
|
||||||
req, err := http.NewRequest("GET", serverAddress+"users/", nil)
|
req, err := http.NewRequest("GET", serverAddress+"users/", nil)
|
||||||
req.SetBasicAuth(authConfig.Username, authConfig.Password)
|
req.SetBasicAuth(authConfig.Username, authConfig.Password)
|
||||||
resp, err := registryEndpoint.client.Do(req)
|
resp, err := registryEndpoint.client.Do(req)
|
||||||
@ -82,50 +46,26 @@ func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string,
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
if resp.StatusCode == 200 {
|
if resp.StatusCode == http.StatusOK {
|
||||||
return "Login Succeeded", nil
|
return "Login Succeeded", nil
|
||||||
} else if resp.StatusCode == 401 {
|
} else if resp.StatusCode == http.StatusUnauthorized {
|
||||||
return "", fmt.Errorf("Wrong login/password, please try again")
|
|
||||||
} else if resp.StatusCode == 403 {
|
|
||||||
if loginAgainstOfficialIndex {
|
if loginAgainstOfficialIndex {
|
||||||
return "", fmt.Errorf("Login: Account is not Active. Please check your e-mail for a confirmation link.")
|
return "", fmt.Errorf("Wrong login/password, please try again. Haven't got a Docker ID? Create one at https://hub.docker.com")
|
||||||
|
}
|
||||||
|
return "", fmt.Errorf("Wrong login/password, please try again")
|
||||||
|
} else if resp.StatusCode == http.StatusForbidden {
|
||||||
|
if loginAgainstOfficialIndex {
|
||||||
|
return "", fmt.Errorf("Login: Account is not active. Please check your e-mail for a confirmation link.")
|
||||||
}
|
}
|
||||||
// *TODO: Use registry configuration to determine what this says, if anything?
|
// *TODO: Use registry configuration to determine what this says, if anything?
|
||||||
return "", fmt.Errorf("Login: Account is not Active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
|
return "", fmt.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
|
||||||
} else if resp.StatusCode == 500 { // Issue #14326
|
} else if resp.StatusCode == http.StatusInternalServerError { // Issue #14326
|
||||||
logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
|
logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
|
||||||
return "", fmt.Errorf("Internal Server Error")
|
return "", fmt.Errorf("Internal Server Error")
|
||||||
}
|
|
||||||
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body, resp.StatusCode, resp.Header)
|
|
||||||
}
|
|
||||||
return "", fmt.Errorf("Registration: %s", respBody)
|
|
||||||
|
|
||||||
} else if respStatusCode == 401 {
|
|
||||||
// This case would happen with private registries where /v1/users is
|
|
||||||
// protected, so people can use `docker login` as an auth check.
|
|
||||||
req, err := http.NewRequest("GET", serverAddress+"users/", nil)
|
|
||||||
req.SetBasicAuth(authConfig.Username, authConfig.Password)
|
|
||||||
resp, err := registryEndpoint.client.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
defer resp.Body.Close()
|
|
||||||
body, err := ioutil.ReadAll(resp.Body)
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
if resp.StatusCode == 200 {
|
|
||||||
return "Login Succeeded", nil
|
|
||||||
} else if resp.StatusCode == 401 {
|
|
||||||
return "", fmt.Errorf("Wrong login/password, please try again")
|
|
||||||
} else {
|
} else {
|
||||||
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
|
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
|
||||||
resp.StatusCode, resp.Header)
|
resp.StatusCode, resp.Header)
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
return "", fmt.Errorf("Unexpected status code [%d] : %s", respStatusCode, respBody)
|
|
||||||
}
|
|
||||||
return status, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// loginV2 tries to login to the v2 registry server. The given registry endpoint has been
|
// loginV2 tries to login to the v2 registry server. The given registry endpoint has been
|
||||||
|
@ -14,7 +14,6 @@ func buildAuthConfigs() map[string]types.AuthConfig {
|
|||||||
authConfigs[registry] = types.AuthConfig{
|
authConfigs[registry] = types.AuthConfig{
|
||||||
Username: "docker-user",
|
Username: "docker-user",
|
||||||
Password: "docker-pass",
|
Password: "docker-pass",
|
||||||
Email: "docker@docker.io",
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -30,9 +29,6 @@ func TestSameAuthDataPostSave(t *testing.T) {
|
|||||||
if authConfig.Password != "docker-pass" {
|
if authConfig.Password != "docker-pass" {
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
if authConfig.Email != "docker@docker.io" {
|
|
||||||
t.Fail()
|
|
||||||
}
|
|
||||||
if authConfig.Auth != "" {
|
if authConfig.Auth != "" {
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
@ -62,17 +58,14 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
|
|||||||
registryAuth := types.AuthConfig{
|
registryAuth := types.AuthConfig{
|
||||||
Username: "foo-user",
|
Username: "foo-user",
|
||||||
Password: "foo-pass",
|
Password: "foo-pass",
|
||||||
Email: "foo@example.com",
|
|
||||||
}
|
}
|
||||||
localAuth := types.AuthConfig{
|
localAuth := types.AuthConfig{
|
||||||
Username: "bar-user",
|
Username: "bar-user",
|
||||||
Password: "bar-pass",
|
Password: "bar-pass",
|
||||||
Email: "bar@example.com",
|
|
||||||
}
|
}
|
||||||
officialAuth := types.AuthConfig{
|
officialAuth := types.AuthConfig{
|
||||||
Username: "baz-user",
|
Username: "baz-user",
|
||||||
Password: "baz-pass",
|
Password: "baz-pass",
|
||||||
Email: "baz@example.com",
|
|
||||||
}
|
}
|
||||||
authConfigs[IndexServer] = officialAuth
|
authConfigs[IndexServer] = officialAuth
|
||||||
|
|
||||||
@ -105,7 +98,7 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
|
|||||||
|
|
||||||
for configKey, registries := range validRegistries {
|
for configKey, registries := range validRegistries {
|
||||||
configured, ok := expectedAuths[configKey]
|
configured, ok := expectedAuths[configKey]
|
||||||
if !ok || configured.Email == "" {
|
if !ok {
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
index := ®istrytypes.IndexInfo{
|
index := ®istrytypes.IndexInfo{
|
||||||
@ -114,13 +107,13 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
|
|||||||
for _, registry := range registries {
|
for _, registry := range registries {
|
||||||
authConfigs[registry] = configured
|
authConfigs[registry] = configured
|
||||||
resolved := ResolveAuthConfig(authConfigs, index)
|
resolved := ResolveAuthConfig(authConfigs, index)
|
||||||
if resolved.Email != configured.Email {
|
if resolved.Username != configured.Username || resolved.Password != configured.Password {
|
||||||
t.Errorf("%s -> %q != %q\n", registry, resolved.Email, configured.Email)
|
t.Errorf("%s -> %v != %v\n", registry, resolved, configured)
|
||||||
}
|
}
|
||||||
delete(authConfigs, registry)
|
delete(authConfigs, registry)
|
||||||
resolved = ResolveAuthConfig(authConfigs, index)
|
resolved = ResolveAuthConfig(authConfigs, index)
|
||||||
if resolved.Email == configured.Email {
|
if resolved.Username == configured.Username || resolved.Password == configured.Password {
|
||||||
t.Errorf("%s -> %q == %q\n", registry, resolved.Email, configured.Email)
|
t.Errorf("%s -> %v == %v\n", registry, resolved, configured)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -752,7 +752,6 @@ func (r *Session) GetAuthConfig(withPasswd bool) *types.AuthConfig {
|
|||||||
return &types.AuthConfig{
|
return &types.AuthConfig{
|
||||||
Username: r.authConfig.Username,
|
Username: r.authConfig.Username,
|
||||||
Password: password,
|
Password: password,
|
||||||
Email: r.authConfig.Email,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user