fcrozat/distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove email address field from login

Browse Source 
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
This commit is contained in:
Ken Cochrane 2016-02-29 17:51:36 -08:00 committed by Derek McGowan
parent 9a2cef38e3
commit e123ca925e
3 changed files with 29 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
docs/auth.go
View File

@ -1,7 +1,6 @@
package registry package registry
import ( import (
"encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
@ -24,11 +23,8 @@ func Login(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, er
// loginV1 tries to register/login to the v1 registry server. // loginV1 tries to register/login to the v1 registry server.
func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) { func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {
var ( var (
status string err error
respBody []byte serverAddress = authConfig.ServerAddress
err error
respStatusCode = 0
serverAddress = authConfig.ServerAddress
) )
logrus.Debugf("attempting v1 login to registry endpoint %s", registryEndpoint) logrus.Debugf("attempting v1 login to registry endpoint %s", registryEndpoint)
@ -39,93 +35,37 @@ func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string,
loginAgainstOfficialIndex := serverAddress == IndexServer loginAgainstOfficialIndex := serverAddress == IndexServer
// to avoid sending the server address to the server it should be removed before being marshaled req, err := http.NewRequest("GET", serverAddress+"users/", nil)
authCopy := *authConfig req.SetBasicAuth(authConfig.Username, authConfig.Password)
authCopy.ServerAddress = "" resp, err := registryEndpoint.client.Do(req)
jsonBody, err := json.Marshal(authCopy)
if err != nil { if err != nil {
return "", fmt.Errorf("Config Error: %s", err) return "", err
} }
defer resp.Body.Close()
// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status. body, err := ioutil.ReadAll(resp.Body)
b := strings.NewReader(string(jsonBody))
resp1, err := registryEndpoint.client.Post(serverAddress+"users/", "application/json; charset=utf-8", b)
if err != nil { if err != nil {
return "", fmt.Errorf("Server Error: %s", err) return "", err
} }
defer resp1.Body.Close() if resp.StatusCode == http.StatusOK {
respStatusCode = resp1.StatusCode return "Login Succeeded", nil
respBody, err = ioutil.ReadAll(resp1.Body) } else if resp.StatusCode == http.StatusUnauthorized {
if err != nil {
return "", fmt.Errorf("Server Error: [%#v] %s", respStatusCode, err)
}
if respStatusCode == 201 {
if loginAgainstOfficialIndex { if loginAgainstOfficialIndex {
status = "Account created. Please use the confirmation link we sent" + return "", fmt.Errorf("Wrong login/password, please try again. Haven't got a Docker ID? Create one at https://hub.docker.com")
" to your e-mail to activate it."
} else {
// *TODO: Use registry configuration to determine what this says, if anything?
status = "Account created. Please see the documentation of the registry " + serverAddress + " for instructions how to activate it."
} }
} else if respStatusCode == 400 { return "", fmt.Errorf("Wrong login/password, please try again")
if string(respBody) == "\"Username or email already exists\"" { } else if resp.StatusCode == http.StatusForbidden {
req, err := http.NewRequest("GET", serverAddress+"users/", nil) if loginAgainstOfficialIndex {
req.SetBasicAuth(authConfig.Username, authConfig.Password) return "", fmt.Errorf("Login: Account is not active. Please check your e-mail for a confirmation link.")
resp, err := registryEndpoint.client.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
if resp.StatusCode == 200 {
return "Login Succeeded", nil
} else if resp.StatusCode == 401 {
return "", fmt.Errorf("Wrong login/password, please try again")
} else if resp.StatusCode == 403 {
if loginAgainstOfficialIndex {
return "", fmt.Errorf("Login: Account is not Active. Please check your e-mail for a confirmation link.")
}
// *TODO: Use registry configuration to determine what this says, if anything?
return "", fmt.Errorf("Login: Account is not Active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
} else if resp.StatusCode == 500 { // Issue #14326
logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
return "", fmt.Errorf("Internal Server Error")
}
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body, resp.StatusCode, resp.Header)
}
return "", fmt.Errorf("Registration: %s", respBody)
} else if respStatusCode == 401 {
// This case would happen with private registries where /v1/users is
// protected, so people can use `docker login` as an auth check.
req, err := http.NewRequest("GET", serverAddress+"users/", nil)
req.SetBasicAuth(authConfig.Username, authConfig.Password)
resp, err := registryEndpoint.client.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
if resp.StatusCode == 200 {
return "Login Succeeded", nil
} else if resp.StatusCode == 401 {
return "", fmt.Errorf("Wrong login/password, please try again")
} else {
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
resp.StatusCode, resp.Header)
} }
// *TODO: Use registry configuration to determine what this says, if anything?
return "", fmt.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
} else if resp.StatusCode == http.StatusInternalServerError { // Issue #14326
logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
return "", fmt.Errorf("Internal Server Error")
} else { } else {
return "", fmt.Errorf("Unexpected status code [%d] : %s", respStatusCode, respBody) return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
resp.StatusCode, resp.Header)
} }
return status, nil
} }
// loginV2 tries to login to the v2 registry server. The given registry endpoint has been // loginV2 tries to login to the v2 registry server. The given registry endpoint has been

17
docs/auth_test.go
View File

@ -14,7 +14,6 @@ func buildAuthConfigs() map[string]types.AuthConfig {
authConfigs[registry] = types.AuthConfig{ authConfigs[registry] = types.AuthConfig{
Username: "docker-user", Username: "docker-user",
Password: "docker-pass", Password: "docker-pass",
Email: "docker@docker.io",
} }
} }
@ -30,9 +29,6 @@ func TestSameAuthDataPostSave(t *testing.T) {
if authConfig.Password != "docker-pass" { if authConfig.Password != "docker-pass" {
t.Fail() t.Fail()
} }
if authConfig.Email != "docker@docker.io" {
t.Fail()
}
if authConfig.Auth != "" { if authConfig.Auth != "" {
t.Fail() t.Fail()
} }
@ -62,17 +58,14 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
registryAuth := types.AuthConfig{ registryAuth := types.AuthConfig{
Username: "foo-user", Username: "foo-user",
Password: "foo-pass", Password: "foo-pass",
Email: "foo@example.com",
} }
localAuth := types.AuthConfig{ localAuth := types.AuthConfig{
Username: "bar-user", Username: "bar-user",
Password: "bar-pass", Password: "bar-pass",
Email: "bar@example.com",
} }
officialAuth := types.AuthConfig{ officialAuth := types.AuthConfig{
Username: "baz-user", Username: "baz-user",
Password: "baz-pass", Password: "baz-pass",
Email: "baz@example.com",
} }
authConfigs[IndexServer] = officialAuth authConfigs[IndexServer] = officialAuth
@ -105,7 +98,7 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
for configKey, registries := range validRegistries { for configKey, registries := range validRegistries {
configured, ok := expectedAuths[configKey] configured, ok := expectedAuths[configKey]
if !ok || configured.Email == "" { if !ok {
t.Fail() t.Fail()
} }
index := &registrytypes.IndexInfo{ index := &registrytypes.IndexInfo{
@ -114,13 +107,13 @@ func TestResolveAuthConfigFullURL(t *testing.T) {
for _, registry := range registries { for _, registry := range registries {
authConfigs[registry] = configured authConfigs[registry] = configured
resolved := ResolveAuthConfig(authConfigs, index) resolved := ResolveAuthConfig(authConfigs, index)
if resolved.Email != configured.Email { if resolved.Username != configured.Username || resolved.Password != configured.Password {
t.Errorf("%s -> %q != %q\n", registry, resolved.Email, configured.Email) t.Errorf("%s -> %v != %v\n", registry, resolved, configured)
} }
delete(authConfigs, registry) delete(authConfigs, registry)
resolved = ResolveAuthConfig(authConfigs, index) resolved = ResolveAuthConfig(authConfigs, index)
if resolved.Email == configured.Email { if resolved.Username == configured.Username || resolved.Password == configured.Password {
t.Errorf("%s -> %q == %q\n", registry, resolved.Email, configured.Email) t.Errorf("%s -> %v == %v\n", registry, resolved, configured)
} }
} }
} }

1
docs/session.go
View File

@ -752,7 +752,6 @@ func (r *Session) GetAuthConfig(withPasswd bool) *types.AuthConfig {
return &types.AuthConfig{ return &types.AuthConfig{
Username: r.authConfig.Username, Username: r.authConfig.Username,
Password: password, Password: password,
Email: r.authConfig.Email,
} }
} }