kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/registry/auth.go

300 lines
8.7 KiB
Go
Raw Normal View History

Merge auth package within registry Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-10 20:16:58 -04:00
package registry
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
import (
"encoding/base64"
"encoding/json"
Update tests with new cookies for registry
2013-05-28 20:35:10 -04:00
"errors"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
"fmt"
"io/ioutil"
"net/http"
"os"
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
"path"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
"strings"
Add redirect and env proxy support to docker login Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-06-02 20:46:06 -04:00
update go import path and libcontainer Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-24 18:19:50 -04:00
"github.com/docker/docker/utils"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
)
Use direct registry url Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2014-10-08 17:03:39 -04:00
const (
// Where we store the config file
CONFIGFILE = ".dockercfg"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
Use direct registry url Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2014-10-08 17:03:39 -04:00
// Only used for user auth + account creation
INDEXSERVER = "https://index.docker.io/v1/"
REGISTRYSERVER = "https://registry-1.docker.io/v1/"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
Use direct registry url Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2014-10-08 17:03:39 -04:00
// INDEXSERVER = "https://registry-stage.hub.docker.com/v1/"
)
Update tests with new cookies for registry
2013-05-28 20:35:10 -04:00
var (
drop/omit
2013-06-04 09:51:12 -04:00
ErrConfigFileMissing = errors.New("The Auth config file is missing")
Update tests with new cookies for registry
2013-05-28 20:35:10 -04:00
)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
type AuthConfig struct {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
Auth string `json:"auth"`
Email string `json:"email"`
ServerAddress string `json:"serveraddress,omitempty"`
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
type ConfigFile struct {
Configs map[string]AuthConfig `json:"configs,omitempty"`
rootPath string
Fix the rootPath for auth
2013-03-22 08:52:13 -04:00
}
Find docker index URL in ENV before using default value. Unit tests for docker pull
2013-05-08 13:21:21 -04:00
func IndexServerAddress() string {
linted names
2013-06-04 14:00:22 -04:00
return INDEXSERVER
Find docker index URL in ENV before using default value. Unit tests for docker pull
2013-05-08 13:21:21 -04:00
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
// create a base64 encoded auth string to store in config
move auth to the client WIP
2013-05-30 11:39:43 -04:00
func encodeAuth(authConfig *AuthConfig) string {
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
authStr := authConfig.Username + ":" + authConfig.Password
msg := []byte(authStr)
encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
base64.StdEncoding.Encode(encoded, msg)
return string(encoded)
}
// decode the auth string
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
func decodeAuth(authStr string) (string, string, error) {
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
decLen := base64.StdEncoding.DecodedLen(len(authStr))
decoded := make([]byte, decLen)
authByte := []byte(authStr)
n, err := base64.StdEncoding.Decode(decoded, authByte)
if err != nil {
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return "", "", err
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
if n > decLen {
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return "", "", fmt.Errorf("Something went wrong decoding auth config")
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
Split auth on first colon
2013-11-29 18:14:36 -05:00
arr := strings.SplitN(string(decoded), ":", 2)
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
if len(arr) != 2 {
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return "", "", fmt.Errorf("Invalid auth configuration file")
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
password := strings.Trim(arr[1], "\x00")
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return arr[0], password, nil
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
// load up the auth config information and return values
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
// FIXME: use the internal golang config parser
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
func LoadConfig(rootPath string) (*ConfigFile, error) {
configFile := ConfigFile{Configs: make(map[string]AuthConfig), rootPath: rootPath}
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
confFile := path.Join(rootPath, CONFIGFILE)
if _, err := os.Stat(confFile); err != nil {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, nil //missing file is not an error
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
}
b, err := ioutil.ReadFile(confFile)
if err != nil {
prevent crash when .dockercfg not readable
2013-08-14 06:26:18 -04:00
return &configFile, err
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
if err := json.Unmarshal(b, &configFile.Configs); err != nil {
arr := strings.Split(string(b), "\n")
if len(arr) < 2 {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, fmt.Errorf("The Auth config file is empty")
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
authConfig := AuthConfig{}
origAuth := strings.Split(arr[0], " = ")
fix panic with wrong dockercfg file
2013-09-30 07:07:32 -04:00
if len(origAuth) != 2 {
return &configFile, fmt.Errorf("Invalid Auth config file")
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
if err != nil {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, err
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
origEmail := strings.Split(arr[1], " = ")
fix panic with wrong dockercfg file
2013-09-30 07:07:32 -04:00
if len(origEmail) != 2 {
return &configFile, fmt.Errorf("Invalid Auth config file")
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
authConfig.Email = origEmail[1]
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authConfig.ServerAddress = IndexServerAddress()
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
configFile.Configs[IndexServerAddress()] = authConfig
} else {
for k, authConfig := range configFile.Configs {
authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
if err != nil {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, err
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
fix tests
2013-07-24 08:28:22 -04:00
authConfig.Auth = ""
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
configFile.Configs[k] = authConfig
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authConfig.ServerAddress = k
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return &configFile, nil
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
// save the auth config
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
func SaveConfig(configFile *ConfigFile) error {
confFile := path.Join(configFile.rootPath, CONFIGFILE)
if len(configFile.Configs) == 0 {
Handled wrong user credentials by re-init the auth file (it was impossible to login after having wrong crendentials)
2013-05-01 19:36:01 -04:00
os.Remove(confFile)
return nil
}
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
configs := make(map[string]AuthConfig, len(configFile.Configs))
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
for k, authConfig := range configFile.Configs {
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
authCopy := authConfig
authCopy.Auth = encodeAuth(&authCopy)
authCopy.Username = ""
authCopy.Password = ""
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authCopy.ServerAddress = ""
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
configs[k] = authCopy
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
b, err := json.Marshal(configs)
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
if err != nil {
return err
}
err = ioutil.WriteFile(confFile, b, 0600)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
if err != nil {
return err
}
return nil
}
// try to register/login to the registry server
auth with user agent
2013-08-02 03:30:45 -04:00
func Login(authConfig *AuthConfig, factory *utils.HTTPRequestFactory) (string, error) {
Do not ping registry from the cli Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-05 19:49:43 -05:00
var (
Add redirect and env proxy support to docker login Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-06-02 20:46:06 -04:00
status string
reqBody []byte
err error
client = &http.Client{
Transport: &http.Transport{
DisableKeepAlives: true,
Proxy: http.ProxyFromEnvironment,
},
CheckRedirect: AddRequiredHeadersToRedirectedRequests,
}
Do not ping registry from the cli Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-02-05 19:49:43 -05:00
reqStatusCode = 0
serverAddress = authConfig.ServerAddress
)
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
if serverAddress == "" {
serverAddress = IndexServerAddress()
}
loginAgainstOfficialIndex := serverAddress == IndexServerAddress()
small batch of edits/corrections to comments
2013-12-24 19:37:00 -05:00
// to avoid sending the server address to the server it should be removed before being marshalled
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authCopy := *authConfig
authCopy.ServerAddress = ""
jsonBody, err := json.Marshal(authCopy)
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
if err != nil {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Config Error: %s", err)
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
}
Fix for #307
2013-04-02 06:00:21 -04:00
// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
b := strings.NewReader(string(jsonBody))
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
req1, err := http.Post(serverAddress+"users/", "application/json; charset=utf-8", b)
cleaned up the code a little
2013-03-14 21:43:02 -04:00
if err != nil {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Server Error: %s", err)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
cleaned up the code a little
2013-03-14 21:43:02 -04:00
reqStatusCode = req1.StatusCode
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
defer req1.Body.Close()
reqBody, err = ioutil.ReadAll(req1.Body)
if err != nil {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Server Error: [%#v] %s", reqStatusCode, err)
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
}
cleaned up the code a little
2013-03-14 21:43:02 -04:00
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
if reqStatusCode == 201 {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
if loginAgainstOfficialIndex {
status = "Account created. Please use the confirmation link we sent" +
" to your e-mail to activate it."
} else {
status = "Account created. Please see the documentation of the registry " + serverAddress + " for instructions how to activate it."
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
} else if reqStatusCode == 400 {
Fixed typo in 'username or email already exists'
2013-05-01 12:06:17 -04:00
if string(reqBody) == "\"Username or email already exists\"" {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
req, err := factory.NewRequest("GET", serverAddress+"users/", nil)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
req.SetBasicAuth(authConfig.Username, authConfig.Password)
resp, err := client.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
if resp.StatusCode == 200 {
update docs, remove config file on 401
2013-06-14 09:38:51 -04:00
status = "Login Succeeded"
Handled wrong user credentials by re-init the auth file (it was impossible to login after having wrong crendentials)
2013-05-01 19:36:01 -04:00
} else if resp.StatusCode == 401 {
return "", fmt.Errorf("Wrong login/password, please try again")
Adjusted handling of inactive user login The return status for inactive users was being checked too early in the process, so I moved it from just after the handling of POST /v1/users/ to after getting the response from GET /v1/users/
2013-12-05 18:10:44 -05:00
} else if resp.StatusCode == 403 {
if loginAgainstOfficialIndex {
return "", fmt.Errorf("Login: Account is not Active. Please check your e-mail for a confirmation link.")
}
return "", fmt.Errorf("Login: Account is not Active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
registry: lint Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-06 15:34:39 -04:00
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body, resp.StatusCode, resp.Header)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
registry: lint Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-06 15:34:39 -04:00
return "", fmt.Errorf("Registration: %s", reqBody)
Handle 401 response in auth.Login() for authed private registries
2013-11-07 13:36:02 -05:00
} else if reqStatusCode == 401 {
// This case would happen with private registries where /v1/users is
// protected, so people can use `docker login` as an auth check.
req, err := factory.NewRequest("GET", serverAddress+"users/", nil)
req.SetBasicAuth(authConfig.Username, authConfig.Password)
resp, err := client.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
Adjusted handling of inactive user login The return status for inactive users was being checked too early in the process, so I moved it from just after the handling of POST /v1/users/ to after getting the response from GET /v1/users/
2013-12-05 18:10:44 -05:00
}
Handle 401 response in auth.Login() for authed private registries
2013-11-07 13:36:02 -05:00
if resp.StatusCode == 200 {
status = "Login Succeeded"
} else if resp.StatusCode == 401 {
return "", fmt.Errorf("Wrong login/password, please try again")
} else {
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
resp.StatusCode, resp.Header)
}
cleaned up the code a little
2013-03-14 21:43:02 -04:00
} else {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
return status, nil
}
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
// this method matches a auth configuration to a server address or a url
Fix registry auth by storing the string passed on the command line, and allowing for credential selection by normalizing on hostname. Also, remove remote ping calls from CmdPush and CmdPull. Docker-DCO-1.1-Signed-off-by: Jake Moshenko <jake@devtable.com> (github: jakedt)
2014-02-20 17:57:58 -05:00
func (config *ConfigFile) ResolveAuthConfig(hostname string) AuthConfig {
if hostname == IndexServerAddress() || len(hostname) == 0 {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
// default to the index server
return config.Configs[IndexServerAddress()]
}
Fix registry auth by storing the string passed on the command line, and allowing for credential selection by normalizing on hostname. Also, remove remote ping calls from CmdPush and CmdPull. Docker-DCO-1.1-Signed-off-by: Jake Moshenko <jake@devtable.com> (github: jakedt)
2014-02-20 17:57:58 -05:00
// First try the happy case
if c, found := config.Configs[hostname]; found {
return c
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
}
Fix registry auth by storing the string passed on the command line, and allowing for credential selection by normalizing on hostname. Also, remove remote ping calls from CmdPush and CmdPull. Docker-DCO-1.1-Signed-off-by: Jake Moshenko <jake@devtable.com> (github: jakedt)
2014-02-20 17:57:58 -05:00
convertToHostname := func(url string) string {
stripped := url
if strings.HasPrefix(url, "http://") {
stripped = strings.Replace(url, "http://", "", 1)
} else if strings.HasPrefix(url, "https://") {
stripped = strings.Replace(url, "https://", "", 1)
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
}
Fix registry auth by storing the string passed on the command line, and allowing for credential selection by normalizing on hostname. Also, remove remote ping calls from CmdPush and CmdPull. Docker-DCO-1.1-Signed-off-by: Jake Moshenko <jake@devtable.com> (github: jakedt)
2014-02-20 17:57:58 -05:00
nameParts := strings.SplitN(stripped, "/", 2)
return nameParts[0]
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
}
Fix registry auth by storing the string passed on the command line, and allowing for credential selection by normalizing on hostname. Also, remove remote ping calls from CmdPush and CmdPull. Docker-DCO-1.1-Signed-off-by: Jake Moshenko <jake@devtable.com> (github: jakedt)
2014-02-20 17:57:58 -05:00
// Maybe they have a legacy config file, we will iterate the keys converting
// them to the new format and testing
normalizedHostename := convertToHostname(hostname)
for registry, config := range config.Configs {
if registryHostname := convertToHostname(registry); registryHostname == normalizedHostename {
return config
}
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
}
Fix registry auth by storing the string passed on the command line, and allowing for credential selection by normalizing on hostname. Also, remove remote ping calls from CmdPush and CmdPull. Docker-DCO-1.1-Signed-off-by: Jake Moshenko <jake@devtable.com> (github: jakedt)
2014-02-20 17:57:58 -05:00
// When all else fails, return an empty auth config
return AuthConfig{}
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
}
Copy permalink