2014-03-10 20:16:58 -04:00
package registry
2013-03-14 20:43:59 -04:00
import (
"encoding/base64"
"encoding/json"
2013-05-28 20:35:10 -04:00
"errors"
2013-03-14 20:43:59 -04:00
"fmt"
"io/ioutil"
"net/http"
2014-11-13 09:56:36 -05:00
"net/url"
2013-03-14 20:43:59 -04:00
"os"
2013-03-22 05:19:39 -04:00
"path"
2013-03-14 20:43:59 -04:00
"strings"
2014-06-02 20:46:06 -04:00
2014-07-24 18:19:50 -04:00
"github.com/docker/docker/utils"
2013-03-14 20:43:59 -04:00
)
2014-10-08 17:03:39 -04:00
const (
// Where we store the config file
CONFIGFILE = ".dockercfg"
2013-03-14 20:43:59 -04:00
2014-10-08 17:03:39 -04:00
// Only used for user auth + account creation
INDEXSERVER = "https://index.docker.io/v1/"
REGISTRYSERVER = "https://registry-1.docker.io/v1/"
2013-03-14 20:43:59 -04:00
2014-10-08 17:03:39 -04:00
// INDEXSERVER = "https://registry-stage.hub.docker.com/v1/"
)
2013-05-28 20:35:10 -04:00
var (
2013-06-04 09:51:12 -04:00
ErrConfigFileMissing = errors . New ( "The Auth config file is missing" )
2014-11-13 09:56:36 -05:00
IndexServerURL * url . URL
2013-05-28 20:35:10 -04:00
)
2014-11-13 09:56:36 -05:00
func init ( ) {
url , err := url . Parse ( INDEXSERVER )
if err != nil {
panic ( err )
}
IndexServerURL = url
}
2013-03-14 20:43:59 -04:00
type AuthConfig struct {
2013-09-03 14:45:49 -04:00
Username string ` json:"username,omitempty" `
Password string ` json:"password,omitempty" `
Auth string ` json:"auth" `
Email string ` json:"email" `
ServerAddress string ` json:"serveraddress,omitempty" `
2013-03-14 20:43:59 -04:00
}
2013-07-23 11:04:31 -04:00
type ConfigFile struct {
Configs map [ string ] AuthConfig ` json:"configs,omitempty" `
rootPath string
2013-03-22 08:52:13 -04:00
}
2013-05-08 13:21:21 -04:00
func IndexServerAddress ( ) string {
2013-06-04 14:00:22 -04:00
return INDEXSERVER
2013-05-08 13:21:21 -04:00
}
2013-03-14 20:43:59 -04:00
// create a base64 encoded auth string to store in config
2013-05-30 11:39:43 -04:00
func encodeAuth ( authConfig * AuthConfig ) string {
2013-03-14 20:43:59 -04:00
authStr := authConfig . Username + ":" + authConfig . Password
msg := [ ] byte ( authStr )
encoded := make ( [ ] byte , base64 . StdEncoding . EncodedLen ( len ( msg ) ) )
base64 . StdEncoding . Encode ( encoded , msg )
return string ( encoded )
}
// decode the auth string
2013-07-23 11:04:31 -04:00
func decodeAuth ( authStr string ) ( string , string , error ) {
2013-03-14 20:43:59 -04:00
decLen := base64 . StdEncoding . DecodedLen ( len ( authStr ) )
decoded := make ( [ ] byte , decLen )
authByte := [ ] byte ( authStr )
n , err := base64 . StdEncoding . Decode ( decoded , authByte )
if err != nil {
2013-07-23 11:04:31 -04:00
return "" , "" , err
2013-03-14 20:43:59 -04:00
}
if n > decLen {
2013-07-23 11:04:31 -04:00
return "" , "" , fmt . Errorf ( "Something went wrong decoding auth config" )
2013-03-14 20:43:59 -04:00
}
2013-11-29 18:14:36 -05:00
arr := strings . SplitN ( string ( decoded ) , ":" , 2 )
2013-03-22 05:19:39 -04:00
if len ( arr ) != 2 {
2013-07-23 11:04:31 -04:00
return "" , "" , fmt . Errorf ( "Invalid auth configuration file" )
2013-03-22 05:19:39 -04:00
}
2013-03-14 20:43:59 -04:00
password := strings . Trim ( arr [ 1 ] , "\x00" )
2013-07-23 11:04:31 -04:00
return arr [ 0 ] , password , nil
2013-03-14 20:43:59 -04:00
}
// load up the auth config information and return values
2013-03-22 05:19:39 -04:00
// FIXME: use the internal golang config parser
2013-07-23 11:04:31 -04:00
func LoadConfig ( rootPath string ) ( * ConfigFile , error ) {
configFile := ConfigFile { Configs : make ( map [ string ] AuthConfig ) , rootPath : rootPath }
2013-03-22 05:19:39 -04:00
confFile := path . Join ( rootPath , CONFIGFILE )
if _ , err := os . Stat ( confFile ) ; err != nil {
2013-08-16 10:29:40 -04:00
return & configFile , nil //missing file is not an error
2013-03-22 05:19:39 -04:00
}
b , err := ioutil . ReadFile ( confFile )
if err != nil {
2013-08-14 06:26:18 -04:00
return & configFile , err
2013-03-22 05:19:39 -04:00
}
2013-07-23 11:04:31 -04:00
if err := json . Unmarshal ( b , & configFile . Configs ) ; err != nil {
arr := strings . Split ( string ( b ) , "\n" )
if len ( arr ) < 2 {
2013-08-16 10:29:40 -04:00
return & configFile , fmt . Errorf ( "The Auth config file is empty" )
2013-07-23 11:04:31 -04:00
}
authConfig := AuthConfig { }
origAuth := strings . Split ( arr [ 0 ] , " = " )
2013-09-30 07:07:32 -04:00
if len ( origAuth ) != 2 {
return & configFile , fmt . Errorf ( "Invalid Auth config file" )
}
2013-07-23 11:04:31 -04:00
authConfig . Username , authConfig . Password , err = decodeAuth ( origAuth [ 1 ] )
if err != nil {
2013-08-16 10:29:40 -04:00
return & configFile , err
2013-07-23 11:04:31 -04:00
}
origEmail := strings . Split ( arr [ 1 ] , " = " )
2013-09-30 07:07:32 -04:00
if len ( origEmail ) != 2 {
return & configFile , fmt . Errorf ( "Invalid Auth config file" )
}
2013-07-23 11:04:31 -04:00
authConfig . Email = origEmail [ 1 ]
2013-09-03 14:45:49 -04:00
authConfig . ServerAddress = IndexServerAddress ( )
2013-07-23 11:04:31 -04:00
configFile . Configs [ IndexServerAddress ( ) ] = authConfig
} else {
for k , authConfig := range configFile . Configs {
authConfig . Username , authConfig . Password , err = decodeAuth ( authConfig . Auth )
if err != nil {
2013-08-16 10:29:40 -04:00
return & configFile , err
2013-07-23 11:04:31 -04:00
}
2013-07-24 08:28:22 -04:00
authConfig . Auth = ""
2013-09-03 14:45:49 -04:00
authConfig . ServerAddress = k
2014-11-22 18:21:47 -05:00
configFile . Configs [ k ] = authConfig
2013-07-23 11:04:31 -04:00
}
2013-03-14 20:43:59 -04:00
}
2013-07-23 11:04:31 -04:00
return & configFile , nil
2013-03-14 20:43:59 -04:00
}
// save the auth config
2013-07-23 11:04:31 -04:00
func SaveConfig ( configFile * ConfigFile ) error {
confFile := path . Join ( configFile . rootPath , CONFIGFILE )
if len ( configFile . Configs ) == 0 {
2013-05-01 19:36:01 -04:00
os . Remove ( confFile )
return nil
}
2013-07-24 20:35:52 -04:00
configs := make ( map [ string ] AuthConfig , len ( configFile . Configs ) )
2013-07-23 11:04:31 -04:00
for k , authConfig := range configFile . Configs {
2013-07-24 20:35:52 -04:00
authCopy := authConfig
authCopy . Auth = encodeAuth ( & authCopy )
authCopy . Username = ""
authCopy . Password = ""
2013-09-03 14:45:49 -04:00
authCopy . ServerAddress = ""
2013-07-24 20:35:52 -04:00
configs [ k ] = authCopy
2013-07-23 11:04:31 -04:00
}
2013-07-24 20:35:52 -04:00
b , err := json . Marshal ( configs )
2013-07-23 11:04:31 -04:00
if err != nil {
return err
}
err = ioutil . WriteFile ( confFile , b , 0600 )
2013-03-14 20:43:59 -04:00
if err != nil {
return err
}
return nil
}
// try to register/login to the registry server
2013-08-02 03:30:45 -04:00
func Login ( authConfig * AuthConfig , factory * utils . HTTPRequestFactory ) ( string , error ) {
2014-02-05 19:49:43 -05:00
var (
2014-06-02 20:46:06 -04:00
status string
reqBody [ ] byte
err error
client = & http . Client {
Transport : & http . Transport {
DisableKeepAlives : true ,
Proxy : http . ProxyFromEnvironment ,
} ,
CheckRedirect : AddRequiredHeadersToRedirectedRequests ,
}
2014-02-05 19:49:43 -05:00
reqStatusCode = 0
serverAddress = authConfig . ServerAddress
)
2013-09-03 14:45:49 -04:00
if serverAddress == "" {
serverAddress = IndexServerAddress ( )
}
loginAgainstOfficialIndex := serverAddress == IndexServerAddress ( )
2013-12-24 19:37:00 -05:00
// to avoid sending the server address to the server it should be removed before being marshalled
2013-09-03 14:45:49 -04:00
authCopy := * authConfig
authCopy . ServerAddress = ""
jsonBody , err := json . Marshal ( authCopy )
2013-03-15 17:41:55 -04:00
if err != nil {
2013-04-24 12:11:29 -04:00
return "" , fmt . Errorf ( "Config Error: %s" , err )
2013-03-15 17:41:55 -04:00
}
2013-04-02 06:00:21 -04:00
// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
b := strings . NewReader ( string ( jsonBody ) )
2013-09-03 14:45:49 -04:00
req1 , err := http . Post ( serverAddress + "users/" , "application/json; charset=utf-8" , b )
2013-03-14 21:43:02 -04:00
if err != nil {
2013-04-24 12:11:29 -04:00
return "" , fmt . Errorf ( "Server Error: %s" , err )
2013-03-14 20:43:59 -04:00
}
2013-03-14 21:43:02 -04:00
reqStatusCode = req1 . StatusCode
2013-03-15 17:41:55 -04:00
defer req1 . Body . Close ( )
reqBody , err = ioutil . ReadAll ( req1 . Body )
if err != nil {
2013-04-24 12:11:29 -04:00
return "" , fmt . Errorf ( "Server Error: [%#v] %s" , reqStatusCode , err )
2013-03-15 17:41:55 -04:00
}
2013-03-14 21:43:02 -04:00
2013-03-14 20:43:59 -04:00
if reqStatusCode == 201 {
2013-09-03 14:45:49 -04:00
if loginAgainstOfficialIndex {
status = "Account created. Please use the confirmation link we sent" +
" to your e-mail to activate it."
} else {
status = "Account created. Please see the documentation of the registry " + serverAddress + " for instructions how to activate it."
}
2013-03-14 20:43:59 -04:00
} else if reqStatusCode == 400 {
2013-05-01 12:06:17 -04:00
if string ( reqBody ) == "\"Username or email already exists\"" {
2013-09-03 14:45:49 -04:00
req , err := factory . NewRequest ( "GET" , serverAddress + "users/" , nil )
2013-03-14 20:43:59 -04:00
req . SetBasicAuth ( authConfig . Username , authConfig . Password )
resp , err := client . Do ( req )
if err != nil {
return "" , err
}
defer resp . Body . Close ( )
body , err := ioutil . ReadAll ( resp . Body )
if err != nil {
return "" , err
}
if resp . StatusCode == 200 {
2014-10-28 20:42:03 -04:00
return "Login Succeeded" , nil
2013-05-01 19:36:01 -04:00
} else if resp . StatusCode == 401 {
return "" , fmt . Errorf ( "Wrong login/password, please try again" )
2013-12-05 18:10:44 -05:00
} else if resp . StatusCode == 403 {
if loginAgainstOfficialIndex {
return "" , fmt . Errorf ( "Login: Account is not Active. Please check your e-mail for a confirmation link." )
}
return "" , fmt . Errorf ( "Login: Account is not Active. Please see the documentation of the registry %s for instructions how to activate it." , serverAddress )
2013-03-14 20:43:59 -04:00
}
2014-10-06 15:34:39 -04:00
return "" , fmt . Errorf ( "Login: %s (Code: %d; Headers: %s)" , body , resp . StatusCode , resp . Header )
2013-03-14 20:43:59 -04:00
}
2014-10-06 15:34:39 -04:00
return "" , fmt . Errorf ( "Registration: %s" , reqBody )
2013-11-07 13:36:02 -05:00
} else if reqStatusCode == 401 {
// This case would happen with private registries where /v1/users is
// protected, so people can use `docker login` as an auth check.
req , err := factory . NewRequest ( "GET" , serverAddress + "users/" , nil )
req . SetBasicAuth ( authConfig . Username , authConfig . Password )
resp , err := client . Do ( req )
if err != nil {
return "" , err
}
defer resp . Body . Close ( )
body , err := ioutil . ReadAll ( resp . Body )
if err != nil {
return "" , err
2013-12-05 18:10:44 -05:00
}
2013-11-07 13:36:02 -05:00
if resp . StatusCode == 200 {
2014-10-28 20:42:03 -04:00
return "Login Succeeded" , nil
2013-11-07 13:36:02 -05:00
} else if resp . StatusCode == 401 {
return "" , fmt . Errorf ( "Wrong login/password, please try again" )
} else {
return "" , fmt . Errorf ( "Login: %s (Code: %d; Headers: %s)" , body ,
resp . StatusCode , resp . Header )
}
2013-03-14 21:43:02 -04:00
} else {
2013-04-24 12:11:29 -04:00
return "" , fmt . Errorf ( "Unexpected status code [%d] : %s" , reqStatusCode , reqBody )
2013-03-14 20:43:59 -04:00
}
return status , nil
}
2013-09-03 14:45:49 -04:00
// this method matches a auth configuration to a server address or a url
2014-02-20 17:57:58 -05:00
func ( config * ConfigFile ) ResolveAuthConfig ( hostname string ) AuthConfig {
if hostname == IndexServerAddress ( ) || len ( hostname ) == 0 {
2013-09-03 14:45:49 -04:00
// default to the index server
return config . Configs [ IndexServerAddress ( ) ]
}
2014-02-20 17:57:58 -05:00
// First try the happy case
if c , found := config . Configs [ hostname ] ; found {
return c
2013-09-03 14:45:49 -04:00
}
2014-02-20 17:57:58 -05:00
convertToHostname := func ( url string ) string {
stripped := url
if strings . HasPrefix ( url , "http://" ) {
stripped = strings . Replace ( url , "http://" , "" , 1 )
} else if strings . HasPrefix ( url , "https://" ) {
stripped = strings . Replace ( url , "https://" , "" , 1 )
2013-09-03 14:45:49 -04:00
}
2014-02-20 17:57:58 -05:00
nameParts := strings . SplitN ( stripped , "/" , 2 )
return nameParts [ 0 ]
2013-09-03 14:45:49 -04:00
}
2014-02-20 17:57:58 -05:00
// Maybe they have a legacy config file, we will iterate the keys converting
// them to the new format and testing
normalizedHostename := convertToHostname ( hostname )
for registry , config := range config . Configs {
if registryHostname := convertToHostname ( registry ) ; registryHostname == normalizedHostename {
return config
}
2013-09-03 14:45:49 -04:00
}
2014-02-20 17:57:58 -05:00
// When all else fails, return an empty auth config
return AuthConfig { }
2013-09-03 14:45:49 -04:00
}