cli/command/registry/login.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,8 @@ import ( @@
     	"context"
     	"fmt"
     	"io"
+    	"os"
+    	"strconv"
     	"strings"
     	"github.com/docker/cli/cli"
@@ Expand Down Expand Up @@
     	return &response, err
     }
+    const OauthLoginEscapeHatchEnvVar = "DOCKER_CLI_DISABLE_OAUTH_LOGIN"
+    func isOauthLoginDisabled() bool {
+    	if v := os.Getenv(OauthLoginEscapeHatchEnvVar); v != "" {
+    		enabled, err := strconv.ParseBool(v)
+    		if err != nil {
+    			return false
+    		}
+    		return enabled
+    	}
+    	return false
+    }
     func loginUser(ctx context.Context, dockerCli command.Cli, opts loginOptions, defaultUsername, serverAddress string) (*registrytypes.AuthenticateOKBody, error) {
     	// If we're logging into the index server and the user didn't provide a username or password, use the device flow
-    	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" {
+    	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" && !isOauthLoginDisabled() {
     		response, err := loginWithDeviceCodeFlow(ctx, dockerCli)
     		// if the error represents a failure to initiate the device-code flow,
     		// then we fallback to regular cli credentials login
@@ Expand Down @@

cli/command/registry/login_test.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -228,3 +228,47 @@ func TestLoginTermination(t *testing.T) { @@
     		assert.ErrorIs(t, err, command.ErrPromptTerminated)
     	}
     }
+    func TestIsOauthLoginDisabled(t *testing.T) {
+    	testCases := []struct {
+    		envVar   string
+    		disabled bool
+    	}{
+    		{
+    			envVar:   "",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "bork",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "0",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "false",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "true",
+    			disabled: true,
+    		},
+    		{
+    			envVar:   "TRUE",
+    			disabled: true,
+    		},
+    		{
+    			envVar:   "1",
+    			disabled: true,
+    		},
+    	}
+    	for _, tc := range testCases {
+    		t.Setenv(OauthLoginEscapeHatchEnvVar, tc.envVar)
+    		disabled := isOauthLoginDisabled()
+    		assert.Equal(t, disabled, tc.disabled)
+    	}
+    }

e2e/registry/login_test.go

-Original file line number
+Diff line change
@@ -0,0 +1,56 @@
+    package registry
+    import (
+    	"io"
+    	"os/exec"
+    	"strings"
+    	"syscall"
+    	"testing"
+    	"time"
+    	"github.com/creack/pty"
+    	"gotest.tools/v3/assert"
+    )
+    func TestOauthLogin(t *testing.T) {
+    	t.Parallel()
+    	loginCmd := exec.Command("docker", "login")
+    	p, err := pty.Start(loginCmd)
+    	assert.NilError(t, err)
+    	defer func() {
+    		_ = loginCmd.Wait()
+    		_ = p.Close()
+    	}()
+    	time.Sleep(1 * time.Second)
+    	pid := loginCmd.Process.Pid
+    	t.Logf("terminating PID %d", pid)
+    	err = syscall.Kill(pid, syscall.SIGTERM)
+    	assert.NilError(t, err)
+    	output, _ := io.ReadAll(p)
+    	assert.Check(t, strings.Contains(string(output), "USING WEB BASED LOGIN"), string(output))
+    }
+    func TestLoginWithEscapeHatch(t *testing.T) {
+    	t.Parallel()
+    	loginCmd := exec.Command("docker", "login")
+    	loginCmd.Env = append(loginCmd.Env, "DOCKER_CLI_DISABLE_OAUTH_LOGIN=1")
+    	p, err := pty.Start(loginCmd)
+    	assert.NilError(t, err)
+    	defer func() {
+    		_ = loginCmd.Wait()
+    		_ = p.Close()
+    	}()
+    	time.Sleep(1 * time.Second)
+    	pid := loginCmd.Process.Pid
+    	t.Logf("terminating PID %d", pid)
+    	err = syscall.Kill(pid, syscall.SIGTERM)
+    	assert.NilError(t, err)
+    	output, _ := io.ReadAll(p)
+    	assert.Check(t, strings.Contains(string(output), "Username:"), string(output))
+    }

e2e/registry/main_test.go

-Original file line number
+Diff line change
@@ -0,0 +1,17 @@
+    package registry
+    import (
+    	"fmt"
+    	"os"
+    	"testing"
+    	"github.com/docker/cli/internal/test/environment"
+    )
+    func TestMain(m *testing.M) {
+    	if err := environment.Setup(); err != nil {
+    		fmt.Println(err.Error())
+    		os.Exit(3)
+    	}
+    	os.Exit(m.Run())
+    }

login: add oauth escape hatch #5361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

laurazard merged 2 commits into docker:master from laurazard:add-oauth-login-escape-hatch

Aug 20, 2024

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,8 @@ import ( @@
     	"context"
     	"fmt"
     	"io"
+    	"os"
+    	"strconv"
     	"strings"
     	"github.com/docker/cli/cli"
@@ Expand Down Expand Up @@
     	return &response, err
     }
+    const OauthLoginEscapeHatchEnvVar = "DOCKER_CLI_DISABLE_OAUTH_LOGIN"
+    func isOauthLoginDisabled() bool {
+    	if v := os.Getenv(OauthLoginEscapeHatchEnvVar); v != "" {
+    		enabled, err := strconv.ParseBool(v)
+    		if err != nil {
+    			return false
+    		}
+    		return enabled
+    	}
+    	return false
+    }
     func loginUser(ctx context.Context, dockerCli command.Cli, opts loginOptions, defaultUsername, serverAddress string) (*registrytypes.AuthenticateOKBody, error) {
     	// If we're logging into the index server and the user didn't provide a username or password, use the device flow
-    	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" {
+    	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" && !isOauthLoginDisabled() {
     		response, err := loginWithDeviceCodeFlow(ctx, dockerCli)
     		// if the error represents a failure to initiate the device-code flow,
     		// then we fallback to regular cli credentials login
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -228,3 +228,47 @@ func TestLoginTermination(t *testing.T) { @@
     		assert.ErrorIs(t, err, command.ErrPromptTerminated)
     	}
     }
+    func TestIsOauthLoginDisabled(t *testing.T) {
+    	testCases := []struct {
+    		envVar   string
+    		disabled bool
+    	}{
+    		{
+    			envVar:   "",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "bork",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "0",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "false",
+    			disabled: false,
+    		},
+    		{
+    			envVar:   "true",
+    			disabled: true,
+    		},
+    		{
+    			envVar:   "TRUE",
+    			disabled: true,
+    		},
+    		{
+    			envVar:   "1",
+    			disabled: true,
+    		},
+    	}
+    	for _, tc := range testCases {
+    		t.Setenv(OauthLoginEscapeHatchEnvVar, tc.envVar)
+    		disabled := isOauthLoginDisabled()
+    		assert.Equal(t, disabled, tc.disabled)
+    	}
+    }

-Original file line number
+Diff line change
@@ -0,0 +1,56 @@
+    package registry
+    import (
+    	"io"
+    	"os/exec"
+    	"strings"
+    	"syscall"
+    	"testing"
+    	"time"
+    	"github.com/creack/pty"
+    	"gotest.tools/v3/assert"
+    )
+    func TestOauthLogin(t *testing.T) {
+    	t.Parallel()
+    	loginCmd := exec.Command("docker", "login")
+    	p, err := pty.Start(loginCmd)
+    	assert.NilError(t, err)
+    	defer func() {
+    		_ = loginCmd.Wait()
+    		_ = p.Close()
+    	}()
+    	time.Sleep(1 * time.Second)
+    	pid := loginCmd.Process.Pid
+    	t.Logf("terminating PID %d", pid)
+    	err = syscall.Kill(pid, syscall.SIGTERM)
+    	assert.NilError(t, err)
+    	output, _ := io.ReadAll(p)
+    	assert.Check(t, strings.Contains(string(output), "USING WEB BASED LOGIN"), string(output))
+    }
+    func TestLoginWithEscapeHatch(t *testing.T) {
+    	t.Parallel()
+    	loginCmd := exec.Command("docker", "login")
+    	loginCmd.Env = append(loginCmd.Env, "DOCKER_CLI_DISABLE_OAUTH_LOGIN=1")
+    	p, err := pty.Start(loginCmd)
+    	assert.NilError(t, err)
+    	defer func() {
+    		_ = loginCmd.Wait()
+    		_ = p.Close()
+    	}()
+    	time.Sleep(1 * time.Second)
+    	pid := loginCmd.Process.Pid
+    	t.Logf("terminating PID %d", pid)
+    	err = syscall.Kill(pid, syscall.SIGTERM)
+    	assert.NilError(t, err)
+    	output, _ := io.ReadAll(p)
+    	assert.Check(t, strings.Contains(string(output), "Username:"), string(output))
+    }

-Original file line number
+Diff line change
@@ -0,0 +1,17 @@
+    package registry
+    import (
+    	"fmt"
+    	"os"
+    	"testing"
+    	"github.com/docker/cli/internal/test/environment"
+    )
+    func TestMain(m *testing.M) {
+    	if err := environment.Setup(); err != nil {
+    		fmt.Println(err.Error())
+    		os.Exit(3)
+    	}
+    	os.Exit(m.Run())
+    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

login: add oauth escape hatch #5361

Uh oh!

Diff view

Diff view

There are no files selected for viewing