cli/internal/oauth/jwt.go:62:3: naked return in func `GetClaims` with 9 lines of code (nakedret)
return
^
cli/internal/oauth/jwt.go:67:2: naked return in func `GetClaims` with 9 lines of code (nakedret)
return
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/manager/manager_test.go:349:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *fakeStore) Save() error {
^
cli/internal/oauth/manager/manager_test.go:357:7: unused-receiver: method receiver 'f' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (f *fakeStore) GetFilename() string {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/api/api.go:227:7: unused-receiver: method receiver 'a' is not referenced in method's body, consider removing or renaming it as _ (revive)
func (a API) GetAutoPAT(ctx context.Context, audience string, res TokenResponse) (string, error) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cli/internal/oauth/manager/manager_test.go:18: line-length-limit: line is 857 characters, out of limit 200 (revive)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Users have trouble understanding the different login paths on the CLI.
The default login is performed through an OAuth flow with the option to
fallback to a username and PAT login using the docker login -u <username>
option.
This patch improves the text around docker login, indicating:
- The username is shown when already authenticated
- Steps the user can take to switch user accounts are printed when
authenticated in an info.
- When not authenticated, the OAuth login flow explains the fallback
clearly to the user in an info.
- The password prompt now explicitly states that it accepts a PAT in an
info.
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
commit 4a7b04d412 configured golangci-lint
to use go1.23 semantics, which enabled the copyloopvar linter.
go1.22 now creates a copy of variables when assigned in a loop; make sure we
don't have files that may downgrade semantics to go1.21 in case that also means
disabling that feature; https://go.dev/ref/spec#Go_1.22
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Previously, if while polling for oauth device-code login results a user
suspended the process (such as with CTRL-Z) and then restored it with
`fg`, an error might occur in the form of:
```
failed waiting for authentication: You are polling faster than the specified interval of 5 seconds.
```
This is due to our use of a `time.Ticker` here - if no receiver drains
the ticker channel (and timers/tickers use a buffered channel behind the
scenes), more than one tick will pile up, causing the program to "tick"
twice, in fast succession, after it is resumed.
The new implementation replaces the `time.Ticker` with a `time.Timer`
(`time.Ticker` is just a nice wrapper) and introduces a helper function
`resetTimer` to ensure that before every `select`, the timer is stopped
and it's channel is drained.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow)
login flow when authenticating against the official registry.
This is achieved by adding `cli/internal/oauth`, which contains code to manage
interacting with the Docker OAuth tenant (`login.docker.com`), including launching
the device-code flow, refreshing access using the refresh-token, and logging out.
The `OAuthManager` introduced here is also made available through the `command.Cli`
interface method `OAuthManager()`.
In order to maintain compatibility with any clients manually accessing
the credentials through `~/.docker/config.json` or via credential
helpers, the added `OAuthManager` uses the retrieved access token to
automatically generate a PAT with Hub, and store that in the
credentials.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
