login: don't print "unencrypted" warning when failing to save credent…

…ials If we fail to save credentials, make sure that the error about saving doesn't get lost in the warning about credentials being stored unencrypted. Also discard errors about printing the warning, as those would be unlikely, and if they would occur, probably would fail to be printed as well. Signed-off-by: Sebastiaan van Stijn <[email protected]>
docker · Jul 18, 2024 · a78ab63 · a78ab63
1 parent 07baebe
commit a78ab63
Showing 1 changed file with 10 additions and 20 deletions.
diff --git a/cli/command/registry/login.go b/cli/command/registry/login.go
@@ -18,6 +18,11 @@ import (
 	"github.com/spf13/cobra"
 )
 
+// unencryptedWarning warns the user when using an insecure credential storage.
+// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
+// Otherwise, we'll assume they want it (sadly), because people may have been scripting
+// insecure logins and we don't want to break them. Maybe they'll see the warning in their
+// logs and fix things.
 const unencryptedWarning = `WARNING! Your password will be stored unencrypted in %s.
 Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
@@ -60,17 +65,6 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }
 
-// displayUnencryptedWarning warns the user when using an insecure credential storage.
-// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
-// Otherwise, we'll assume they want it (sadly), because people may have been scripting
-// insecure logins and we don't want to break them. Maybe they'll see the warning in their
-// logs and fix things.
-func displayUnencryptedWarning(dockerCli command.Streams, filename string) error {
-	_, err := fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, filename))
-
-	return err
-}
-
 type isFileStore interface {
 	IsFileStore() bool
 	GetFilename() string
@@ -143,19 +137,15 @@ func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) err
 
 	creds := dockerCli.ConfigFile().GetCredentialsStore(serverAddress)
 
-	store, isDefault := creds.(isFileStore)
-	// Display a warning if we're storing the users password (not a token)
-	if isDefault && authConfig.Password != "" {
-		err = displayUnencryptedWarning(dockerCli, store.GetFilename())
-		if err != nil {
-			return err
-		}
-	}
-
 	if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
 		return errors.Errorf("Error saving credentials: %v", err)
 	}
 
+	if store, isDefault := creds.(isFileStore); isDefault && authConfig.Password != "" {
+		// Display a warning if we're storing the users password (not a token)
+		_, _ = fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, store.GetFilename()))
+	}
+
 	if response.Status != "" {
 		fmt.Fprintln(dockerCli.Out(), response.Status)
 	}