e2e

Signed-off-by: Xiaoxuan Wang <[email protected]>
oras-project · Mar 19, 2024 · 700657a · 700657a
1 parent d14e38a
commit 700657a
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/test/e2e/suite/auth/auth.go b/test/e2e/suite/auth/auth.go
@@ -100,6 +100,20 @@ var _ = Describe("Common registry user", func() {
 			Expect(err).Should(gbytes.Say(`Run "oras login -h"`))
 		})
 
+		It("should fail if username is used with identity token", func() {
+			ORAS("login", ZOTHost, "-u", Username, "--identity-token", Password, filepath.Join(GinkgoT().TempDir(), tmpConfigName)).
+				MatchKeyWords("--username cannot be used with --identity-token or --identity-token-stdin").
+				ExpectFailure().
+				Exec()
+		})
+
+		It("should fail if password is used with identity token", func() {
+			ORAS("login", ZOTHost, "-p", Password, "--identity-token", Password, filepath.Join(GinkgoT().TempDir(), tmpConfigName)).
+				MatchKeyWords("--password and --password-stdin cannot be used with --identity-token or --identity-token-stdin").
+				ExpectFailure().
+				Exec()
+		})
+
 		It("should fail if no username input", func() {
 			ORAS("login", ZOTHost, "--registry-config", filepath.Join(GinkgoT().TempDir(), tmpConfigName)).
 				WithTimeOut(20 * time.Second).
@@ -153,6 +167,11 @@ var _ = Describe("Common registry user", func() {
 				WithInput(strings.NewReader(fmt.Sprintf("%s\n%s\n", Username, Password))).
 				MatchKeyWords("Username: ", "Password: ", "Login Succeeded\n").Exec()
 		})
+
+		It("should fail as the test server doesn't support token service", func() {
+			ORAS("login", ZOTHost, "--identity-token", Password, filepath.Join(GinkgoT().TempDir(), tmpConfigName)).
+				MatchErrKeyWords("WARNING", "Using --password via the CLI is insecure", "Use --password-stdin").ExpectFailure().Exec()
+		})
 	})
 
 	When("using legacy config", func() {