Drone CLI's `--token` option does not work

cu2 · February 28, 2020, 4:18am

If I create a machine user with CLI and try to specify a token for that user:

drone user add testuser --machine --token ONE_TOKEN
Successfully added user testuser
Generated account token ANOTHER_TOKEN

What happens is that the user is created with another (randomly generated) token.

This is problematic, because if I want to create a user automatically (e.g. creating a user for Autoscaler with Ansible), it’s tricky to get the token out of the printed text (which is not a stable API), instead of specifying it.

Looking into the code it seems that the words token and hash are a bit mixed up and that is causing the problem.

First a user object is created with a Token:

github.com

drone/drone-cli/blob/865f348293f738a0a0ee522452f8230b723322b4/drone/user/user_add.go#L41-L46


	in := &drone.User{
		Login:   login,
		Admin:   c.Bool("admin"),
		Machine: c.Bool("machine"),
		Token:   c.String("token"),
	}

This is marshalled as token:

github.com

drone/drone-go/blob/3c3610553a86c949c6d80c334f5a7491d24b1c2f/drone/types.go#L19-L33


	User struct {
		ID        int64  `json:"id"`
		Login     string `json:"login"`
		Email     string `json:"email"`
		Avatar    string `json:"avatar_url"`
		Active    bool   `json:"active"`
		Admin     bool   `json:"admin"`
		Machine   bool   `json:"machine"`
		Syncing   bool   `json:"syncing"`
		Synced    int64  `json:"synced"`
		Created   int64  `json:"created"`
		Updated   int64  `json:"updated"`
		LastLogin int64  `json:"last_login"`
		Token     string `json:"token"`
	}

Then it’s sent to the server:

github.com

drone/drone-cli/blob/865f348293f738a0a0ee522452f8230b723322b4/drone/user/user_add.go#L47


	if err != nil {
		return err
	}


	in := &drone.User{
		Login:   login,
		Admin:   c.Bool("admin"),
		Machine: c.Bool("machine"),
		Token:   c.String("token"),
	}
	user, err := client.UserCreate(in)
	if err != nil {
		return err
	}
	fmt.Printf("Successfully added user %s\n", user.Login)
	if user.Token != "" {
		fmt.Printf("Generated account token %s\n", user.Token)
	}
	return nil
}

But when the server unmarshals it:

github.com

drone/drone/blob/344a444c692045fc907ebb202b833a0445be2eb1/handler/api/users/create.go#L38-L39


		in := new(core.User)
		err := json.NewDecoder(r.Body).Decode(in)

It doesn’t find it:

github.com

drone/drone/blob/a000a4e7a3d2754205b2254652abf310f83ac1dc/core/user.go#L31-L48


	User struct {
		ID        int64  `json:"id"`
		Login     string `json:"login"`
		Email     string `json:"email"`
		Machine   bool   `json:"machine"`
		Admin     bool   `json:"admin"`
		Active    bool   `json:"active"`
		Avatar    string `json:"avatar"`
		Syncing   bool   `json:"syncing"`
		Synced    int64  `json:"synced"`
		Created   int64  `json:"created"`
		Updated   int64  `json:"updated"`
		LastLogin int64  `json:"last_login"`
		Token     string `json:"-"`
		Refresh   string `json:"-"`
		Expiry    int64  `json:"-"`
		Hash      string `json:"-"`
	}

And more importantly, it doesn’t even look at token, but at hash instead:

github.com

drone/drone/blob/344a444c692045fc907ebb202b833a0445be2eb1/handler/api/users/create.go#L47-L55


		user := &core.User{
			Login:   in.Login,
			Active:  true,
			Admin:   in.Admin,
			Machine: in.Machine,
			Created: time.Now().Unix(),
			Updated: time.Now().Unix(),
			Hash:    in.Hash,
		}

So it generates a random one:

github.com

drone/drone/blob/344a444c692045fc907ebb202b833a0445be2eb1/handler/api/users/create.go#L56-L58


		if user.Hash == "" {
			user.Hash = uniuri.NewLen(32)
		}

And sends it back as token:

github.com

drone/drone/blob/344a444c692045fc907ebb202b833a0445be2eb1/handler/api/users/create.go#L111-L113


		if user.Machine {
			out = &userWithToken{user, user.Hash}
		}

github.com

drone/drone/blob/344a444c692045fc907ebb202b833a0445be2eb1/handler/api/users/create.go#L29-L32


type userWithToken struct {
	*core.User
	Token string `json:"token"`
}

Finally, the client prints it:

github.com

drone/drone-cli/blob/865f348293f738a0a0ee522452f8230b723322b4/drone/user/user_add.go#L52-L54


	if user.Token != "" {
		fmt.Printf("Generated account token %s\n", user.Token)
	}

cu2 · April 13, 2020, 11:32am

Now, that someone else has bumped into this issue as well, I’d like to ping this topic.

I’m not sure, what’s customary here, but after being ignored for more than a month, can I get an “acknowledged”, “won’t fix”, “fix it yourself” or any other reaction please?

ashwilliams1 · April 13, 2020, 12:31pm

complaining is customary, sending a pull request is desired.

Topic		Replies	Views
Drone CLI does not accept custom tokens during user creation Drone Bugs	5	532	October 2, 2020
Not found from machine user Drone Support	7	560	June 9, 2020
Cannot use CLI without access_token Drone Support	4	953	September 12, 2018
Is it possible to create a new user from a command on the image itself? Drone Support user , integration , authentication	4	351	November 30, 2022
Invalid API token is passed in drone-migrate activate-repos Drone Support	1	626	July 10, 2019

Related topics