Ignore any existing token during CLI login (#7508)

Fixes #6694
hashicorp · Sep 25, 2019 · 6a14065 · 6a14065
1 parent ba834f8
commit 6a14065
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/command/login.go b/command/login.go
@@ -215,6 +215,12 @@ func (c *LoginCommand) Run(args []string) int {
 		return 2
 	}
 
+	// Evolving token formats across Vault versions have caused issues during CLI logins. Unless
+	// token auth is being used, omit any token picked up from TokenHelper.
+	if authMethod != "token" {
+		client.SetToken("")
+	}
+
 	// Authenticate delegation to the auth handler
 	secret, err := authHandler.Auth(client, config)
 	if err != nil {

diff --git a/command/login_test.go b/command/login_test.go
@@ -58,6 +58,9 @@ func TestLoginCommand_Run(t *testing.T) {
 			t.Fatal(err)
 		}
 
+		// Emulate an unknown token format present in ~/.vault-token, for example
+		client.SetToken("a.a")
+
 		code := cmd.Run([]string{
 			"-method", "userpass",
 			"-path", "my-auth",