Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

1.1.0rc1: POETRY_HTTP_BASIC_ environment variables are ignored for private repositories #2799

Closed
3 tasks done
dclayh opened this issue Aug 11, 2020 · 3 comments · Fixed by #2990
Closed
3 tasks done

1.1.0rc1: POETRY_HTTP_BASIC_ environment variables are ignored for private repositories #2799

dclayh opened this issue Aug 11, 2020 · 3 comments · Fixed by #2990
Labels
area/repo Meta-issues for the repository/forge itself kind/bug Something isn't working as expected
Milestone
1.1

Comments

@dclayh
Copy link

dclayh commented Aug 11, 2020

  • I am on the latest Poetry version.
  • I have searched the issues of this repo and believe that this is not a duplicate.
  • If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

Issue

Downloading wheels from an Azure Devops feed fails with a 401 Unathorized error using http-basic authorization. This is true whether creds are set with poetry config or env vars. Version collection still succeeds from the private repo. This is a bug (or undocumented interface change?) with the 1.1.0 prereleases, since everything works fine with 1.0.5.

Snippet of poetry update -vvv output:

Package operations: 0 installs, 1 update, 0 removals

  • Updating data-utils (0.7.0 -> 0.6.20): Pending...
  • Updating data-utils (0.7.0 -> 0.6.20): Failed

HTTPError

401 Client Error: Unauthorized for url: https://guycarp.pkgs.visualstudio.com/9fb36d55-4aac-44bd-9e13-0d2773f027b9/_packaging/c31f3100-0441-4ca7-8b74-4f948c9eb523/pypi/download/data-utils/0.6.20/data_utils-0.6.20-py3-none-any.whl#sha256=40ba0db196547929b735f3aee626be3ebdc990c929d1f5c0623ba6affd129588
@abn abn added the kind/bug Something isn't working as expected label Aug 11, 2020
@abn abn added this to the 1.1 milestone Aug 11, 2020
@bneijt
Copy link

bneijt commented Aug 11, 2020

I've been trying to debug this and the issue seems to be the following:

  • The install executor do_execute asks the chooser to pick a url for the package to download
  • The LegacyRepository returns a list of urls without basic auth credentials in the url from find_links_for_package
  • The install executor tries to download the link without any credentials or session information.

The LegacyRepository has a _get but this is not used and contains a reference to self._url instead of self.authenticated_url which might be a bug in and of itself?

@finswimmer finswimmer added the area/repo Meta-issues for the repository/forge itself label Aug 12, 2020
@fbergroth fbergroth mentioned this issue Sep 24, 2020
Closed
2 tasks
@fbergroth
Copy link
Contributor

I ran into the same issue. Do you also set credentials via environment variables? See if #2955 solves it for you as well.

@abn abn mentioned this issue Sep 28, 2020
Closed
3 tasks
@abn abn changed the title Private pypi (azure devops feed) fails with 1.1.0 prereleases 1.1.0rc1: POETRY_HTTP_BASIC_ environment variables are ignored for private repositories Sep 28, 2020
abn added a commit to abn/poetry that referenced this issue Sep 28, 2020
@abn @fbergroth
authenticator: use configured repositories
408b0fb 
This change ensures that we use configured repositories to detect
credentials instead of `http-basic.`

Resolves: python-poetry#2799

Co-authored-by: Fredrik Bergroth <fbergroth@gmail.com>
abn added a commit to abn/poetry that referenced this issue Sep 28, 2020
@abn
repositories: use authenticator for legacy repos
c8d6fbc 
This change unifies the use of authenticator for legacy repositories.
This ensures that we retrieve the correct credentials in all cases.

Relates-to: python-poetry#2799 python-poetry#2988
@abn abn mentioned this issue Sep 28, 2020
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 3, 2024

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 3, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
area/repo Meta-issues for the repository/forge itself kind/bug Something isn't working as expected
Projects
None yet
Milestone
1.1
5 participants
@bneijt @abn @fbergroth @finswimmer @dclayh