Use URL-encoded username for keyring if no URL-encoded password #2570
Conversation
|
Flaky tests? Only change in my branch was a comment and failing tests are in unrelated parts of the codebase. |
|
I think GitHub has been having issues today. |
BakerNet
force-pushed
the
fix/passthrough-username-to-keyring
branch
from
6c86177
to
6d58c17
Compare
|
This is on my to-do list, it's been slow because of all the cfg changes for testing — we've generally avoided doing something like this so far. Without an in-depth review, I'd say some sort of pluggable |
|
@BakerNet Thanks for the PR. I can confirm that this resolved the direct issue. If I try to install a package it will now call keyring with the correct username allowing me to get a token as expected. However, it seems to hit a code path where this still fails when downloading transitive dependencies. E.g. installing numpy works but installing scipy (that depends on numpy) fails like this: |
Thanks for testing and sharing! I'm pretty sure I know what's going on here and will get a fix in later today. |
I have an idea to propose: #[derive(Debug, Default, Clone, Copy, PartialEq, Eq)]
#[cfg_attr(feature = "clap", derive(clap::ValueEnum))]
pub enum KeyringProvider {
/// Will not use keyring for authentication
#[default]
Disabled,
/// Will use keyring CLI command for authentication
Subprocess,
// /// Not yet implemented
// Auto,
// /// Not implemented yet. Maybe use <https://docs.rs/keyring/latest/keyring/> for this?
// Import,
#[cfg_attr(feature = "clap", clap(skip))]
TestStub,
}in method: let output = match self {
Self::Subprocess => match Command::new("keyring")
... ,
Self::Disabled => Ok(None),
Self::TestStub => Ok(Some("mypassword".to_string())),
} |
|
@jenshnielsen would you mind testing this again to check if my fix works on your end when you have time? |
|
@BakerNet Thanks this does seem to resolve the issue. I can install packages including their dependencies now. I am still seeing intermittent 401 errors that go away if I rerun the same command. I have not been able to figure out exactly which code path triggers it or if its even related |
|
I'm tackling this in a more comprehensive overhaul over in #2976 if you're interested in looking at it. |
Closes - #2822 - #2563 (via #2984) Partially address: - #2465 - #2464 Supersedes: - #2947 - #2570 (via #2984) Some significant refactors to the whole `uv-auth` crate: - Improving the API - Adding test coverage - Fixing handling of URL-encoded passwords - Fixing keyring authentication - Updated middleware (see #2984 for more)
|
Thanks for taking the time to put up a pull request, this was really helpful for understanding the desired behavior. I'm closing in favor of #2976 which makes some other changes. |
Summary
Currently, the middleware will not check keyring or netrc if there is any URL-encoded credentials.
pipwill check keyring and netrc if there is no URL-encoded password, and use the URL-encoded username for keyring. This updates the middleware to matchpipfunctionality in this way.See issue:
Test Plan
See included unit tests
Note: Introduced
cfg-branching functionality toget_keyring_subprocess_authin order to bypass subprocess calls in unit tests.