HTTP basic auth for pulling from private repositories does not work

[trallnag]

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Ubuntu 20.04
• Poetry version: 1.1.7

Poetry config:

❯ poetry config --list
cache-dir = "/home/jfn/.cache/pypoetry"
experimental.new-installer = true
installer.parallel = true
virtualenvs.create = true
virtualenvs.in-project = null
virtualenvs.path = "{cache-dir}/virtualenvs"  # /home/jfn/.cache/pypoetry/virtualenvs

Content of pyproject.toml:

[tool.poetry]
name = "test"
version = "0.1.0"
description = ""
authors = []

[tool.poetry.dependencies]
python = "^3.8.11"

# my-repo
mypackage = "^1.5.4"

[[tool.poetry.source]]
name = "my-repo"
url = "https://[REDACTED]/artifactory/api/pypi/my-repo/simple/"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

Issue

I want to add a package to my dependencies. The package is hosted on a private PyPI repository. Authentication is done via Basic Auth. Doing the install with Pip works:

❯ pip install --extra-index-url https://$USERNAME:$PASSWORD@[REDACTED]/artifactory/api/pypi/my-repo/simple mypackage

But Poetry fails to perform the authentication. It doesn't matter if I use POETRY_HTTP_BASIC_PYPI_USERNAME and POETRY_HTTP_BASIC_PYPI_PASSWORD or use poetry config http-basic.my-repo username password. It always fails:

❯ poetry update
Updating dependencies
Resolving dependencies... (0.1s)

  RepositoryError

  401 Client Error: Unauthorized for url: https://[REDACTED]/artifactory/api/pypi/my-repo/simple/mypackage/

  at ~/.local/share/pypoetry/venv/lib/python3.9/site-packages/poetry/repositories/legacy_repository.py:393 in _get
      389│             if response.status_code == 404:
      390│                 return
      391│             response.raise_for_status()
      392│         except requests.HTTPError as e:
    → 393│             raise RepositoryError(e)
      394│
      395│         if response.status_code in (401, 403):
      396│             self._log(
      397│                 "Authorization error accessing {url}".format(url=response.url),

I searched for similar issues:

• poetry config not working for HTTP auth so unable to pull private package #2125

But this issue is not the same. In my case Poetry starts to work when I put the repository credentials directly into the pyproject.toml.

[[tool.poetry.source]]
name = "my-repo"
url = "https://<username>:<password>@[REDACTED]/artifactory/api/pypi/my-repo/simple"

[trallnag]

Okay, WTF. The problem is the "name" section. When I change it to "artifactory" it suddenly works.

[javier-panichelli]

Okay, WTF. The problem is the "name" section. When I change it to "artifactory" it suddenly works.

@trallnag Can you please explain more in details what did you do to make it to work? Thanks.

[trallnag]

@javier-panichelli, here you go. It's not a bug or anything like that, I just did not understand how Poetry handles it.

In the pyproject.toml:

[[tool.poetry.source]]
name = "artifactory_my_repo"
url = "https://artifactory.bayer.com/artifactory/api/pypi/my-repo/simple"

What is important is the name of the repo. It can probably be whatever you want, but I only tried letters and underscores.

To inject credentials for example via environment variables the variable names must contain the name in uppercases separated by underscores. So in the example:

export POETRY_HTTP_BASIC_ARTIFACTORY_MY_REPO_USERNAME=username
export POETRY_HTTP_BASIC_ARTIFACTORY_MY_REPO_PASSWORD=password

[javier-panichelli]

Thank you a lot for your answer! I noted that I was using
_USER=
instead of
_USERNAME

That didn't make it work, but after I added a single letter to the source name (and its variables counterparts), it worked! Not sure why, though...

UPDATE:
It will work if I use different names for env variables/name tag combo and poetry config http-basic._ command

[pyproject.toml]
[[tool.poetry.source]]
name = "xyz"

poetry config http-basic.abc $POETRY_HTTP_BASIC_xyz_USERNAME $POETRY_HTTP_BASIC_xyz_PASSWORD -vvv

[liam102]

The env var must be

POETRY_HTTP_BASIC_<uppercase_source_name>_USERNAME
POETRY_HTTP_BASIC_<uppercase_source_name>_PASSWORD

with uppercase_source_name comes from the pyproject.toml

[[tool.poetry.source]]
name = "source_name"

[hlongmore-elation]

The information in #4389 (comment) and #4389 (comment) are much more clear on the requirements than the official documentation.

Perhaps someone can update the documentation?

[dimbleby]

Perhaps someone can update the documentation?

do it yourself! documentation merge requests are an easy way to contribute

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.