Use env vars if either --username or --password (or both) is missing

[dszakallas]

Pull Request Check List

Resolves: #5526

• Added tests for changed code.
• Updated documentation for changed code.

This PR changes authentication logic for publishing:

• If both username and password is missing, consider PyPI token env var.
• If no PyPI token and either username or password is missing, consider http basic env var for the missing field.

Previously, env vars were only considered if both CLI options where missing. This PR effectively makes it possible to mix the CLI options with the env vars.

This way both

poetry config repositories.myrepo $REPO_URL \
  && POETRY_HTTP_BASIC_MYREPO_PASSWORD=$PASSWORD \
     poetry publish -r myrepo -u $USERNAME

poetry config repositories.myrepo $REPO_URL \
  && POETRY_HTTP_BASIC_MYREPO_USERNAME=$USERNAME \
     poetry publish -r myrepo -p $PASSWORD

will work. I am doubtful about whether it is worth supporting the second use case.

[abn]

I don't think this is desired.

[dszakallas]

The original behavior would overwrite any value passed via CLI, if either is missing and a token is found (e.g if a username is passed and a token is found, then it would discard the username). Do we want to consider token auth if there's a username? I am happy to change back to the original behavior, although I find it a bit unintuitive.

[abn]

Unsure if we really have this scenario.

[dszakallas]

This looks very niche to me as well. Do you think we should not consider this case?

[neersighted]

I'm still not sure on this myself, but I would like to see tests (plus dropping the second case) to consider this for merging.