fix(auth): add auth scheme hint to token rejected error for alt registries#16794
fix(auth): add auth scheme hint to token rejected error for alt registries#16794arlosi merged 2 commits intorust-lang:masterfrom
Conversation
rustbot
added
A-registry-authentication
|
r? @weihanglo rustbot has assigned @weihanglo. Use Why was this reviewer chosen?The reviewer was selected based on:
|
There was a problem hiding this comment.
@enricobolzonello thanks for your work here. I think we're really close to merging this.
Just a minor tweak to the wording. I don't want users to think that schemes other than Basic and Bearer are unsupported by Cargo.
The other direction we could go is to not detect the scheme at all, and just look for whether the token has a space in it. Then we could change the message to say "note: the token does not include an authentication scheme" if there is no space.
What do you think?
Also, could you please rebase this to two commits:
- First commit adds the tests (which should pass), showing existing behavior
- Second commit adds the change, and updates the tests expected output so they still pass
rustbot
added
S-waiting-on-author
|
Reminder, once the PR becomes ready for a review, use |
I think this is the best approach. Looking closer in the codebase Cargo itself doesn't reject tokens with other schemes so it doesn't make sense to enforce |
enricobolzonello
force-pushed
the
auth-scheme-hint
branch
from
cb470ee to
b34428b
Compare
|
Looks good! The tests failed because #16745 changed the registry auth error messages. You'll need to rebase and update test output. |
enricobolzonello
force-pushed
the
auth-scheme-hint
branch
from
b34428b to
4827fbf
Compare
enricobolzonello
force-pushed
the
auth-scheme-hint
branch
from
4827fbf to
c07e4fa
Compare
|
This PR was rebased onto a different master commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
enricobolzonello
force-pushed
the
auth-scheme-hint
branch
from
c07e4fa to
487983c
Compare
Cargo submodule update 11 commits in a357df4c26fc14514e66aae2a269456b5545c7db..101549dddbd2b08e806f50154e3aa4cb3374cc21 2026-04-03 16:47:15 +0000 to 2026-04-08 12:51:20 +0000 - Never include use extra-filename in build scripts (rust-lang/cargo#16855) - fix(toml): Force script edition warnings on quiet (rust-lang/cargo#16848) - GitHub fast path uses `http_async` (rust-lang/cargo#16847) - feat(manifest): allow git dependency alongside alternate registry (rust-lang/cargo#16810) - fix(auth): add auth scheme hint to token rejected error for alt registries (rust-lang/cargo#16794) - Warn on invalid jobserver file descriptors (rust-lang/cargo#16843) - docs(unstable): List the minimum required MSRV for 'public' field (rust-lang/cargo#16841) - feat(lints): Emit unused_dependencies lint (rust-lang/cargo#16600) - fix(tree): clarify error message when `-i` is used without a package name (rust-lang/cargo#16818) - fix: Typo in target.<cfg>.linker (rust-lang/cargo#16839) - Send Content-Type header with cargo publish requests (rust-lang/cargo#16832) r? ghost
4 participants
What does this PR try to resolve?
Based on the POC PR #15985, expand token rejected error message with authorization scheme.
Addresses issue #15021.
How to test and review this PR?
Run the tests in
tests/testsuite/registry_auth.rs:incorrect_token_unrecognized_schemeincorrect_token_bearer_schemeincorrect_token