From 6d28c560edc470399f341666fa18578e65c3f290 Mon Sep 17 00:00:00 2001 From: Dos Moonen Date: Sat, 22 May 2021 21:34:04 +0200 Subject: [PATCH 1/4] Added pip style keyring password lookup as a fallback. This way Poetry gives keyring backends like Microsoft's `artifacts-keyring` or Google's `keyrings.google-artifactregistry-auth` a change to retrieve the credentials. Since Microsoft Azure DevOps Personal Access Tokens will expire after some time the `artifacts-keyring` implementation will generate a new one for you to counteract that. --- docs/docs/repositories.md | 14 +++ poetry/installation/authenticator.py | 38 ++++++++- tests/conftest.py | 56 ++++++++++++ tests/installation/test_authenticator.py | 52 +++++++++++- tests/test_factory.py | 12 +-- tests/utils/test_password_manager.py | 104 +++++------------------ 6 files changed, 185 insertions(+), 91 deletions(-) diff --git a/docs/docs/repositories.md b/docs/docs/repositories.md index 952e91f15d4..7d09c2935d0 100644 --- a/docs/docs/repositories.md +++ b/docs/docs/repositories.md @@ -63,6 +63,20 @@ If a system keyring is available and supported, the password is stored to and re Keyring support is enabled using the [keyring library](https://pypi.org/project/keyring/). For more information on supported backends refer to the [library documentation](https://keyring.readthedocs.io/en/latest/?badge=latest). +!!!note + + ``` + Poetry will fallback to Pip style use of keyring so that backends like + Microsoft's [artifacts-keyring](https://pypi.org/project/artifacts-keyring/). It will need to be properly + installed into Poetry's virtualenv, preferrably by installing a plugin. + + If you are letting Poetry manage your virtual environments you will want a virtualenv + seeder installed in Poetry's virtualenv that installs the desired keyring backend + during `poetry install`. To again use Azure DecOps as an example: [azure-devops-artifacts-helpers](https://pypi.org/project/azure-devops-artifacts-helpers/) + provides such a seeder. This would of course best achieved by installing a Poetry plugin + if it exists for you use case instead of doing it yourself. + ``` + Alternatively, you can use environment variables to provide the credentials: ```bash diff --git a/poetry/installation/authenticator.py b/poetry/installation/authenticator.py index 8c5e1d01222..92894b00a68 100644 --- a/poetry/installation/authenticator.py +++ b/poetry/installation/authenticator.py @@ -4,6 +4,7 @@ from typing import TYPE_CHECKING from typing import Any +from typing import Dict from typing import Optional from typing import Tuple @@ -108,7 +109,7 @@ def get_credentials_for_url(self, url: str) -> Tuple[Optional[str], Optional[str if credentials == (None, None): if "@" not in netloc: - credentials = self._get_credentials_for_netloc_from_config(netloc) + credentials = self._get_credentials_for_netloc(netloc) else: # Split from the right because that's how urllib.parse.urlsplit() # behaves if more than one @ is present (which can be checked using @@ -133,7 +134,7 @@ def get_credentials_for_url(self, url: str) -> Tuple[Optional[str], Optional[str return credentials[0], credentials[1] - def _get_credentials_for_netloc_from_config( + def _get_credentials_for_netloc( self, netloc: str ) -> Tuple[Optional[str], Optional[str]]: credentials = (None, None) @@ -152,9 +153,42 @@ def _get_credentials_for_netloc_from_config( if netloc == parsed_url.netloc: auth = self._password_manager.get_http_auth(repository_name) + if auth is None or auth["password"] is None: + username = auth["username"] if auth else None + auth = self._get_credentials_for_netloc_from_keyring( + url, netloc, username + ) + if auth is None: continue return auth["username"], auth["password"] return credentials + + def _get_credentials_for_netloc_from_keyring( + self, url: str, netloc: str, username: str + ) -> Optional[Dict[str, str]]: + import keyring + + cred = keyring.get_credential(url, username) + if cred is not None: + return { + "username": cred.username, + "password": cred.password, + } + + cred = keyring.get_credential(netloc, username) + if cred is not None: + return { + "username": cred.username, + "password": cred.password, + } + + if username: + return { + "username": username, + "password": None, + } + + return None diff --git a/tests/conftest.py b/tests/conftest.py index d66ed9ba659..0fa30a3a7b5 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -12,6 +12,7 @@ import pytest from cleo.testers.command_tester import CommandTester +from keyring.backend import KeyringBackend from poetry.config.config import Config as BaseConfig from poetry.config.dict_config_source import DictConfigSource @@ -53,6 +54,61 @@ def all(self) -> Dict[str, Any]: return super(Config, self).all() +class DummyBackend(KeyringBackend): + def __init__(self): + self._passwords = {} + + @classmethod + def priority(cls): + return 42 + + def set_password(self, service, username, password): + self._passwords[service] = {username: password} + + def get_password(self, service, username): + return self._passwords.get(service, {}).get(username) + + def get_credential(self, service, username): + return self._passwords.get(service, {}).get(username) + + def delete_password(self, service, username): + if service in self._passwords and username in self._passwords[service]: + del self._passwords[service][username] + + +@pytest.fixture() +def dummy_keyring(): + return DummyBackend() + + +@pytest.fixture() +def with_simple_keyring(dummy_keyring): + import keyring + + keyring.set_keyring(dummy_keyring) + + +@pytest.fixture() +def with_fail_keyring(): + import keyring + + from keyring.backends.fail import Keyring + + keyring.set_keyring(Keyring()) + + +@pytest.fixture() +def with_chained_keyring(mocker): + from keyring.backends.fail import Keyring + + mocker.patch("keyring.backend.get_all_keyring", [Keyring()]) + import keyring + + from keyring.backends.chainer import ChainerBackend + + keyring.set_keyring(ChainerBackend()) + + @pytest.fixture def config_cache_dir(tmp_dir): path = Path(tmp_dir) / ".cache" / "pypoetry" diff --git a/tests/installation/test_authenticator.py b/tests/installation/test_authenticator.py index 5f756c34f91..ffe3b9558ea 100644 --- a/tests/installation/test_authenticator.py +++ b/tests/installation/test_authenticator.py @@ -10,6 +10,12 @@ from poetry.installation.authenticator import Authenticator +class SimpleCredential: + def __init__(self, username, password): + self.username = username + self.password = password + + @pytest.fixture() def mock_remote(http): http.register_uri( @@ -52,7 +58,9 @@ def test_authenticator_uses_credentials_from_config_if_not_provided( assert "Basic YmFyOmJheg==" == request.headers["Authorization"] -def test_authenticator_uses_username_only_credentials(config, mock_remote, http): +def test_authenticator_uses_username_only_credentials( + config, mock_remote, http, with_simple_keyring +): config.merge( { "repositories": {"foo": {"url": "https://foo.bar/simple/"}}, @@ -85,7 +93,7 @@ def test_authenticator_uses_password_only_credentials(config, mock_remote, http) def test_authenticator_uses_empty_strings_as_default_password( - config, mock_remote, http + config, mock_remote, http, with_simple_keyring ): config.merge( { @@ -120,6 +128,46 @@ def test_authenticator_uses_empty_strings_as_default_username( assert "Basic OmJhcg==" == request.headers["Authorization"] +def test_authenticator_falls_back_to_keyring_url( + config, mock_remote, http, with_simple_keyring, dummy_keyring +): + config.merge( + { + "repositories": {"foo": {"url": "https://foo.bar/simple/"}}, + } + ) + + dummy_keyring.set_password( + "https://foo.bar/simple/", None, SimpleCredential(None, "bar") + ) + + authenticator = Authenticator(config, NullIO()) + authenticator.request("get", "https://foo.bar/files/foo-0.1.0.tar.gz") + + request = http.last_request() + + assert "Basic OmJhcg==" == request.headers["Authorization"] + + +def test_authenticator_falls_back_to_keyring_netloc( + config, mock_remote, http, with_simple_keyring, dummy_keyring +): + config.merge( + { + "repositories": {"foo": {"url": "https://foo.bar/simple/"}}, + } + ) + + dummy_keyring.set_password("foo.bar", None, SimpleCredential(None, "bar")) + + authenticator = Authenticator(config, NullIO()) + authenticator.request("get", "https://foo.bar/files/foo-0.1.0.tar.gz") + + request = http.last_request() + + assert "Basic OmJhcg==" == request.headers["Authorization"] + + def test_authenticator_request_retries_on_exception(mocker, config, http): sleep = mocker.patch("time.sleep") sdist_uri = "https://foo.bar/files/{}/foo-0.1.0.tar.gz".format(str(uuid.uuid4())) diff --git a/tests/test_factory.py b/tests/test_factory.py index e9a9a9a5994..20d2f09cf7b 100644 --- a/tests/test_factory.py +++ b/tests/test_factory.py @@ -156,13 +156,13 @@ def test_create_poetry_with_multi_constraints_dependency(): assert len(package.requires) == 2 -def test_poetry_with_default_source(): +def test_poetry_with_default_source(with_simple_keyring): poetry = Factory().create_poetry(fixtures_dir / "with_default_source") assert 1 == len(poetry.pool.repositories) -def test_poetry_with_non_default_source(): +def test_poetry_with_non_default_source(with_simple_keyring): poetry = Factory().create_poetry(fixtures_dir / "with_non_default_source") assert len(poetry.pool.repositories) == 2 @@ -176,7 +176,7 @@ def test_poetry_with_non_default_source(): assert isinstance(poetry.pool.repositories[1], PyPiRepository) -def test_poetry_with_non_default_secondary_source(): +def test_poetry_with_non_default_secondary_source(with_simple_keyring): poetry = Factory().create_poetry(fixtures_dir / "with_non_default_secondary_source") assert len(poetry.pool.repositories) == 2 @@ -192,7 +192,7 @@ def test_poetry_with_non_default_secondary_source(): assert isinstance(repository, LegacyRepository) -def test_poetry_with_non_default_multiple_secondary_sources(): +def test_poetry_with_non_default_multiple_secondary_sources(with_simple_keyring): poetry = Factory().create_poetry( fixtures_dir / "with_non_default_multiple_secondary_sources" ) @@ -214,7 +214,7 @@ def test_poetry_with_non_default_multiple_secondary_sources(): assert isinstance(repository, LegacyRepository) -def test_poetry_with_non_default_multiple_sources(): +def test_poetry_with_non_default_multiple_sources(with_simple_keyring): poetry = Factory().create_poetry(fixtures_dir / "with_non_default_multiple_sources") assert len(poetry.pool.repositories) == 3 @@ -245,7 +245,7 @@ def test_poetry_with_no_default_source(): assert isinstance(poetry.pool.repositories[0], PyPiRepository) -def test_poetry_with_two_default_sources(): +def test_poetry_with_two_default_sources(with_simple_keyring): with pytest.raises(ValueError) as e: Factory().create_poetry(fixtures_dir / "with_two_default_sources") diff --git a/tests/utils/test_password_manager.py b/tests/utils/test_password_manager.py index 31d5812ce96..e14973005ca 100644 --- a/tests/utils/test_password_manager.py +++ b/tests/utils/test_password_manager.py @@ -2,80 +2,26 @@ import pytest -from keyring.backend import KeyringBackend - from poetry.utils.password_manager import KeyRing from poetry.utils.password_manager import KeyRingError from poetry.utils.password_manager import PasswordManager -class DummyBackend(KeyringBackend): - def __init__(self): - self._passwords = {} - - @classmethod - def priority(cls): - return 42 - - def set_password(self, service, username, password): - self._passwords[service] = {username: password} - - def get_password(self, service, username): - return self._passwords.get(service, {}).get(username) - - def delete_password(self, service, username): - if service in self._passwords and username in self._passwords[service]: - del self._passwords[service][username] - - -@pytest.fixture() -def backend(): - return DummyBackend() - - -@pytest.fixture() -def mock_available_backend(backend): - import keyring - - keyring.set_keyring(backend) - - -@pytest.fixture() -def mock_unavailable_backend(): - import keyring - - from keyring.backends.fail import Keyring - - keyring.set_keyring(Keyring()) - - -@pytest.fixture() -def mock_chainer_backend(mocker): - from keyring.backends.fail import Keyring - - mocker.patch("keyring.backend.get_all_keyring", [Keyring()]) - import keyring - - from keyring.backends.chainer import ChainerBackend - - keyring.set_keyring(ChainerBackend()) - - -def test_set_http_password(config, mock_available_backend, backend): +def test_set_http_password(config, with_simple_keyring, dummy_keyring): manager = PasswordManager(config) assert manager.keyring.is_available() manager.set_http_password("foo", "bar", "baz") - assert "baz" == backend.get_password("poetry-repository-foo", "bar") + assert "baz" == dummy_keyring.get_password("poetry-repository-foo", "bar") auth = config.get("http-basic.foo") assert "bar" == auth["username"] assert "password" not in auth -def test_get_http_auth(config, mock_available_backend, backend): - backend.set_password("poetry-repository-foo", "bar", "baz") +def test_get_http_auth(config, with_simple_keyring, dummy_keyring): + dummy_keyring.set_password("poetry-repository-foo", "bar", "baz") config.auth_config_source.add_property("http-basic.foo", {"username": "bar"}) manager = PasswordManager(config) @@ -86,19 +32,19 @@ def test_get_http_auth(config, mock_available_backend, backend): assert "baz" == auth["password"] -def test_delete_http_password(config, mock_available_backend, backend): - backend.set_password("poetry-repository-foo", "bar", "baz") +def test_delete_http_password(config, with_simple_keyring, dummy_keyring): + dummy_keyring.set_password("poetry-repository-foo", "bar", "baz") config.auth_config_source.add_property("http-basic.foo", {"username": "bar"}) manager = PasswordManager(config) assert manager.keyring.is_available() manager.delete_http_password("foo") - assert backend.get_password("poetry-repository-foo", "bar") is None + assert dummy_keyring.get_password("poetry-repository-foo", "bar") is None assert config.get("http-basic.foo") is None -def test_set_pypi_token(config, mock_available_backend, backend): +def test_set_pypi_token(config, with_simple_keyring, dummy_keyring): manager = PasswordManager(config) assert manager.keyring.is_available() @@ -106,28 +52,28 @@ def test_set_pypi_token(config, mock_available_backend, backend): assert config.get("pypi-token.foo") is None - assert "baz" == backend.get_password("poetry-repository-foo", "__token__") + assert "baz" == dummy_keyring.get_password("poetry-repository-foo", "__token__") -def test_get_pypi_token(config, mock_available_backend, backend): - backend.set_password("poetry-repository-foo", "__token__", "baz") +def test_get_pypi_token(config, with_simple_keyring, dummy_keyring): + dummy_keyring.set_password("poetry-repository-foo", "__token__", "baz") manager = PasswordManager(config) assert manager.keyring.is_available() assert "baz" == manager.get_pypi_token("foo") -def test_delete_pypi_token(config, mock_available_backend, backend): - backend.set_password("poetry-repository-foo", "__token__", "baz") +def test_delete_pypi_token(config, with_simple_keyring, dummy_keyring): + dummy_keyring.set_password("poetry-repository-foo", "__token__", "baz") manager = PasswordManager(config) assert manager.keyring.is_available() manager.delete_pypi_token("foo") - assert backend.get_password("poetry-repository-foo", "__token__") is None + assert dummy_keyring.get_password("poetry-repository-foo", "__token__") is None -def test_set_http_password_with_unavailable_backend(config, mock_unavailable_backend): +def test_set_http_password_with_unavailable_backend(config, with_fail_keyring): manager = PasswordManager(config) assert not manager.keyring.is_available() @@ -138,7 +84,7 @@ def test_set_http_password_with_unavailable_backend(config, mock_unavailable_bac assert "baz" == auth["password"] -def test_get_http_auth_with_unavailable_backend(config, mock_unavailable_backend): +def test_get_http_auth_with_unavailable_backend(config, with_fail_keyring): config.auth_config_source.add_property( "http-basic.foo", {"username": "bar", "password": "baz"} ) @@ -151,9 +97,7 @@ def test_get_http_auth_with_unavailable_backend(config, mock_unavailable_backend assert "baz" == auth["password"] -def test_delete_http_password_with_unavailable_backend( - config, mock_unavailable_backend -): +def test_delete_http_password_with_unavailable_backend(config, with_fail_keyring): config.auth_config_source.add_property( "http-basic.foo", {"username": "bar", "password": "baz"} ) @@ -165,7 +109,7 @@ def test_delete_http_password_with_unavailable_backend( assert config.get("http-basic.foo") is None -def test_set_pypi_token_with_unavailable_backend(config, mock_unavailable_backend): +def test_set_pypi_token_with_unavailable_backend(config, with_fail_keyring): manager = PasswordManager(config) assert not manager.keyring.is_available() @@ -174,7 +118,7 @@ def test_set_pypi_token_with_unavailable_backend(config, mock_unavailable_backen assert "baz" == config.get("pypi-token.foo") -def test_get_pypi_token_with_unavailable_backend(config, mock_unavailable_backend): +def test_get_pypi_token_with_unavailable_backend(config, with_fail_keyring): config.auth_config_source.add_property("pypi-token.foo", "baz") manager = PasswordManager(config) @@ -182,7 +126,7 @@ def test_get_pypi_token_with_unavailable_backend(config, mock_unavailable_backen assert "baz" == manager.get_pypi_token("foo") -def test_delete_pypi_token_with_unavailable_backend(config, mock_unavailable_backend): +def test_delete_pypi_token_with_unavailable_backend(config, with_fail_keyring): config.auth_config_source.add_property("pypi-token.foo", "baz") manager = PasswordManager(config) @@ -192,7 +136,7 @@ def test_delete_pypi_token_with_unavailable_backend(config, mock_unavailable_bac assert config.get("pypi-token.foo") is None -def test_keyring_raises_errors_on_keyring_errors(mocker, mock_unavailable_backend): +def test_keyring_raises_errors_on_keyring_errors(mocker, with_fail_keyring): mocker.patch("poetry.utils.password_manager.KeyRing._check") key_ring = KeyRing("poetry") @@ -207,16 +151,14 @@ def test_keyring_raises_errors_on_keyring_errors(mocker, mock_unavailable_backen def test_keyring_with_chainer_backend_and_not_compatible_only_should_be_unavailable( - mock_chainer_backend, + with_chained_keyring, ): key_ring = KeyRing("poetry") assert not key_ring.is_available() -def test_get_http_auth_from_environment_variables( - environ, config, mock_available_backend -): +def test_get_http_auth_from_environment_variables(environ, config, with_simple_keyring): os.environ["POETRY_HTTP_BASIC_FOO_USERNAME"] = "bar" os.environ["POETRY_HTTP_BASIC_FOO_PASSWORD"] = "baz" From daa4746a0135765109a8b36afe88fb996c47a16d Mon Sep 17 00:00:00 2001 From: Dos Moonen Date: Sat, 22 May 2021 23:01:51 +0200 Subject: [PATCH 2/4] Fixed a typo and finished a sentence in the documentation. --- docs/docs/repositories.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/docs/repositories.md b/docs/docs/repositories.md index 7d09c2935d0..115660f32ba 100644 --- a/docs/docs/repositories.md +++ b/docs/docs/repositories.md @@ -67,12 +67,13 @@ Keyring support is enabled using the [keyring library](https://pypi.org/project/ ``` Poetry will fallback to Pip style use of keyring so that backends like - Microsoft's [artifacts-keyring](https://pypi.org/project/artifacts-keyring/). It will need to be properly - installed into Poetry's virtualenv, preferrably by installing a plugin. + Microsoft's [artifacts-keyring](https://pypi.org/project/artifacts-keyring/) get a change to retrieve + valid credentials. It will need to be properly installed into Poetry's virtualenv, + preferrably by installing a plugin. If you are letting Poetry manage your virtual environments you will want a virtualenv seeder installed in Poetry's virtualenv that installs the desired keyring backend - during `poetry install`. To again use Azure DecOps as an example: [azure-devops-artifacts-helpers](https://pypi.org/project/azure-devops-artifacts-helpers/) + during `poetry install`. To again use Azure DevOps as an example: [azure-devops-artifacts-helpers](https://pypi.org/project/azure-devops-artifacts-helpers/) provides such a seeder. This would of course best achieved by installing a Poetry plugin if it exists for you use case instead of doing it yourself. ``` From bea596825708ddb682dc9e3b139957bb530a384c Mon Sep 17 00:00:00 2001 From: Dos Moonen Date: Tue, 25 May 2021 13:36:23 +0200 Subject: [PATCH 3/4] Corrected type annotation --- poetry/installation/authenticator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poetry/installation/authenticator.py b/poetry/installation/authenticator.py index 92894b00a68..894c4babc50 100644 --- a/poetry/installation/authenticator.py +++ b/poetry/installation/authenticator.py @@ -167,7 +167,7 @@ def _get_credentials_for_netloc( return credentials def _get_credentials_for_netloc_from_keyring( - self, url: str, netloc: str, username: str + self, url: str, netloc: str, username: Optional[str] ) -> Optional[Dict[str, str]]: import keyring From 5c7c9da32c91c9a46ddded56dd0c7986be2c0c2f Mon Sep 17 00:00:00 2001 From: Dos Moonen Date: Thu, 3 Jun 2021 21:18:20 +0200 Subject: [PATCH 4/4] Refactored Authenticator and added two methods which delegate to PasswordManager so that Publisher can use Authenticator instead of PasswordManager. - Authenticator and its tests got moved into utils. - No longer retrieve "repositories.{name}.url" in two steps ("repositories.{name}", then "url") since that does not allow us to use environment variable POETRY_REPOSITORIES_{name}_URL. --- poetry/installation/executor.py | 2 +- poetry/publishing/publisher.py | 13 +++-- poetry/repositories/legacy_repository.py | 2 +- .../{installation => utils}/authenticator.py | 52 ++++++++++++------- .../test_authenticator.py | 2 +- 5 files changed, 41 insertions(+), 30 deletions(-) rename poetry/{installation => utils}/authenticator.py (83%) rename tests/{installation => utils}/test_authenticator.py (99%) diff --git a/poetry/installation/executor.py b/poetry/installation/executor.py index 4580656c933..00b709da2aa 100644 --- a/poetry/installation/executor.py +++ b/poetry/installation/executor.py @@ -24,8 +24,8 @@ from poetry.utils.helpers import safe_rmtree from poetry.utils.pip import pip_editable_install +from ..utils.authenticator import Authenticator from ..utils.pip import pip_install -from .authenticator import Authenticator from .chef import Chef from .chooser import Chooser from .operations.install import Install diff --git a/poetry/publishing/publisher.py b/poetry/publishing/publisher.py index cfa5c7d085d..ca1c08a73de 100644 --- a/poetry/publishing/publisher.py +++ b/poetry/publishing/publisher.py @@ -6,10 +6,9 @@ from typing import Optional from typing import Union -from poetry.utils.helpers import get_cert -from poetry.utils.helpers import get_client_cert -from poetry.utils.password_manager import PasswordManager - +from ..utils.authenticator import Authenticator +from ..utils.helpers import get_cert +from ..utils.helpers import get_client_cert from .uploader import Uploader @@ -32,7 +31,7 @@ def __init__(self, poetry: "Poetry", io: Union["BufferedIO", "ConsoleIO"]) -> No self._package = poetry.package self._io = io self._uploader = Uploader(poetry, io) - self._password_manager = PasswordManager(poetry.config) + self._authenticator = Authenticator(poetry.config, self._io) @property def files(self) -> List[Path]: @@ -58,13 +57,13 @@ def publish( if not (username and password): # Check if we have a token first - token = self._password_manager.get_pypi_token(repository_name) + token = self._authenticator.get_pypi_token(repository_name) if token: logger.debug(f"Found an API token for {repository_name}.") username = "__token__" password = token else: - auth = self._password_manager.get_http_auth(repository_name) + auth = self._authenticator.get_http_auth(repository_name) if auth: logger.debug( "Found authentication information for {}.".format( diff --git a/poetry/repositories/legacy_repository.py b/poetry/repositories/legacy_repository.py index 60fd8c8b6fa..9922184adb4 100644 --- a/poetry/repositories/legacy_repository.py +++ b/poetry/repositories/legacy_repository.py @@ -34,7 +34,7 @@ from ..config.config import Config from ..inspection.info import PackageInfo -from ..installation.authenticator import Authenticator +from ..utils.authenticator import Authenticator from .exceptions import PackageNotFound from .exceptions import RepositoryError from .pypi_repository import PyPiRepository diff --git a/poetry/installation/authenticator.py b/poetry/utils/authenticator.py similarity index 83% rename from poetry/installation/authenticator.py rename to poetry/utils/authenticator.py index 894c4babc50..363cf157fdc 100644 --- a/poetry/installation/authenticator.py +++ b/poetry/utils/authenticator.py @@ -134,35 +134,47 @@ def get_credentials_for_url(self, url: str) -> Tuple[Optional[str], Optional[str return credentials[0], credentials[1] + def get_pypi_token(self, name: str) -> str: + return self._password_manager.get_pypi_token(name) + + def get_http_auth(self, name: str) -> Optional[Dict[str, str]]: + return self._get_http_auth(name, None) + + def _get_http_auth( + self, name: str, netloc: Optional[str] + ) -> Optional[Dict[str, str]]: + if name == "pypi": + url = "https://upload.pypi.org/legacy/" + else: + url = self._config.get(f"repositories.{name}.url") + if not url: + return + + parsed_url = urllib.parse.urlsplit(url) + + if netloc is None or netloc == parsed_url.netloc: + auth = self._password_manager.get_http_auth(name) + + if auth is None or auth["password"] is None: + username = auth["username"] if auth else None + auth = self._get_credentials_for_netloc_from_keyring( + url, parsed_url.netloc, username + ) + + return auth + def _get_credentials_for_netloc( self, netloc: str ) -> Tuple[Optional[str], Optional[str]]: credentials = (None, None) for repository_name in self._config.get("repositories", []): - repository_config = self._config.get(f"repositories.{repository_name}") - if not repository_config: - continue + auth = self._get_http_auth(repository_name, netloc) - url = repository_config.get("url") - if not url: + if auth is None: continue - parsed_url = urllib.parse.urlsplit(url) - - if netloc == parsed_url.netloc: - auth = self._password_manager.get_http_auth(repository_name) - - if auth is None or auth["password"] is None: - username = auth["username"] if auth else None - auth = self._get_credentials_for_netloc_from_keyring( - url, netloc, username - ) - - if auth is None: - continue - - return auth["username"], auth["password"] + return auth["username"], auth["password"] return credentials diff --git a/tests/installation/test_authenticator.py b/tests/utils/test_authenticator.py similarity index 99% rename from tests/installation/test_authenticator.py rename to tests/utils/test_authenticator.py index ffe3b9558ea..bbcebcc4c12 100644 --- a/tests/installation/test_authenticator.py +++ b/tests/utils/test_authenticator.py @@ -7,7 +7,7 @@ from cleo.io.null_io import NullIO -from poetry.installation.authenticator import Authenticator +from poetry.utils.authenticator import Authenticator class SimpleCredential: