poetry publish raises HTTP 403

[caniko]

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name:

System:
Kernel: 5.19.5-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc
v: 12.2.0 parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=e08ba235-2d5b-4752-aa8a-d6235cb506f3 rw
rootflags=subvol=@ quiet quiet splash
rd.udev.log_priority=3 vt.global_cursor_default=0
resume=UUID=7b1d8874-5890-4209-abcb-ae4c25bdcc93 loglevel=3
ibt=off systemd.unified_cgroup_hierarchy=1
Desktop: KDE Plasma v: 5.25.4 tk: Qt v: 5.15.5
info: latte-dock wm: kwin_x11 vt: 1 dm: SDDM
Distro: Garuda Linux base: Arch Linux
Machine:
Type: Desktop Mobo: Micro-Star model: B450M PRO-M2 MAX
(MS-7B84) v: 2.0 serial: <superuser required>
UEFI: American Megatrends v: A.70 date: 06/10/2020
CPU:
Info: model: AMD Ryzen 7 3800X bits: 64 type: MT MCP
arch: Zen 2 gen: 3 built: 2020-22 process: TSMC n7 (7nm)
family: 0x17 (23) model-id: 0x71 (113) stepping: 0
microcode: 0x8701021
Topology: cpus: 1x cores: 8 tpc: 2 threads: 16 smt: enabled
cache: L1: 512 KiB desc: d-8x32 KiB; i-8x32 KiB L2: 4 MiB
desc: 8x512 KiB L3: 32 MiB desc: 2x16 MiB
Speed (MHz): avg: 4297 high: 4300 min/max: 2200/4559
boost: enabled scaling: driver: acpi-cpufreq
governor: performance cores: 1: 4299 2: 4300 3: 4299
4: 4296 5: 4297 6: 4286 7: 4297 8: 4300 9: 4295 10: 4300
11: 4292 12: 4300 13: 4300 14: 4299 15: 4299 16: 4297
bogomips: 124796
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2
sse4a ssse3 svm
Vulnerabilities:
Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: mmio_stale_data status: Not affected
Type: retbleed mitigation: untrained return thunk; SMT
enabled with STIBP protection
Type: spec_store_bypass mitigation: Speculative Store
Bypass disabled via prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and
__user pointer sanitization
Type: spectre_v2 mitigation: Retpolines, IBPB: conditional,
STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: NVIDIA TU117 [GeForce GTX 1650] driver: nvidia
v: 515.65.01 alternate: nouveau,nvidia_drm non-free: 515.xx+
status: current (as of 2022-07) arch: Turing code: TUxxx
process: TSMC 12nm built: 2018-22 pcie: gen: 3
speed: 8 GT/s lanes: 16 bus-ID: 29:00.0 chip-ID: 10de:1f82
class-ID: 0300
Device-2: Sunplus Innovation FULL HD webcam type: USB
driver: snd-usb-audio,uvcvideo bus-ID: 1-5:3
chip-ID: 1bcf:2283 class-ID: 0102 serial: <filter>
Display: x11 server: X.Org v: 21.1.4 with: Xwayland
v: 22.1.3 compositor: kwin_x11 driver: X: loaded: nvidia
unloaded: modesetting alternate: fbdev,nouveau,nv,vesa
gpu: nvidia display-ID: :0 screens: 1
Screen-1: 0 s-res: 4920x2160 s-dpi: 156
s-size: 801x352mm (31.54x13.86") s-diag: 875mm (34.45")
Monitor-1: DP-0 pos: primary,right res: 3840x2160 hz: 60
dpi: 161 size: 607x345mm (23.9x13.58") diag: 698mm (27.49")
modes: N/A
Monitor-2: DP-2 pos: primary,left res: 1080x1920 hz: 60
dpi: 96 size: 286x509mm (11.26x20.04") diag: 584mm (22.99")
modes: N/A
OpenGL: renderer: NVIDIA GeForce GTX 1650/PCIe/SSE2 v: 4.6.0
NVIDIA 515.65.01 direct render: Yes
Audio:
Device-1: NVIDIA driver: snd_hda_intel v: kernel pcie:
bus-ID: 1-5:3 chip-ID: 1bcf:2283 gen: 3 speed: 8 GT/s
class-ID: 0102 lanes: 16 serial: <filter> bus-ID: 29:00.1
chip-ID: 10de:10fa class-ID: 0403
Device-2: AMD Starship/Matisse HD Audio
vendor: Micro-Star MSI driver: snd_hda_intel v: kernel pcie:
gen: 4 speed: 16 GT/s lanes: 16 bus-ID: 2b:00.4
chip-ID: 1022:1487 class-ID: 0403
Device-3: Sunplus Innovation FULL HD webcam type: USB
driver: snd-usb-audio,uvcvideo
Sound Server-1: ALSA v: k5.19.5-zen1-1-zen running: yes
Sound Server-2: PulseAudio v: 16.1 running: no
Sound Server-3: PipeWire v: 0.3.56 running: yes
Network:
Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit
Ethernet vendor: Micro-Star MSI driver: r8169 v: kernel
pcie: gen: 1 speed: 2.5 GT/s lanes: 1 port: f000
bus-ID: 25:00.0 chip-ID: 10ec:8168 class-ID: 0200
IF: enp37s0 state: up speed: 100 Mbps duplex: full
mac: <filter>
IF-ID-1: br-c3cf69c011d9 state: up speed: 10000 Mbps
duplex: unknown mac: <filter>
IF-ID-2: docker0 state: up speed: 10000 Mbps
duplex: unknown mac: <filter>
IF-ID-3: veth34e8462 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-4: veth35d01a4 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-5: veth4d602c6 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-6: veth5830ee6 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-7: veth7b2cb17 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-8: veth8a5a4f6 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-9: vethe705c11 state: up speed: 10000 Mbps
duplex: full mac: <filter>
IF-ID-10: virbr0 state: down mac: <filter>
Bluetooth:
Device-1: Realtek Bluetooth Radio type: USB driver: btusb
v: 0.8 bus-ID: 1-6:4 chip-ID: 0bda:8771 class-ID: e001
serial: <filter>
Report: bt-adapter ID: hci0 rfk-id: 0 state: up
address: <filter>
Drives:
Local Storage: total: 5.49 TiB used: 358.83 GiB (6.4%)
SMART Message: Unable to run smartctl. Root privileges
required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston
model: SA2000M81000G size: 931.51 GiB block-size:
physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4
type: SSD serial: <filter> rev: S5Z42105 temp: 44.9 C
scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Samsung model: SSD 860
EVO 1TB size: 931.51 GiB block-size: physical: 512 B
logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter>
rev: 4B6Q scheme: GPT
ID-3: /dev/sdb maj-min: 8:16 vendor: Seagate
model: ST4000DM004-2CV104 size: 3.64 TiB block-size:
physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: HDD
rpm: 5425 serial: <filter> rev: 0001 scheme: GPT
ID-4: /dev/sdc maj-min: 8:32 type: USB vendor: Sony
model: Storage Media size: 28.86 GiB block-size:
physical: 512 B logical: 512 B type: N/A serial: <filter>
rev: PMAP scheme: MBR
SMART Message: Unknown USB bridge. Flash drive/Unsupported
enclosure?
Partition:
ID-1: / raw-size: 175.44 GiB size: 175.44 GiB (100.00%)
used: 108.66 GiB (61.9%) fs: btrfs dev: /dev/nvme0n1p7
maj-min: 259:7
ID-2: /boot/efi raw-size: 350.3 MiB size: 349.5 MiB
(99.80%) used: 592 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p4
maj-min: 259:4
ID-3: /home raw-size: 273.44 GiB size: 273.44 GiB (100.00%)
used: 212.5 GiB (77.7%) fs: btrfs dev: /dev/nvme0n1p6
maj-min: 259:6
ID-4: /var/log raw-size: 175.44 GiB size: 175.44 GiB
(100.00%) used: 108.66 GiB (61.9%) fs: btrfs
dev: /dev/nvme0n1p7 maj-min: 259:7
ID-5: /var/tmp raw-size: 175.44 GiB size: 175.44 GiB
(100.00%) used: 108.66 GiB (61.9%) fs: btrfs
dev: /dev/nvme0n1p7 maj-min: 259:7
Swap:
Kernel: swappiness: 133 (default 60)
cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 31.3 GiB used: 5.8 MiB (0.0%)
priority: 100 dev: /dev/zram0
ID-2: swap-2 type: partition size: 15.82 GiB used: 0 KiB
(0.0%) priority: -2 dev: /dev/nvme0n1p5 maj-min: 259:5
Sensors:
System Temperatures: cpu: 59.0 C mobo: N/A gpu: nvidia
temp: 42 C
Fan Speeds (RPM): N/A gpu: nvidia fan: 30%
Info:
Processes: 675 Uptime: 56m wakeups: 0 Memory: 31.3 GiB
used: 14.22 GiB (45.4%) Init: systemd v: 251
default: graphical tool: systemctl Compilers: gcc: 12.2.0
alt: 11 clang: 14.0.6 Packages: pacman: 2176 lib: 567
flatpak: 0 Shell: fish v: 3.5.1 default: Bash v: 5.1.16
running-in: konsole inxi: 3.3.20
Garuda (2.6.6-1):
System install date:     2022-06-07
Last full system update: 2022-08-31
Is partially upgraded:   No
Relevant software:       NetworkManager
Windows dual boot:       Probably (Run as root to verify)
Snapshots:               Snapper
Failed units:

• Poetry version: 1.20
• **Link of a Gist

Issue

I can't run poetry publish, I tried running it bare-bones; I tried running it with username and password (-u, -p). No luck.

Something that stands out from the log:

Found authentication information for pypi.

Not sure where this is stored, but I would love to delete this, and see what happens. I don't know where it is, ideas/knowledge?

/home/can/.config/pypoetry/config.toml is empty.

PyPi link in error log is unapplicable to my problem because I never get to provide my credentials. Error log:

[🔴] × poetry publish -vvv
Loading configuration file /home/can/.config/pypoetry/config.toml

No suitable keyring backend found
No suitable keyring backends were found
Keyring is not available, credentials will be stored and retrieved from configuration files as plaintext.
Found authentication information for pypi.
Publishing mextractor (1.1.1) to PyPI
 - Uploading mextractor-1.1.1-py3-none-any.whl 0%[urllib3.connectionpool] Starting new HTTPS connection (1): upload.pypi.org:443
 - Uploading mextractor-1.1.1-py3-none-any.whl 100%[urllib3.connectionpool] https://upload.pypi.org:443 "POST /legacy/ HTTP/1.1" 403 None
 - Uploading mextractor-1.1.1-py3-none-any.whl FAILED

  Stack trace:

  1  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/publishing/uploader.py:293 in _upload_file
      291│                     bar.display()
      292│                 else:
    → 293│                     resp.raise_for_status()
      294│             except (requests.ConnectionError, requests.HTTPError) as e:
      295│                 if self._io.output.is_decorated():

  HTTPError

  403 Client Error: Invalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information. for url: https://upload.pypi.org/legacy/

  at ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/requests/models.py:1021 in raise_for_status
      1017│                 f"{self.status_code} Server Error: {reason} for url: {self.url}"
      1018│             )
      1019│ 
      1020│         if http_error_msg:
    → 1021│             raise HTTPError(http_error_msg, response=self)
      1022│ 
      1023│     def close(self):
      1024│         """Releases the connection back to the pool. Once this method has been
      1025│         called the underlying ``raw`` object must not be accessed again.

The following error occurred when trying to handle this error:


  Stack trace:

  11  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/cleo/application.py:329 in run
       327│ 
       328│             try:
     → 329│                 exit_code = self._run(io)
       330│             except Exception as e:
       331│                 if not self._catch_exceptions:

  10  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/console/application.py:185 in _run
       183│         self._load_plugins(io)
       184│ 
     → 185│         exit_code: int = super()._run(io)
       186│         return exit_code
       187│ 

   9  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/cleo/application.py:423 in _run
       421│             io.input.set_stream(stream)
       422│ 
     → 423│         exit_code = self._run_command(command, io)
       424│         self._running_command = None
       425│ 

   8  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/cleo/application.py:465 in _run_command
       463│ 
       464│         if error is not None:
     → 465│             raise error
       466│ 
       467│         return event.exit_code

   7  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/cleo/application.py:449 in _run_command
       447│ 
       448│             if event.command_should_run():
     → 449│                 exit_code = command.run(io)
       450│             else:
       451│                 exit_code = ConsoleCommandEvent.RETURN_CODE_DISABLED

   6  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/cleo/commands/base_command.py:119 in run
       117│         io.input.validate()
       118│ 
     → 119│         status_code = self.execute(io)
       120│ 
       121│         if status_code is None:

   5  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/cleo/commands/command.py:83 in execute
        81│ 
        82│         try:
     →  83│             return self.handle()
        84│         except KeyboardInterrupt:
        85│             return 1

   4  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/console/commands/publish.py:82 in handle
        80│         )
        81│ 
     →  82│         publisher.publish(
        83│             self.option("repository"),
        84│             self.option("username"),

   3  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/publishing/publisher.py:86 in publish
        84│         )
        85│ 
     →  86│         self._uploader.upload(
        87│             url,
        88│             cert=resolved_cert,

   2  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/publishing/uploader.py:131 in upload
       129│ 
       130│         try:
     → 131│             self._upload(session, url, dry_run, skip_existing)
       132│         finally:
       133│             session.close()

   1  ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/publishing/uploader.py:222 in _upload
       220│             # TODO: Check existence
       221│ 
     → 222│             self._upload_file(session, url, file, dry_run, skip_existing)
       223│ 
       224│     def _upload_file(

  UploadError

  HTTP Error 403: Invalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information. | b'<html>\n <head>\n  <title>403 Invalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information.\n \n <body>\n  <h1>403 Invalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information.\n  Access was denied to this resource.<br/><br/>\nInvalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information.\n\n\n \n'

  at ~/.local/share/pypoetry/venv/lib/python3.10/site-packages/poetry/publishing/uploader.py:299 in _upload_file
      295│                 if self._io.output.is_decorated():
      296│                     self._io.overwrite(
      297│                         f" - Uploading {file.name} FAILED"
      298│                     )
    → 299│                 raise UploadError(e)
      300│             finally:
      301│                 self._io.write_line("")
      302│ 
      303│     def _register(self, session: requests.Session, url: str) -> requests.Response:

[neersighted]

Your credentials should be in ~/.config/pypoetry/auth.toml -- are there any repository credentials there? They can be specified using environmental variables and flags as well.

[caniko]

No, there is no ~/.config/pypoetry/auth.toml

I also checked POETRY_HTTP_BASIC_MY_REPOSITORY_PASSWORD, it is empty.

[caniko]

Found that this is the correct format to define API tokens for publish:
poetry publish -u __token__ -p pypi-<REDACTED>

Found authentication information for pypi. is incorrect.

Thanks for the help on Discord @neersighted

[neersighted]

https://pypi.org/help/#apitoken for those that stumble across this.

[hauntsaninja]

I just upgraded to poetry 1.2 and am running into this as well. While passing creds on the command line is fine, previous behaviour was that poetry asked for username and password; is that intentionally no longer the case?

[neersighted]

Looks like it managed to escape the changelog through an edge case:

Cleo dropped support for the codepath we were using a long time ago, but the code was still in Poetry. It wasn't working due to being missing from Cleo, but wasn't detected due to a lack of tests. A contributor detected it and removed it in #5889 as dead code.

A new implementation could be added, but I am more inclined to try and have a helpful error message when no credentials are detected for a publishing target. Was specifying these values interactively (vs. via the environment, keyring, auth config file, or arguments) immensely valuable to you (especially given using a token is best practice)?

[hauntsaninja]

Thanks for the quick response! Makes sense how that escaped changelogging

I found specifying them interactively valuable, but "immensely" might be a high bar :-)

Passing things interactively avoids secrets going into my command line history or other files. Out of the options you mention, it sounds like keyring would also serve that use case (although I don't see how to set that up / doesn't look like it would work with my password manager).

especially given using a token is best practice

Note that you could use a token with the old interactive code path, you just needed to set username to __token__

[neersighted]

It's true that you could use a token, but the utility of an interactive flow seems significantly reduced by the need to copy-and-paste. If you just need to keep it from being written to disk unencrypted, why don't you <space>poetry publish -u __token__ -p <token>? By prefixing with a space, most shells (bash, zsh, fish, tcsh, ksh, probably more) will not write the command to history.

[miohtama]

Just to let you know, I encountered this issue today. Before poetry publish has prompted me for my username and password, but now it thinks it has credentials (it doesn't - this is a clean computer).

As a workaround I created API token and passing it using poetry publish -u __token__ -p. Looks like one in ~/.pypirc is not picked up - PyPi portal advises to use ~/.pypirc on their Add token page.

[neersighted]

Poetry currently does not support pypirc (though it could be added and might be a nice addition once the authenticator code is further cleaned up). It's worth nothing that poetry publish does not think it has credentials, but instead can no longer prompt due to changes in Poetry's dependencies. Interactive use was considered niche and thus only got a changelog callout in a beta version of 1.2 -- so it may fly under the radar for some.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.