Closed ewjoachim closed 2 years ago
Wow, that was fast! I'm not sure when I will get to testing, as I'll be unavailable most of the time from June 1st to 15th.
Ok, then I'll do it on my side :)
now = datetime.datetime.now(tz=datetime.timezone.utc)
one_day = datetime.timedelta(days=1)
original_token = os.environ["TOKEN"]
TOKEN_A = pypitoken.Token.load(original_token).restrict(not_before=now, not_after=now + one_day).dump()
TOKEN_B = pypitoken.Token.load(original_token).restrict(not_before=d - one_date - one_day, not_after=d - one_day).dump()
$ twine upload -r testpypi --verbose dist/ewjoachim-test-0-1000.tar.gz -u __token__ -p $TOKEN_A
Using configuration from /Users/joachim/.pypirc
Uploading distributions to https://test.pypi.org/legacy/
dist/ewjoachim-test-0-1000.tar.gz (1.2 KB)
username set by command options
password set by command options
username: __token__
password: <hidden>
Uploading ewjoachim-test-0-1000.tar.gz
100%|████████████████████████████████████████████████████████████████████████████████████████| 3.68k/3.68k [00:00<00:00, 4.74kB/s]
View at:
https://test.pypi.org/project/ewjoachim-test-0/1000/
$ twine upload -r testpypi --verbose dist/ewjoachim-test-0-1000.tar.gz -u __token__ -p $TOKEN_B
Using configuration from /Users/joachim/.pypirc
Uploading distributions to https://test.pypi.org/legacy/
dist/ewjoachim-test-0-1000.tar.gz (1.2 KB)
username set by command options
password set by command options
username: __token__
password: <hidden>
Uploading ewjoachim-test-0-1000.tar.gz
100%|████████████████████████████████████████████████████████████████████████████████████████| 3.68k/3.68k [00:00<00:00, 6.83kB/s]
Content received from server:
<html>
<head>
<title>403 Invalid API Token: InvalidMacaroonError('invalid macaroon')</title>
</head>
<body>
<h1>403 Invalid API Token: InvalidMacaroonError('invalid macaroon')</h1>
Access was denied to this resource.<br/><br/>
Invalid API Token: InvalidMacaroonError('invalid macaroon')
</body>
</html>
HTTPError: 403 Forbidden from https://test.pypi.org/legacy/
Invalid API Token: InvalidMacaroonError('invalid macaroon')
Seems it's working as expected !
I finally got around to implement pypitoken
support for the upcoming devpi-client 6.0.0
and successfully tested it with test.pypi.org
. Thanks again!
I hope it's ok, but I left a few comments on the commit introducing this in devpi-client. Nice work !
Closes #92
Hey @fschulze :) Do you think you could do a round of code review ? Also, I haven't taken the time to try the new macaroons against (Test)PyPI, so if you want to give it a try, feel free :) (you can generate an unscoped token on TestPyPI, then use this PR to create 2 tokens with time restrictions: one that includes now and one that excludes now. PyPI should let you upload with the first one and not with the 2nd one)
Checklist: