frostming / unearth

A utility to fetch and download python packages
https://unearth.readthedocs.io
MIT License
142 stars 18 forks source link

fix: revert the handling of 403 and 404 #75

Closed frostming closed 1 year ago

frostming commented 1 year ago

Signed-off-by: Frost Ming me@frostming.com

This PR reverts some changes made by #70 but uses a different way, so that:

Before sending request to the index, the credentials in netrc will be read to authenticate the request. And only when the request fails with 401 error, the keyring will be queried and then prompt in the console.

This means if your index returns 403 or even 404 on unauthorized requests, you must rely on the credentials provided via netrc. Otherwise the error response will be returned without any atttempt to load other credentials.

This behavior is also the same as pip.

logangrado commented 1 year ago

I would only suggest that we add allow_netrc=True to this call here: https://github.com/frostming/unearth/blob/d2dd7cf7a8c989f35a467997f2bb8f9c47fe12f0/src/unearth/auth.py#L238

That way we are not only relying on the default value in _get_new_credentials, but also encoding it here. This would make it clear that we always want to use netrc for the initial call.

frostming commented 1 year ago

it clear that we always want to use netrc for the initial call.

Good point, done.