Open Carreau opened 1 year ago
di
commented
1 year ago I can confirm that projects that are in an organization are not being included in the list of scopes when creating a token at https://pypi.org/manage/account/token/, this seems to be a bug.
Also uploading to https://upload.pypi.org/legacy/ returned HTML though it's an API endpoint, it maybe return something machine/terminal readable ?
Are you able to share what the response was here?
di
commented
1 year ago The list of projects comes from here: https://github.com/pypi/warehouse/blob/cec621ac90b2a6e19760759e489c03616469c4eb/warehouse/manage/views/__init__.py#L842-L844
Carreau
commented
1 year ago Are you able to share what the response was here?
twine upload --verbose dist/ipython-8.14.0*
INFO Using configuration from ...
Uploading distributions to https://upload.pypi.org/legacy/
INFO dist/ipython-8.14.0-py3-none-any.whl (780.0 KB)
INFO dist/ipython-8.14.0.tar.gz (5.2 MB)
INFO username set from config file
INFO password set from config file
INFO username: ...
INFO password: <hidden>
Uploading ipython-8.14.0-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 814.4/814.4 kB • 00:01 • 817.1 kB/s
INFO Response from https://upload.pypi.org/legacy/:
401 User mbussonn has two factor auth enabled, an API Token or Trusted Publisher must be used to upload in place of
password.
INFO <html>
<head>
<title>401 User mbussonn has two factor auth enabled, an API Token or Trusted Publisher must be used to upload in
place of password.</title>
</head>
<body>
<h1>401 User mbussonn has two factor auth enabled, an API Token or Trusted Publisher must be used to upload in place
of password.</h1>
This server could not verify that you are authorized to access the document you requested. Either you supplied the
wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials
required.<br/><br/>
User mbussonn has two factor auth enabled, an API Token or Trusted Publisher must be used to upload in place of
password.
</body>
</html>
ERROR HTTPError: 401 Unauthorized from https://upload.pypi.org/legacy/
User mbussonn has two factor auth enabled, an API Token or Trusted Publisher must be used to upload in place of
password.There is already a 401, but I was astonished seeing html send to twine.
Twine 4.0.2
di
commented
1 year ago Ah, I thought you meant there was HTML in the error message. This is expected, this is how errors are communicated to twine, and you shouldn't see this unless you have verbosity turned on: https://github.com/pypa/twine/blob/0bb428c410b8df64c04dc881ac1db37d932f3066/twine/commands/upload.py#L149-L151
Carreau
commented
1 year ago Ok, fair.
di
commented
1 year ago Confirming that this is a bug. Plan is for a two stage fix:
Question 1) 1) How am I supposed to create an IPython scope token ? Should I have been redirected to maybe
https://pypi.org/manage/org/token/? Or is a personal token used to upload and IPython scope should be present ?<pickachu face>Question 2)
Also uploading to https://upload.pypi.org/legacy/ returned HTML though it's an API endpoint, it maybe return something machine/terminal readable ?