From 70c9b36582554e9a306429f1c29cca5c47d7d41c Mon Sep 17 00:00:00 2001 From: Pradyun Gedam Date: Wed, 25 May 2022 12:38:57 +0530 Subject: [PATCH] Merge pull request #11134 from q0w/revert-10998-handle-netrc Revert "Prioritize url credentials over netrc" --- news/10979.bugfix.rst | 1 + src/pip/_internal/network/auth.py | 5 ++- tests/functional/test_install_config.py | 43 ------------------------- 3 files changed, 3 insertions(+), 46 deletions(-) create mode 100644 news/10979.bugfix.rst diff --git a/news/10979.bugfix.rst b/news/10979.bugfix.rst new file mode 100644 index 00000000000..5088bc2b99a --- /dev/null +++ b/news/10979.bugfix.rst @@ -0,0 +1 @@ +Revert `#10979 `_ since it introduced a regression in certain edge cases. diff --git a/src/pip/_internal/network/auth.py b/src/pip/_internal/network/auth.py index e40ebfb2785..ca42798bd95 100644 --- a/src/pip/_internal/network/auth.py +++ b/src/pip/_internal/network/auth.py @@ -109,8 +109,7 @@ def _get_index_url(self, url: str) -> Optional[str]: def _get_new_credentials( self, original_url: str, - *, - allow_netrc: bool = False, + allow_netrc: bool = True, allow_keyring: bool = False, ) -> AuthInfo: """Find and return credentials for the specified URL.""" @@ -261,7 +260,7 @@ def handle_401(self, resp: Response, **kwargs: Any) -> Response: # Query the keyring for credentials: username, password = self._get_new_credentials( resp.url, - allow_netrc=True, + allow_netrc=False, allow_keyring=True, ) diff --git a/tests/functional/test_install_config.py b/tests/functional/test_install_config.py index c90be5bb4da..2e4bb742785 100644 --- a/tests/functional/test_install_config.py +++ b/tests/functional/test_install_config.py @@ -415,46 +415,3 @@ def get_credential(url, username): assert "get_credential was called" in result.stderr else: assert "get_credential was called" not in result.stderr - - -def test_prioritize_url_credentials_over_netrc( - script: PipTestEnvironment, - data: TestData, - cert_factory: CertFactory, -) -> None: - cert_path = cert_factory() - ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - ctx.load_cert_chain(cert_path, cert_path) - ctx.load_verify_locations(cafile=cert_path) - ctx.verify_mode = ssl.CERT_REQUIRED - - server = make_mock_server(ssl_context=ctx) - server.mock.side_effect = [ - package_page( - { - "simple-3.0.tar.gz": "/files/simple-3.0.tar.gz", - } - ), - authorization_response(str(data.packages / "simple-3.0.tar.gz")), - ] - - url = f"https://USERNAME:PASSWORD@{server.host}:{server.port}/simple" - - netrc = script.scratch_path / ".netrc" - netrc.write_text( - f"machine {server.host} login wrongusername password wrongpassword" - ) - with server_running(server): - script.environ["NETRC"] = netrc - script.pip( - "install", - "--no-cache-dir", - "--index-url", - url, - "--cert", - cert_path, - "--client-cert", - cert_path, - "simple", - ) - script.assert_installed(simple="3.0")