Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP 401 Unauthorized for private package index #1371

Closed
exs-avianello opened this issue Feb 15, 2024 · 16 comments · Fixed by #1886
Closed

HTTP 401 Unauthorized for private package index #1371

exs-avianello opened this issue Feb 15, 2024 · 16 comments · Fixed by #1886
Assignees
@zanieb
Labels
bug Something isn't working registry Related to package indexes and registries

Comments

@exs-avianello
Copy link

Hello! Very excited for this project ❤️

Installing a package from a private azure package index (Azure Artifacts) seems to be failing with a HTTP status client error (405 Method Not Allowed):

uv pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name                                          
error: Failed to download: package-name==X.Y.Z
  Caused by: HTTP status client error (405 Method Not Allowed) for url (pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/.../pypi/download/package-name/X.Y.Z/package_name-X.Y.Z-py3-none-any.whl#[sha256=])

The equivalent pip-native command works as expected

python -m pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name
@charliermarsh charliermarsh added the bug Something isn't working label Feb 15, 2024
@charliermarsh
Copy link
Member

Thank you! Will take a look.

@raylu raylu mentioned this issue Feb 15, 2024
Closed
@zanieb zanieb added the registry Related to package indexes and registries label Feb 15, 2024
@inigohidalgo inigohidalgo mentioned this issue Feb 16, 2024
Closed
@yogevyuval
Copy link

Same here - Really want to test (and replace pip with) uv but waiting for Azure artifacts support :( !

@charliermarsh
Copy link
Member

Thanks and sorry about that -- we'll get this setup internally and see if we can reproduce.

@zanieb
Copy link
Member

zanieb commented Feb 18, 2024

Yep this is a priority for me next week!

@MarcSkovMadsen
Copy link

+1. Same issue for me.

@MarcSkovMadsen MarcSkovMadsen mentioned this issue Feb 19, 2024
Closed
@charliermarsh charliermarsh self-assigned this Feb 19, 2024
@charliermarsh
Copy link
Member

I believe this is the same as #1458 (lack of support for HEAD requests).

@charliermarsh
Copy link
Member

Okay, @olivierlefloch fixed HEAD requests, but there's now an auth problem. @zanieb, do you want to take from here?

@exs-avianello
Copy link
Author

Thank you all!

I can confirm that on uv 0.1.6 this is no longer giving 405 Method Not Allowed but a 401 Unauthorized

uv pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name                                          
error: Failed to download: package-name==X.Y.Z
  Caused by: HTTP status client error (401 Unauthorized) for url (pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/.../pypi/download/package-name/X.Y.Z/package_name-X.Y.Z-py3-none-any.whl#[sha256=])

@gwdekker
Copy link

gwdekker commented Feb 22, 2024
edited
Loading

Same for gitlab hosted private package index: getting a 401 Unauthorized. Interestingly, opening the URL in the error message in the browser downloads the package for me without a problem. the url looks like this:

https://gitlab.com/api/v4/groups/<GROUP_NR>/-/packages/pypi/files/<SOME_LONG_HASH>/<PKG_NAME>-py3-none-any.whl#sha256=<PKG_SHA>

@zanieb
Copy link
Member

zanieb commented Feb 22, 2024

Hi! We just merged a fix with #1874 that's out in v0.1.8 — let me know if that helps. I'll continue testing against various private repositories.

@exs-avianello
Copy link
Author

Thank you @zanieb! At least for Azure Artifacts, I am still seeing the same error on 0.1.8 (401 Unauthorized)

@yogevyuval
Copy link

Same here, 401 Unauthorized for Azure Artifacts with uv 0.1.8

@zanieb zanieb changed the title uv pip install HTTP status client error (405 Method Not Allowed) for private azure package index HTTP 401 Unauthorized for private package index Feb 22, 2024
@zanieb
Copy link
Member

zanieb commented Feb 22, 2024
edited
Loading

For my own sanity, note this is also being tracked in #1709

@zanieb zanieb mentioned this issue Feb 22, 2024
Merged
@zanieb
Copy link
Member

zanieb commented Feb 22, 2024

A fix is up at #1886 if anyone wants to give it a try against a private index.

@inigohidalgo
Copy link

Verified working on azure artifacts feed using token authentication!!

Incredible work @zanieb, @olivierlefloch and @charliermarsh 🚀

zanieb added a commit that referenced this issue Feb 23, 2024
@zanieb
Ensure authentication is passed from the index url to distribution fi…
8a12b2e 
…les (#1886)

Closes #1709
Closes #1371

Tested with the reproduction provided in #1709 which gets past the HTTP
401.

Reuses the same copying logic we introduced in
#1874 to ensure authentication is
attached to file URLs with a realm that matches that of the index. I had
to move the authentication logic into a new crate so it could be used in
`distribution-types`.

We will want to something more robust in the future, like track all
realms with authentication in a central store and perform lookups there.
That's what `pip` does and it allows consolidation of logic like netrc
lookups. That refactor feels significant though, and I'd like to get
this fixed ASAP so this is a minimal fix.
@exs-avianello
Copy link
Author

I can confirm as well ❤️ Thank you so much!

@inigohidalgo inigohidalgo mentioned this issue Feb 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zanieb zanieb

Labels
bug Something isn't working registry Related to package indexes and registries
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure authentication is passed from the index url to distribution files astral-sh/uv
7 participants
@yogevyuval @charliermarsh @zanieb @inigohidalgo @gwdekker @MarcSkovMadsen @exs-avianello