Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable user-level management of index credentials via uv (& keyring) #9920

Draft
wants to merge 19 commits into
base: main
Choose a base branch
from
Draft
49 changes: 22 additions & 27 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion crates/uv-auth/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,14 @@ url = { workspace = true }
urlencoding = { workspace = true }

uv-static = { workspace = true }
uv-dirs = { workspace = true }
toml.workspace = true
serde.workspace = true
thiserror.workspace = true
fs-err.workspace = true

[dev-dependencies]
tempfile = { workspace = true }
tempfile.workspace = true
tokio = { workspace = true }
wiremock = { workspace = true }
insta = { version = "1.40.0" }
Expand Down
74 changes: 74 additions & 0 deletions crates/uv-auth/src/credentials.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,20 @@ use base64::write::EncoderWriter;
use netrc::Netrc;
use reqwest::header::HeaderValue;
use reqwest::Request;

use futures::executor;
use std::io::Read;
use std::io::Write;
use tracing::{debug, error, trace, warn};

use url::Url;

use uv_static::EnvVars;

use crate::keyring_config::AuthConfig;
use crate::keyring_config::ConfigFile;
use crate::KeyringProvider;

#[derive(Clone, Debug, PartialEq)]
pub struct Credentials {
/// The name of the user for authentication.
Expand Down Expand Up @@ -155,6 +163,37 @@ impl Credentials {
}
}

/// Extract the [`Credentials`] from keyring, given a named source.
///
/// Look up the username stored for the named source in the user-level config.
/// Load the credentials from keyring for the service and username.
pub fn from_keyring(
name: &str,
url: &Url,
keyring_provider: Option<KeyringProvider>,
) -> Option<Self> {
debug!("Trying to read credentials for index {name} with url {url}");
if keyring_provider.is_none() {
trace!("No keyring provider available");
return None;
}

let auth_config = match AuthConfig::load() {
Ok(auth_config) => auth_config,
Err(e) => {
error!("Error loading auth config: {e}");
return None;
}
};

let Some(index) = auth_config.find_entry(name) else {
warn!("Could not find entry for {name}");
return None;
};

executor::block_on(keyring_provider.unwrap().fetch(url, &index.username))
}

/// Parse [`Credentials`] from an HTTP request, if any.
///
/// Only HTTP Basic Authentication is supported.
Expand Down Expand Up @@ -247,7 +286,11 @@ impl Credentials {

#[cfg(test)]
mod tests {

use insta::assert_debug_snapshot;
use tempfile::tempdir;

use crate::keyring_config::{reset_config_path, set_test_config_path};

use super::*;

Expand Down Expand Up @@ -353,4 +396,35 @@ mod tests {
assert_debug_snapshot!(header, @r###""Basic dXNlcjpwYXNzd29yZD09""###);
assert_eq!(Credentials::from_header_value(&header), Some(credentials));
}

#[test]
fn from_keyring() {
let username = "user";
let password = "password";
let index = "test_index";

let url = Url::parse("https://example.com").unwrap();
let keyring = KeyringProvider::dummy([((url.host_str().unwrap(), username), password)]);
let temp_dir = tempdir().unwrap();
let auth_config_path = temp_dir.into_path().join("test_auth.toml");

set_test_config_path(auth_config_path);

let mut auth_config = AuthConfig::load().unwrap();
auth_config.add_entry(index.to_string(), username.to_string());
auth_config.store().unwrap();

// Act
let credentials = Credentials::from_keyring(index, &url, Some(keyring));

assert_eq!(
credentials,
Some(Credentials::new(
Some(username.to_string()),
Some(password.to_string())
))
);

reset_config_path();
}
}
Loading
Loading