Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP status client error (401 Unauthorized) / (403 Forbidden) for packages hosted on a JFrog PyPI repo #2566

Closed
ealap opened this issue Mar 20, 2024 · 3 comments · Fixed by #2592
Closed

HTTP status client error (401 Unauthorized) / (403 Forbidden) for packages hosted on a JFrog PyPI repo #2566

ealap opened this issue Mar 20, 2024 · 3 comments · Fixed by #2592
Assignees
@zanieb
Labels
bug Something isn't working registry Related to package indexes and registries

Comments

@ealap
Copy link

ealap commented Mar 20, 2024
edited
Loading

Similar to an issue reported at #2444, the authentication fails when trying to install packages from extra index URL pointing to a JFrog PyPI repo

export UV_EXTRA_INDEX_URL="https://<JFROG_USERNAME>:<JFROG_ACCESS_TOKEN>@<JFROG_ARTIFACTORY_URL>/api/pypi/simple"
uv pip install --verbose --compile --no-cache --requirement="requirements.txt" --override="override.txt"

# Output
# A bunch logs like these
DEBUG No cache entry for: https://<JFROG_ARTIFACTORY_URL>/api/pypi/packages/xxx/xxx/packageAAA-1.0.0.whl#sha256=xxx
DEBUG Adding authentication to already-seen URL: https://<JFROG_ARTIFACTORY_URL>/api/pypi/packages/xxx/xxx/packageAAA-1.0.0.whl#sha256=xxx

# then finally 403 error
error: Failed to download: packageBBB==31.4.0
  Caused by: HTTP status client error (403 Forbidden) for url (https://<JFROG_ARTIFACTORY_URL>/api/pypi/packages/xxx/xxx/packageBBB==31.4.0.whl#sha256=xxx)

# sometimes 401 error
error: Failed to download: packageCCC==2.3.0
  Caused by: HTTP status client error (401 Unauthorized) for url (https://<JFROG_ARTIFACTORY_URL>/api/pypi/packages/xxx/xxx/packageCCC==2.3.0.whl#sha256=xxx)

uv versions where it doesn't work:

uv==0.1.19
uv==0.1.22 # current latest at the time of this issue

The issue was fixed by on v0.1.20 likely because it has the same root cause as #2444 that was fixed by #2446). But it got broken again on v0.1.22 likely due to #2449.
@zanieb zanieb added bug Something isn't working registry Related to package indexes and registries labels Mar 20, 2024
@zanieb zanieb self-assigned this Mar 20, 2024
@zanieb
Copy link
Member

zanieb commented Mar 21, 2024

Can you confirm that the JFROG_ARTIFACTORY_URL part of the URL is consistent?

Are there logs like No credentials found for: ... and Request already has an authorization header: ...? Do you think you can share the full logs?

@ealap
Copy link
Author

ealap commented Mar 21, 2024
edited
Loading

Yes, JFROG_ARTIFACTORY_URL is the same for all packages.

Here's the install log (with redacted info) 
DEBUG Found a virtualenv through VIRTUAL_ENV at: /home/ealap/.cache/pypoetry/virtualenvs/sample-project-L4q7N5gd-py3.10
DEBUG Probing interpreter info for: /home/ealap/.cache/pypoetry/virtualenvs/sample-project-L4q7N5gd-py3.10/bin/python
DEBUG Found Python 3.10.13 for: /home/ealap/.cache/pypoetry/virtualenvs/sample-project-L4q7N5gd-py3.10/bin/python
DEBUG Using Python 3.10.13 environment at �[36m/home/ealap/.cache/pypoetry/virtualenvs/sample-project-L4q7N5gd-py3.10/bin/python�[39m
DEBUG Using registry request timeout of 300s
DEBUG Solving with target Python version 3.10.13
DEBUG Adding direct dependency: sympy==1.11.0
DEBUG No cache entry for: https://<JFROG_ARTIFACTORY_URL>/api/pypi/build/simple/sympy/
DEBUG Request already has an authorization header: https://<JFROG_ARTIFACTORY_URL>/api/pypi/build/simple/sympy/
DEBUG Searching for a compatible version of sympy (==1.11.0)
DEBUG Selecting: sympy==1.11.0 (sympy-1.11.0-py3-none-any.whl)
DEBUG No cache entry for: https://<JFROG_ARTIFACTORY_URL>/api/pypi/build/packages/packages/d0/04/66be21ceb305c66a4b326b0ae44cc4f027a43bc08cac204b48fb45bb3653/sympy-1.11.0-py3-none-any.whl#sha256=df75d738930f6fe9ebe7034e59d56698f29e85f443f743e51e47df0caccc2130
DEBUG Adding authentication to already-seen URL: https://<JFROG_ARTIFACTORY_URL>/api/pypi/build/packages/packages/d0/04/66be21ceb305c66a4b326b0ae44cc4f027a43bc08cac204b48fb45bb3653/sympy-1.11.0-py3-none-any.whl#sha256=df75d738930f6fe9ebe7034e59d56698f29e85f443f743e51e47df0caccc2130
error: Failed to download: sympy==1.11.0
  Caused by: HTTP status client error (403 Forbidden) for url (https://<JFROG_ARTIFACTORY_URL>/api/pypi/build/packages/packages/d0/04/66be21ceb305c66a4b326b0ae44cc4f027a43bc08cac204b48fb45bb3653/sympy-1.11.0-py3-none-any.whl#sha256=df75d738930f6fe9ebe7034e59d56698f29e85f443f743e51e47df0caccc2130)

@zanieb
Copy link
Member

zanieb commented Mar 21, 2024

Thanks!

@zanieb zanieb mentioned this issue Mar 21, 2024
Merged
zanieb added a commit that referenced this issue Mar 21, 2024
@zanieb
Fix authentication with JFrog artifactories (#2592)
7ee90dc 
Closes #2566 

We were storing the username e.g. `charlie@astral.sh` as a
percent-encoded string `charlie%40astral.sh` which resulted in different
headers and broke JFrog's artifactory which apparently does not decode
usernames.

Tested with a JFrog artifactory and AWS CodeArtifact although it is
worth noting that AWS does _not_ have a username with an `@` — it'd be
nice to test another artifactory with percent-encoded characters in the
username and/or password.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zanieb zanieb

Labels
bug Something isn't working registry Related to package indexes and registries
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix authentication with JFrog artifactories astral-sh/uv
2 participants
@zanieb @ealap