|
4 | 4 | providing credentials in the context of network requests. |
5 | 5 | """ |
6 | 6 |
|
| 7 | +import os |
7 | 8 | import shutil |
8 | 9 | import subprocess |
9 | 10 | import urllib.parse |
10 | | -from typing import Any, Dict, List, NamedTuple, Optional, Tuple |
| 11 | +from abc import ABC, abstractmethod |
| 12 | +from typing import Any, Dict, List, NamedTuple, Optional, Tuple, Type |
11 | 13 |
|
12 | 14 | from pip._vendor.requests.auth import AuthBase, HTTPBasicAuth |
13 | 15 | from pip._vendor.requests.models import Request, Response |
|
27 | 29 |
|
28 | 30 |
|
29 | 31 | class Credentials(NamedTuple): |
30 | | - service_name: str |
| 32 | + url: str |
31 | 33 | username: str |
32 | 34 | password: str |
33 | 35 |
|
34 | 36 |
|
35 | | -class KeyRingCli: |
36 | | - """Mirror the parts of keyring's API which pip uses |
| 37 | +class KeyRingBaseProvider(ABC): |
| 38 | + """Keyring base provider interface""" |
| 39 | + |
| 40 | + @classmethod |
| 41 | + @abstractmethod |
| 42 | + def is_available(cls) -> bool: |
| 43 | + ... |
| 44 | + |
| 45 | + @classmethod |
| 46 | + @abstractmethod |
| 47 | + def get_auth_info(cls, url: str, username: Optional[str]) -> Optional[AuthInfo]: |
| 48 | + ... |
| 49 | + |
| 50 | + @classmethod |
| 51 | + @abstractmethod |
| 52 | + def save_auth_info(cls, url: str, username: str, password: str) -> None: |
| 53 | + ... |
| 54 | + |
| 55 | + |
| 56 | +class KeyRingPythonProvider(KeyRingBaseProvider): |
| 57 | + """Keyring interface which uses locally imported `keyring`""" |
| 58 | + |
| 59 | + try: |
| 60 | + import keyring |
| 61 | + except ImportError: |
| 62 | + keyring = None # type: ignore[assignment] |
| 63 | + |
| 64 | + @classmethod |
| 65 | + def is_available(cls) -> bool: |
| 66 | + return cls.keyring is not None |
| 67 | + |
| 68 | + @classmethod |
| 69 | + def get_auth_info(cls, url: str, username: Optional[str]) -> Optional[AuthInfo]: |
| 70 | + if cls.is_available is False: |
| 71 | + return None |
| 72 | + |
| 73 | + # Support keyring's get_credential interface which supports getting |
| 74 | + # credentials without a username. This is only available for |
| 75 | + # keyring>=15.2.0. |
| 76 | + if hasattr(cls.keyring, "get_credential"): |
| 77 | + logger.debug("Getting credentials from keyring for %s", url) |
| 78 | + cred = cls.keyring.get_credential(url, username) |
| 79 | + if cred is not None: |
| 80 | + return cred.username, cred.password |
| 81 | + return None |
| 82 | + |
| 83 | + if username is not None: |
| 84 | + logger.debug("Getting password from keyring for %s", url) |
| 85 | + password = cls.keyring.get_password(url, username) |
| 86 | + if password: |
| 87 | + return username, password |
| 88 | + return None |
| 89 | + |
| 90 | + @classmethod |
| 91 | + def save_auth_info(cls, url: str, username: str, password: str) -> None: |
| 92 | + cls.keyring.set_password(url, username, password) |
| 93 | + |
| 94 | + |
| 95 | +class KeyRingCliProvider(KeyRingBaseProvider): |
| 96 | + """Provider which uses `keyring` cli |
37 | 97 |
|
38 | 98 | Instead of calling the keyring package installed alongside pip |
39 | 99 | we call keyring on the command line which will enable pip to |
40 | 100 | use which ever installation of keyring is available first in |
41 | 101 | PATH. |
42 | 102 | """ |
43 | 103 |
|
44 | | - def __init__(self, keyring: str) -> None: |
45 | | - self.keyring = keyring |
| 104 | + keyring = shutil.which("keyring") |
| 105 | + |
| 106 | + @classmethod |
| 107 | + def is_available(cls) -> bool: |
| 108 | + return cls.keyring is not None |
46 | 109 |
|
47 | | - def get_password(self, service_name: str, username: str) -> Optional[str]: |
48 | | - cmd = [self.keyring, "get", service_name, username] |
| 110 | + @classmethod |
| 111 | + def get_auth_info(cls, url: str, username: Optional[str]) -> Optional[AuthInfo]: |
| 112 | + if cls.is_available is False: |
| 113 | + return None |
| 114 | + |
| 115 | + # This is the default implementation of keyring.get_credential |
| 116 | + # https://github.com/jaraco/keyring/blob/97689324abcf01bd1793d49063e7ca01e03d7d07/keyring/backend.py#L134-L139 |
| 117 | + if username is not None: |
| 118 | + password = cls._get_password(url, username) |
| 119 | + if password is not None: |
| 120 | + return username, password |
| 121 | + return None |
| 122 | + |
| 123 | + @classmethod |
| 124 | + def save_auth_info(cls, url: str, username: str, password: str) -> None: |
| 125 | + if not cls.is_available: |
| 126 | + raise RuntimeError("keyring is not available") |
| 127 | + return cls._set_password(url, username, password) |
| 128 | + |
| 129 | + @classmethod |
| 130 | + def _get_password(cls, service_name: str, username: str) -> Optional[str]: |
| 131 | + """Mirror the implemenation of keyring.get_password using cli""" |
| 132 | + if cls.keyring is None: |
| 133 | + return None |
| 134 | + |
| 135 | + cmd = [cls.keyring, "get", service_name, username] |
| 136 | + env = os.environ |
| 137 | + env["PYTHONIOENCODING"] = "utf-8" |
49 | 138 | res = subprocess.run( |
50 | 139 | cmd, |
51 | 140 | stdin=subprocess.DEVNULL, |
52 | 141 | capture_output=True, |
53 | | - env=dict(PYTHONIOENCODING="utf-8"), |
| 142 | + env=env, |
54 | 143 | ) |
55 | 144 | if res.returncode: |
56 | 145 | return None |
57 | 146 | return res.stdout.decode("utf-8").strip("\n") |
58 | 147 |
|
59 | | - def set_password(self, service_name: str, username: str, password: str) -> None: |
60 | | - cmd = [self.keyring, "set", service_name, username] |
| 148 | + @classmethod |
| 149 | + def _set_password(cls, service_name: str, username: str, password: str) -> None: |
| 150 | + """Mirror the implemenation of keyring.set_password using cli""" |
| 151 | + if cls.keyring is None: |
| 152 | + return None |
| 153 | + |
| 154 | + cmd = [cls.keyring, "set", service_name, username] |
61 | 155 | input_ = password.encode("utf-8") + b"\n" |
62 | | - res = subprocess.run(cmd, input=input_, env=dict(PYTHONIOENCODING="utf-8")) |
| 156 | + env = os.environ |
| 157 | + env["PYTHONIOENCODING"] = "utf-8" |
| 158 | + res = subprocess.run(cmd, input=input_, env=env) |
63 | 159 | res.check_returncode() |
64 | 160 | return None |
65 | 161 |
|
66 | 162 |
|
67 | | -try: |
68 | | - import keyring |
69 | | -except ImportError: |
70 | | - keyring = None # type: ignore[assignment] |
71 | | - keyring_path = shutil.which("keyring") |
72 | | - if keyring_path is not None: |
73 | | - keyring = KeyRingCli(keyring_path) # type: ignore[assignment] |
74 | | -except Exception as exc: |
75 | | - logger.warning( |
76 | | - "Keyring is skipped due to an exception: %s", |
77 | | - str(exc), |
78 | | - ) |
79 | | - keyring = None # type: ignore[assignment] |
| 163 | +def get_keyring_provider() -> Optional[Type[KeyRingBaseProvider]]: |
| 164 | + if KeyRingPythonProvider.is_available(): |
| 165 | + return KeyRingPythonProvider |
| 166 | + if KeyRingCliProvider.is_available(): |
| 167 | + return KeyRingCliProvider |
| 168 | + return None |
80 | 169 |
|
81 | 170 |
|
82 | 171 | def get_keyring_auth(url: Optional[str], username: Optional[str]) -> Optional[AuthInfo]: |
83 | 172 | """Return the tuple auth for a given url from keyring.""" |
84 | | - global keyring |
85 | | - if not url or not keyring: |
| 173 | + # Do nothing if no url was provided |
| 174 | + if not url: |
86 | 175 | return None |
87 | 176 |
|
88 | | - try: |
89 | | - try: |
90 | | - get_credential = keyring.get_credential |
91 | | - except AttributeError: |
92 | | - pass |
93 | | - else: |
94 | | - logger.debug("Getting credentials from keyring for %s", url) |
95 | | - cred = get_credential(url, username) |
96 | | - if cred is not None: |
97 | | - return cred.username, cred.password |
98 | | - return None |
99 | | - |
100 | | - if username: |
101 | | - logger.debug("Getting password from keyring for %s", url) |
102 | | - password = keyring.get_password(url, username) |
103 | | - if password: |
104 | | - return username, password |
| 177 | + keyring = get_keyring_provider() |
| 178 | + # Do nothin if keyring is not available |
| 179 | + if keyring is None: |
| 180 | + return None |
105 | 181 |
|
106 | | - except Exception as exc: |
107 | | - logger.warning( |
108 | | - "Keyring is skipped due to an exception: %s", |
109 | | - str(exc), |
110 | | - ) |
111 | | - keyring = None # type: ignore[assignment] |
112 | | - return None |
| 182 | + return keyring.get_auth_info(url, username) |
113 | 183 |
|
114 | 184 |
|
115 | 185 | class MultiDomainBasicAuth(AuthBase): |
@@ -283,7 +353,7 @@ def _prompt_for_password( |
283 | 353 |
|
284 | 354 | # Factored out to allow for easy patching in tests |
285 | 355 | def _should_save_password_to_keyring(self) -> bool: |
286 | | - if not keyring: |
| 356 | + if get_keyring_provider() is None: |
287 | 357 | return False |
288 | 358 | return ask("Save credentials to keyring [y/N]: ", ["y", "n"]) == "y" |
289 | 359 |
|
@@ -319,7 +389,7 @@ def handle_401(self, resp: Response, **kwargs: Any) -> Response: |
319 | 389 | # Prompt to save the password to keyring |
320 | 390 | if save and self._should_save_password_to_keyring(): |
321 | 391 | self._credentials_to_save = Credentials( |
322 | | - service_name=parsed.netloc, |
| 392 | + url=parsed.netloc, |
323 | 393 | username=username, |
324 | 394 | password=password, |
325 | 395 | ) |
@@ -355,15 +425,16 @@ def warn_on_401(self, resp: Response, **kwargs: Any) -> None: |
355 | 425 |
|
356 | 426 | def save_credentials(self, resp: Response, **kwargs: Any) -> None: |
357 | 427 | """Response callback to save credentials on success.""" |
| 428 | + keyring = get_keyring_provider() |
358 | 429 | assert keyring is not None, "should never reach here without keyring" |
359 | 430 | if not keyring: |
360 | | - return |
| 431 | + return None |
361 | 432 |
|
362 | 433 | creds = self._credentials_to_save |
363 | 434 | self._credentials_to_save = None |
364 | 435 | if creds and resp.status_code < 400: |
365 | 436 | try: |
366 | 437 | logger.info("Saving credentials to keyring") |
367 | | - keyring.set_password(creds.service_name, creds.username, creds.password) |
| 438 | + keyring.save_auth_info(creds.url, creds.username, creds.password) |
368 | 439 | except Exception: |
369 | 440 | logger.exception("Failed to save credentials") |
0 commit comments