Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upload to PyPI silently fail #858

Open
jpscaletti opened this issue Feb 3, 2019 · 2 comments
Open

Upload to PyPI silently fail #858

jpscaletti opened this issue Feb 3, 2019 · 2 comments
Labels
Projects

Comments

@jpscaletti
Copy link

@jpscaletti jpscaletti commented Feb 3, 2019

  • I am on the latest Poetry version.

  • I have searched the issues of this repo and believe that this is not a duplicate.

  • If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

  • OS version and name: MacOS Mojave

  • Poetry version: 0.12.10

  • pyproject.toml

Issue

poetry publish fails silently if the Pypi server returns an error:

  1. If I use invalid credentials (it even shows the "Uploading foobar.tar.gz 100%" mesage)
  2. If the Pypi server returns an error.

I was trying to upload a project with an invalid name ("pipes", invalid because Python standard library has a module named the same) and nothing indicated me that the publishing was failing.

If I try with twine this is the output instead:

$ twine upload dist/*
Uploading distributions to https://upload.pypi.org/legacy/
Uploading Pipes-0.1.0-py3-none-any.whl
100%|████████████████████| 4.26k/4.26k [00:00<00:00, 7.88kB/s]
NOTE: Try --verbose to see response content.
HTTPError: 403 Client Error: The user 'jpscaletti' isn't allowed to upload to
project 'pipes'. See https://pypi.org/help/#project-name for more information.
for url: https://upload.pypi.org/legacy/

I think #742 is a specific case of this issue.

@carlosperate

This comment has been minimized.

Copy link

@carlosperate carlosperate commented May 19, 2019

I had a similar issue using v0.12.16 where using https://test.pypi.org/simple/ failed silently, but https://test.pypi.org/legacy/ worked.

@sztomi sztomi mentioned this issue Jul 28, 2019
3 of 3 tasks complete
@sdispater sdispater added this to Needs triage in Bugs via automation Aug 2, 2019
@sztomi

This comment has been minimized.

Copy link
Contributor

@sztomi sztomi commented Aug 11, 2019

@sdispater I have a fairly good idea why this is happening and a proposal for a fix.

In uploader.py

            resp = session.post(
                url,
                data=monitor,
                allow_redirects=False,
                headers={"Content-Type": monitor.content_type},
            )

            if resp.ok:
                bar.finish()

                self._io.writeln("")

The bug is triggered when the URL is not exactly https://test.pypi.org/legacy/ (note the trailing /). If the URL is missing the trailing /, the response will be a 301 redirect to /legacy/. resp.ok is still True in this case, but the upload did not take place (nor was the redirect followed).
Setting allow_redirects=True does make requests follow the redirect, but it doesn't seem to perform the upload (BUT the status code becomes 200). The same thing happens for /simple (gets redirected to /simple/). If the URL is configured to /simple/, a HTTP 405 error is raised.

In summary:

/legacy -> silently fails because of 301 status, resp.ok is True
/legacy/ -> works
/simple -> silently fails because of 301 status, resp.ok is True
/simple/ -> fails with 405 status

My proposal for the fix is:

  • Test resp.status_code == 200 instead of resp.ok
  • Follow the redirect "manually" (i.e. perform another request to that URL with the POST data, because requests doesn't seem to do it that way)
  • Maybe check the uploaded versions afterwards to verify that the upload worked

This will make /simple fail as 405, too, and /legacy will work. I think it would be worthwhile to highlight in the docs that the legacy API is expected by poetry.

Also, it might be a good idea to add a default testpypi repository to the configuration?

If this proposal is liked, I'm happy to implement the first two points and open a PR. Point 3 is an improvement.

sztomi added a commit to sztomi/poetry that referenced this issue Aug 20, 2019
Fixes sdispater#858 by first issuing a HEAD request and following a redirect.
This does not cover further redirects though, so it's possible to make this
more robust. It does cover the most common use cases (PyPI and TestPyPI
will work correctly)
@sztomi sztomi mentioned this issue Aug 20, 2019
1 of 2 tasks complete
sztomi added a commit to sztomi/poetry that referenced this issue Aug 20, 2019
Fixes sdispater#858 by first issuing a HEAD request and following a redirect.
This does not cover further redirects though, so it's possible to make this
more robust. It does cover the most common use cases (PyPI and TestPyPI
will work correctly)
sztomi added a commit to sztomi/poetry that referenced this issue Aug 30, 2019
@sztomi sztomi mentioned this issue Aug 30, 2019
2 of 2 tasks complete
@stephsamson stephsamson moved this from Needs triage to Low priority in Bugs Sep 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Bugs
  
Low priority
4 participants
You can’t perform that action at this time.