-
-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish: Allow empty token, so twine uses keyring #1203
base: main
Are you sure you want to change the base?
Publish: Allow empty token, so twine uses keyring #1203
Conversation
@@ -77,17 +77,16 @@ pub fn execute(cmd: Args) -> Result<(), Error> { | |||
// c. Otherwise prompt for token and provide encryption option, storing the result in credentials. | |||
let repository = &cmd.repository; | |||
let mut credentials = get_credentials()?; | |||
credentials | |||
let repo_credentials = credentials |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bit tangential, but this lets us pass less info to secret_from_token
, just the repo credentials rather than the whole thing.
Happy to revert if unwanted, but it does remove a bunch of extra gets
to this value, and gives us a proof that the key exists, instead of having to handle the Option
returned by .get(repository)
.get(repository) | ||
.and_then(|table| table.get("token")) | ||
let maybe_secret = if let Some(token) = cmd.token { | ||
secret_from_token(token, cmd.yes, repo_credentials)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made this helper to deduplicate the common logic between this cmdline case and the prompt case below
repo_credentials: &mut Item, | ||
) -> Result<Option<Secret<String>>, Error> { | ||
if token.is_empty() { | ||
Ok(None) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the key bit. instead of bailing on the empty string, we return a None
for the secret
.arg("--repository-url") | ||
.arg(repository_url.to_string()); | ||
if let Some(secret) = maybe_secret { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the other key bit. we only add a password
if a secret got created, ie if there was a non-empty string (or some credential looked up from file)
@charliermarsh @mitsuhiko would you be able to take a look at this when you get a chance? happy to amend the approach as needed |
Similar in spirit to #759, but less ambitious.
This just makes rye accept empty-string
token
values. In such a case, rye just doesn't pass a--password
value ontotwine
. This is valid from twine's perspective; in this case twine will fall back to using its keyring support.