Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Upload to PyPI silently fail

See original GitHub issue

I am on the latest Poetry version.
I have searched the issues of this repo and believe that this is not a duplicate.
If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).
OS version and name: MacOS Mojave
Poetry version: 0.12.10
pyproject.toml

Issue

poetry publish fails silently if the Pypi server returns an error:

If I use invalid credentials (it even shows the “Uploading foobar.tar.gz 100%” mesage)
If the Pypi server returns an error.

I was trying to upload a project with an invalid name (“pipes”, invalid because Python standard library has a module named the same) and nothing indicated me that the publishing was failing.

If I try with twine this is the output instead:

$ twine upload dist/*
Uploading distributions to https://upload.pypi.org/legacy/
Uploading Pipes-0.1.0-py3-none-any.whl
100%|████████████████████| 4.26k/4.26k [00:00<00:00, 7.88kB/s]
NOTE: Try --verbose to see response content.
HTTPError: 403 Client Error: The user 'jpscaletti' isn't allowed to upload to
project 'pipes'. See https://pypi.org/help/#project-name for more information.
for url: https://upload.pypi.org/legacy/

I think #742 is a specific case of this issue.

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:11 (4 by maintainers)

Top GitHub Comments

12reactions

sztomicommented, Aug 11, 2019

@sdispater I have a fairly good idea why this is happening and a proposal for a fix.

In uploader.py

            resp = session.post(
                url,
                data=monitor,
                allow_redirects=False,
                headers={"Content-Type": monitor.content_type},
            )

            if resp.ok:
                bar.finish()

                self._io.writeln("")

The bug is triggered when the URL is not exactly https://test.pypi.org/legacy/ (note the trailing /). If the URL is missing the trailing /, the response will be a 301 redirect to /legacy/. resp.ok is still True in this case, but the upload did not take place (nor was the redirect followed). Setting allow_redirects=True does make requests follow the redirect, but it doesn’t seem to perform the upload (BUT the status code becomes 200). The same thing happens for /simple (gets redirected to /simple/). If the URL is configured to /simple/, a HTTP 405 error is raised.

In summary:

/legacy -> silently fails because of 301 status, resp.ok is True /legacy/ -> works ✨ /simple -> silently fails because of 301 status, resp.ok is True /simple/ -> fails with 405 status

My proposal for the fix is:

Test resp.status_code == 200 instead of resp.ok
Follow the redirect “manually” (i.e. perform another request to that URL with the POST data, because requests doesn’t seem to do it that way)
Maybe check the uploaded versions afterwards to verify that the upload worked

This will make /simple fail as 405, too, and /legacy will work. I think it would be worthwhile to highlight in the docs that the legacy API is expected by poetry.

Also, it might be a good idea to add a default testpypi repository to the configuration?

If this proposal is liked, I’m happy to implement the first two points and open a PR. Point 3 is an improvement.

3reactions

davidbfrogmancommented, Oct 21, 2020

I just wanted to add it seems my private repo seemed to have 405 problems with either legacy or simple. I corrected by chopping both off.

final url:

http://myserver.com

(note the lack of “legacy” or “simple”

Comment that pointed me in that direction: https://github.com/pypiserver/pypiserver/issues/212#issuecomment-454661922