feat: do not call keyring when username in config and password in env

python-poetry · May 15, 2023 · a137a14 · a137a14
1 parent 0ea82c5
commit a137a14
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 14 deletions.
diff --git a/src/poetry/utils/password_manager.py b/src/poetry/utils/password_manager.py
@@ -193,16 +193,13 @@ def delete_pypi_token(self, name: str) -> None:
         self.keyring.delete_password(name, "__token__")
 
     def get_http_auth(self, name: str) -> dict[str, str | None] | None:
-        auth = self._config.get(f"http-basic.{name}")
-        if not auth:
-            username = self._config.get(f"http-basic.{name}.username")
-            password = self._config.get(f"http-basic.{name}.password")
-            if not username and not password:
-                return None
-        else:
-            username, password = auth["username"], auth.get("password")
-            if password is None:
-                password = self.keyring.get_password(name, username)
+        username = self._config.get(f"http-basic.{name}.username")
+        password = self._config.get(f"http-basic.{name}.password")
+        if not username and not password:
+            return None
+
+        if not password:
+            password = self.keyring.get_password(name, username)
 
         return {
             "username": username,

diff --git a/tests/utils/test_password_manager.py b/tests/utils/test_password_manager.py
@@ -3,6 +3,7 @@
 import os
 
 from typing import TYPE_CHECKING
+from unittest.mock import MagicMock
 
 import pytest
 
@@ -222,18 +223,47 @@ def test_fail_keyring_should_be_unavailable(
 
 
 def test_get_http_auth_from_environment_variables(
-    environ: None, config: Config, with_simple_keyring: None
+    environ: None, config: Config
 ) -> None:
     os.environ["POETRY_HTTP_BASIC_FOO_USERNAME"] = "bar"
     os.environ["POETRY_HTTP_BASIC_FOO_PASSWORD"] = "baz"
 
     manager = PasswordManager(config)
 
     auth = manager.get_http_auth("foo")
-    assert auth is not None
+    assert auth == {"username": "bar", "password": "baz"}
 
-    assert auth["username"] == "bar"
-    assert auth["password"] == "baz"
+
+def test_get_http_auth_does_not_call_keyring_when_credentials_in_environment_variables(
+    environ: None, config: Config
+) -> None:
+    os.environ["POETRY_HTTP_BASIC_FOO_USERNAME"] = "bar"
+    os.environ["POETRY_HTTP_BASIC_FOO_PASSWORD"] = "baz"
+
+    manager = PasswordManager(config)
+    manager._keyring = MagicMock()
+
+    auth = manager.get_http_auth("foo")
+    assert auth == {"username": "bar", "password": "baz"}
+    manager._keyring.get_password.assert_not_called()
+
+
+def test_get_http_auth_does_not_call_keyring_when_password_in_environment_variables(
+    environ: None, config: Config
+) -> None:
+    config.merge(
+        {
+            "http-basic": {"foo": {"username": "bar"}},
+        }
+    )
+    os.environ["POETRY_HTTP_BASIC_FOO_PASSWORD"] = "baz"
+
+    manager = PasswordManager(config)
+    manager._keyring = MagicMock()
+
+    auth = manager.get_http_auth("foo")
+    assert auth == {"username": "bar", "password": "baz"}
+    manager._keyring.get_password.assert_not_called()
 
 
 def test_get_pypi_token_with_env_var_positive(