Skip to main content

Buildout extension to add http authentication for find-links and download recipies

Project description

HTTP plugins for buildout

HTTP Basic-Authentication

With this extension it is possible to define password protected package directories without specifying the password and user in the url.

Let’s take the example protected location, http://www.example.com/dist

First we would need to add the extension and the find link for our protected location:

[buildout]
find-links = http://www.example.com/dist
extensions = lovely.buildouthttp

Then create the .httpauth password file, this file contains all authentication information. The .httpauth file can be placed in the root of the current buildout or in the ~/.buildout directory. Each row consists of realm, uri, username, password.

Here is an example of the .httpauth file:

Example com realm, http://www.example.com, username, secret

It is also possible to leave the secret away. Then you will be prompted for the secret whenever buildout is run:

Example com realm, http://www.example.com, username

Note that basic auth also works with any recipe using zc.buildout.download (e.g. hexagonit.recipe.download) because this extension also overwrites the url opener of zc.buildout.

Github Private Downloads

Private downloads on http://github.com/ require authorization to download. The previous token-based authentication system based on the v2 API (see http://github.com/blog/170-token-authentication) is no longer supported by GitHub as of June 1 2012; You must now request a v3 API token and use that instead.

Requesting a new API token can be done in one line using curl (please substitute your own github username and password):

curl -s -X POST -d ‘{“scopes”: [“repo”], “note”: “my API token”}’

https://${user}:${pass}@api.github.com/authorizations | grep token

Now set the value of github.token to the hash returned from the command above:

git config –global github.accesstoken ${token}

Note that the v3 API does not require your github username to work, and can be removed from your configuration if you wish.

For details on managing authorization GitHub’s OAuth tokens, see the API documentation: http://developer.github.com/v3/oauth/#oauth-authorizations-api

URL to download a tag or branch:

https://api.github.com/repos/<gituser>/<repos>/tarball/master

URL to downlad a “download”:

https://github.com/downloads/<gituser>/<repos>/<name>

As some eggs on PyPi also use public Github download URLs you may want to whitelist the repos that authentication is required for as Github will return a 401 error code even for public repositories if the wrong auth details are provided. To do this just list each repo in the format <gituser>/<repos> one per line in the buildout config github-repos:

[buildout]
extensions = lovely.buildouthttp
github-repos = lovelysystems/lovely.buildouthttp
               bitly/asyncmongo

Credits

Thanks to Tarek Ziade, Kevin Williams and Wesley Mason for bugfixes and extensions.

Changes for lovely.buildouthttp

unreleased

2015/01/14 0.6.1:

  • added support for zc.buildout versions >= 2.0.0 (monkey patch of urlopener has changed)

2014/12/12 0.6.0:

  • added python3 compatibility

2013/08/06 0.5.0:

  • fix compatibility issues for setuptools 0.7 and later.

2013/06/25 0.4.8:

  • the User-Agent header isn’t dropped anymore because the Github API requires it.

  • prompt for password if it’s not in the .httpauth file

2012/10/08 0.4.7:

  • also check the whitelist for github downloads (not just find-links)

  • more testing

2012/09/21 0.4.6:

  • allow optional whitelist for github repositories (see README)

2012/06/21 0.4.5:

  • detect all github.com domain names

2012/06/20 0.4.4:

  • adapt github authentication to api v3 (see README.txt for more information)

2012/03/20 0.4.3:

  • fixed another problem related with the changed github authentication.

2012/03/19 0.4.2:

  • fixed github authentication

    According to Petros Amiridis (Github Staff), ‘POST authentication is no longer supported.

2011/03/01 0.4.1:

  • exclude empty lines form .httpauth, this fixes issue 3.

2010/12/29 0.4.0:

  • Allow the inclusion of the .httpauth file from within the buildout itself. This adds to the realms set in ~/.buildout/.httpauth

2010/10/11 0.3.7:

  • bugfix: make git credentials work without any basic http auth definitions

2010/10/11 0.3.6:

  • added missing CHANGES.txt file, this fixes the installation

2010/10/09 0.3.5:

  • the github download credentials are now also added for zc.buildout.download based recipies. this allows to use github private download urls with any download recipe, such as hexagonit.recipe.download

  • moved to github http://github.com/lovelysystems/lovely.buildouthttp

2010/09/28 0.3.4:

  • fixed behavour with python 2.6+. python 2.6 suddenly counts failed requests but each request without auth counts as one, that makes buildout fail on every 5th download in a single run. I found this on windows, but should fail on linux too.

2010/08/28 0.3.3:

  • fixed typo on git command, introduced in 0.3.2

2010/08/28 0.3.2:

  • silently ignore failing git credential lookups

2010/05/28 0.3.1:

  • python2.4 comptibility fix (thanks to Godefroid Chapelle)

2010/05/27 0.3.0:

  • added support for zc.buildout.download, this allows various download recipes to work with this credential extension. Requires at least zc.buildout version 1.5.0b2

2010/03/24 0.3.0a1:

  • added github authentication, which now allows to download from private github repositories

2009/09/22 0.2.3:

  • added tests for the installer

  • fixed error when url can’t be retrieved: AttributeError: ‘NoneType’ object has no attribute ‘url’ [naro]

2008/03/22 0.2.2:

  • added try/except around the retry section protection against weird URLs

2007/12/08 0.2.1:

  • avoid an error when the realm is wrong or the file on bad realms and a few other controls. Thanks to Tarek Ziade.

2007/08/06 0.2.0a1:

  • don’t overwrite handlers in case a handler already exists. (e.g. in paramiko) thanks to Aaron Lehmann

2007/07/23 0.1.0a3:

  • added information to setup.py, moved to cheeseshop

2007/06/21 0.1.0a2:

  • Log download failures

  • Fixed license header

  • Log connections on debug.

2007/06/14 0.1.0a1:

  • initial release

Download

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lovely.buildouthttp-0.6.1.tar.gz (13.3 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page