remove support for credentials in url

9a43b60e · Alain Takoudjou · fc3db14c · 9a43b60e
Commit 9a43b60e authored Sep 11, 2024 by Alain Takoudjou
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 10 deletions

src/zc/buildout/download.py src/zc/buildout/download.py +4 -10

No files found.
--- a/src/zc/buildout/download.py
+++ b/src/zc/buildout/download.py
@@ -327,8 +327,6 @@ class Download(object):
                header_dict["PRIVATE-TOKEN"] = auth[1]
            else:
                query[auth[0]] = auth[2] # only private_token is supported ?
-        elif p.username == "PRIVATE-TOKEN" and p.password:
-            header_dict["PRIVATE-TOKEN"] = p.password

        qrepo     = quote(repo, '')
        qfilepath = quote(filepath, '')
@@ -350,14 +348,10 @@ class Download(object):
        for k, v in headers.items():
            req.add_header(k, v)
        with closing(urlopen(req)) as src:
-            try:
-                # If Access denied to gitlab url, we have response 200 here
-                # and url is to BASE_URL/users/sign_in
-                if src.url.rindex("users/sign_in"):
-                    raise GitlabAccessDeniedError("Redirected to Sign in page")
-            except ValueError:
-                # nothing to do
-                pass
+            # If access to gitlab url was denied,
+            # we have been redirected to BASE_URL/users/sign_in
+            if src.url.endswith("users/sign_in"):
+                raise GitlabAccessDeniedError("Redirected to Sign in page")
            with open(tmp_path, 'wb') as dst:
                shutil.copyfileobj(src, dst)
            return tmp_path, src.info()