fix: revert the handling of 403 and 404

[frostming]

Signed-off-by: Frost Ming [email protected]

This PR reverts some changes made by #70 but uses a different way, so that:

Before sending request to the index, the credentials in netrc will be read to authenticate the request. And only when the request fails with 401 error, the keyring will be queried and then prompt in the console.

This means if your index returns 403 or even 404 on unauthorized requests, you must rely on the credentials provided via netrc. Otherwise the error response will be returned without any atttempt to load other credentials.

This behavior is also the same as pip.

[logangrado]

It seems like we should target behavior where:

• for any of 401, 403, 404, we attempt to get credentials from netrc (or other non-prompting methods)
• If we still don't have credentials:
  • 401: prompt
  • 403/404: Error

However, if I understand this PR correctly, it looks like it doesn't do this. Instead:

• it immediately errors out on 403/404 - no attempt to read netrc
• Even for 401, we won't check netrc.

EDIT:

I totally missed that you're using the netrc for the initial request. I think this is a good solution. Ignore my comment above

[logangrado]

I would only suggest that we add allow_netrc=True to this call here:

unearth/src/unearth/auth.py

Line 238 in d2dd7cf

username, password = self._get_new_credentials(original_url)

That way we are not only relying on the default value in _get_new_credentials, but also encoding it here. This would make it clear that we always want to use netrc for the initial call.

[frostming]

it clear that we always want to use netrc for the initial call.

Good point, done.