-
Notifications
You must be signed in to change notification settings - Fork 105
fix: marketplace add authenticates for private repos #688
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,7 +18,12 @@ | |
| import requests | ||
|
|
||
| from .errors import MarketplaceFetchError | ||
| from .models import MarketplaceManifest, MarketplacePlugin, MarketplaceSource, parse_marketplace_json | ||
| from .models import ( | ||
| MarketplaceManifest, | ||
| MarketplacePlugin, | ||
| MarketplaceSource, | ||
| parse_marketplace_json, | ||
| ) | ||
| from .registry import get_registered_marketplaces | ||
|
|
||
| logger = logging.getLogger(__name__) | ||
|
|
@@ -173,7 +178,9 @@ def _try_proxy_fetch( | |
| except (json.JSONDecodeError, ValueError): | ||
| logger.debug( | ||
| "Proxy returned non-JSON for %s/%s %s", | ||
| source.owner, source.repo, file_path, | ||
| source.owner, | ||
| source.repo, | ||
| file_path, | ||
| ) | ||
| return None | ||
|
|
||
|
|
@@ -213,7 +220,9 @@ def _fetch_file( | |
| if cfg is not None and cfg.enforce_only: | ||
| logger.debug( | ||
| "PROXY_REGISTRY_ONLY blocks direct GitHub fetch for %s/%s %s", | ||
| source.owner, source.repo, file_path, | ||
| source.owner, | ||
| source.repo, | ||
| file_path, | ||
| ) | ||
| return None | ||
|
|
||
|
|
@@ -229,6 +238,12 @@ def _do_fetch(token, _git_env): | |
| headers["Authorization"] = f"token {token}" | ||
| resp = requests.get(url, headers=headers, timeout=30) | ||
| if resp.status_code == 404: | ||
| if not token: | ||
| # Unauthenticated 404 is ambiguous: could be a genuinely | ||
| # missing file *or* a private repo hiding its existence. | ||
| # Raise so that ``try_with_fallback`` retries with a token. | ||
| resp.raise_for_status() | ||
| # Authenticated 404 means the file genuinely does not exist. | ||
| return None | ||
|
Comment on lines
239
to
247
|
||
| resp.raise_for_status() | ||
| return resp.json() | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR description and new tests describe an unauthenticated-first flow (unauth 404, then authenticated retry) to preserve rate-limit optimization for public repos, but the current implementation details shown elsewhere indicate
try_with_fallback(..., unauth_first=False)(auth-first). Since this 404-raise logic only helps if an unauthenticated attempt happens before an authenticated one, please align the actualtry_with_fallbackcall behavior with the PR description/tests (either switch to unauth-first + this exception strategy, or update the description/tests if auth-first is the intended behavior).