Pip: Use pip install through private repostiory protected by .htaccess ?

pip supports basic auth via its URLOpener,
http://bitbucket.org/ianb/pip/src/tip/pip/download.py#cl-67

Just use a URL like http://username:password@server/whatever/

Original Comment By: Jannis Leidel

With 0.8.1 pip version I can do :

pip install -f http://username:[email protected]/simple/ my_package

I don't know if this feature is documented or not.

I'll look that as soon as.

Regards, Stephane

Original Comment By: Stéphane Klein

Jannis, I tried as you said but it didn't works for me when using HTTPS.

Can someone confirm it for me? Is it a known bug?

Thanks! :-)

Original Comment By: Guilherme Gondim

I can confirm it doesn't work with https. I get the following error:

Traceback (most recent call last):

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.6.3-py2.6.egg/pip/basecommand.py", line 115, in main

    self.run(options, args)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.6.3-py2.6.egg/pip/commands/install.py", line 155, in run

    requirement_set.install_files(finder, force_root_egg_info=self.bundle,

bundle=self.bundle)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.6.3-py2.6.egg/pip/req.py", line 823, in install_files

    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.6.3-py2.6.egg/pip/index.py", line 55, in find_requirement

    page = self._get_page(main_index_url, req)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.6.3-py2.6.egg/pip/index.py", line 282, in _get_page

    return HTMLPage.get_page(link, req, cache=self.cache)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.6.3-py2.6.egg/pip/index.py", line 363, in get_page

    resp = urllib2.urlopen(url)

  File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen

    return _opener.open(url, data, timeout)

  File "/usr/lib/python2.6/urllib2.py", line 391, in open

    response = self._open(req, data)

  File "/usr/lib/python2.6/urllib2.py", line 409, in _open

    '_open', req)

  File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain

    result = func(*args)

  File "/usr/lib/python2.6/urllib2.py", line 1169, in https_open

    return self.do_open(httplib.HTTPSConnection, req)

  File "/usr/lib/python2.6/urllib2.py", line 1107, in do_open

    h = http_class(host, timeout=req.timeout) # will parse host:port

  File "/usr/lib/python2.6/httplib.py", line 1101, in __init__

    HTTPConnection.__init__(self, host, port, strict, timeout)

  File "/usr/lib/python2.6/httplib.py", line 657, in __init__

    self._set_hostport(host, port)

  File "/usr/lib/python2.6/httplib.py", line 682, in _set_hostport

    raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])

InvalidURL: nonnumeric port: '[email protected]'

Original Comment By: Ian Lewis

Newer versions of pip seem to throw the following error when using a username
and password:

Traceback (most recent call last):

  File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner

    self.run()

  File "/usr/lib/python2.6/threading.py", line 484, in run

    self.__target(*self.__args, **self.__kwargs)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.8.1-py2.6.egg/pip/index.py", line 241, in _get_queued_page

    page = self._get_page(location, req)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.8.1-py2.6.egg/pip/index.py", line 326, in _get_page

    return HTMLPage.get_page(link, req, cache=self.cache)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.8.1-py2.6.egg/pip/index.py", line 424, in get_page

    content_type = cls._get_content_type(url)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.8.1-py2.6.egg/pip/index.py", line 486, in _get_content_type

    resp = urlopen(req)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.8.1-py2.6.egg/pip/download.py", line 88, in call

    response = self.get_response(url)

  File "/home/ian/.virtualenvs/test/lib/python2.6/site-

packages/pip-0.8.1-py2.6.egg/pip/download.py", line 107, in get_response

    scheme, netloc, path, query, frag = urlparse.urlsplit(url)

  File "/usr/lib/python2.6/urlparse.py", line 147, in urlsplit

    i = url.find(':')

  File "/usr/lib/python2.6/urllib2.py", line 218, in __getattr__

    raise AttributeError, attr

AttributeError: find

The problem occurs when pip tries to do a head request on the archive file but
hits a 401. https://bitbucket.org/ianb/pip/src/tip/pip/download.py#cl-86

The url passed to self.get_response() is a urllib2.Request object but
get_response() tries to call urlsplit() on it. which throws the above error.
The file seems to download though.

Original Comment By: Ian Lewis

Looks like this is fixed, I have a private index under HTTPS + basic auth and it just works with --index-url https://user:[email protected].

Can anybody confirm this and close the issue?

Just added a pull request (https://github.com/pypa/pip/pull/786) linked to this topic.

@brutasse I can confirm. Close this?

1.5.6 still has the issue.

Can we confirm exactly the issue now being talked about?

Sorry. Works for me. My mistake :-D
On Jul 18, 2014 5:20 AM, "Matt Iversen" [email protected] wrote:

Can we confirm exactly the issue now being talked about?

—
Reply to this email directly or view it on GitHub
https://github.com/pypa/pip/issues/51#issuecomment-49406680.

Still necessary put the username and password in the URL?

Is it supported in pip==6.0.8?

I use private PyPI index and run installation like this:
pip install <my_package> --cert=<required_for_some_reason> --extra-index-url https://username:[email protected]/simple/ --allow-all-external

and then it works, but asks for username and password interactively. It's not a case when this script ran outside the shell with CLI.

Please confirm if it's linked to the issue discussed here or suggest if I should create another issue, or please point out the solution.

@vladignatyev I just ran into the same problem you mentioned, of it asking for user/password interactively. I narrowed down the problem to having a symbol in the password that needs url-encoding. If I don't url-encode the password, the URL can't be parsed. If I do url-encode the password, I think pip isn't url-decoding it before attempting to authenticate.

I have this issue too with pip 7.1.2. There's a symbol in the password that needs url-encoding, pip fails to authenticate (gets a 401 response) and prompts for username/password interactively. It then works fine if I enter the user/pass interactively. Like @bcbrown I suspect it's not url-decoding the password.

PLEASE FIX THIS ASAP PIP 8.1.2

Just ran into this using 9.0.3.... Is this seriously still an issue?

Parsing the username/password from the URL only works when the port is specified.
(At least on Debian 9, Python 2.7.13, pip 18.1, but I had this issue on other systems as well)

This queries for username/password:pip install -f https://user:[email protected]/pkgs requests
This works:pip install -f https://user:[email protected]:443/pkgs requests

This works with pip 18.1 but broken in latest version (19.1), Confirmed after reverting back to 18.1 it works.

Parsing the username/password from the URL only works when the port is specified.
(At least on Debian 9, Python 2.7.13, pip 18.1, but I had this issue on other systems as well)

This queries for username/password:pip install -f https://user:[email protected]/pkgs requests
This works:pip install -f https://user:[email protected]:443/pkgs requests

@olt I had the same issue using pip 19.1.1 and managed to get it working by putting the port as you suggested. Pretty obscure workaround, I wish I could upvote your answer more.