mirror of
https://github.com/pypiserver/pypiserver
synced 2024-11-09 16:45:51 +01:00
Auth: By default paswd-protect Uploads only (preserve old behavior).
- Supporty also spaces when splitting auth-list, make it case insensitive. - Update docs about default behavior.
This commit is contained in:
Kostis Anagnostopoulos @ STUW025
parent
10f42e829c
commit
e824320558
22
README.rst
22
README.rst
@ -82,22 +82,22 @@ pypi-server -h will print a detailed usage message::
|
||||
|
||||
pypi-server understands the following options:
|
||||
|
||||
-p PORT, --port PORT
|
||||
-p, --port PORT
|
||||
listen on port PORT (default: 8080)
|
||||
|
||||
-i INTERFACE, --interface INTERFACE
|
||||
-i, --interface INTERFACE
|
||||
listen on interface INTERFACE (default: 0.0.0.0, any interface)
|
||||
|
||||
-a (update|download|list), ... --authenticate (update|download|list), ...
|
||||
comma-separated list of actions to authenticate (requires giving also
|
||||
the -P option). For example to password-protect package uploads and
|
||||
downloads while leaving listings public, give: -a update,download.
|
||||
Note: make sure there is no space around the comma(s); otherwise, an
|
||||
error will occur.
|
||||
-a, --authenticate (UPDATE|download|list), ...
|
||||
comma-separated list of (case-insensitive) actions to authenticate
|
||||
(requires giving also the -P option). For example to password-protect
|
||||
package uploads & downloads while leaving listings public, give:
|
||||
-a update,download.
|
||||
If unspecified, only 'update' is password-protected.
|
||||
|
||||
-P PASSWORD_FILE, --passwords PASSWORD_FILE
|
||||
-P, --passwords PASSWORD_FILE
|
||||
use apache htpasswd file PASSWORD_FILE to set usernames & passwords
|
||||
used for authentication (requires giving the -s option as well).
|
||||
used for authentication of certain actions (see -a option).
|
||||
|
||||
--disable-fallback
|
||||
disable redirect to real PyPI index for packages not found in the
|
||||
@ -113,7 +113,7 @@ pypi-server -h will print a detailed usage message::
|
||||
default is to use "auto" which chooses one of paste, cherrypy,
|
||||
twisted or wsgiref.
|
||||
|
||||
-r PACKAGES_DIRECTORY, --root PACKAGES_DIRECTORY
|
||||
-r, --root PACKAGES_DIRECTORY
|
||||
[deprecated] serve packages from PACKAGES_DIRECTORY
|
||||
|
||||
-o, --overwrite
|
||||
|
||||
28
pypiserver/core.py
Executable file → Normal file
28
pypiserver/core.py
Executable file → Normal file
@ -198,22 +198,22 @@ def usage():
|
||||
|
||||
pypi-server understands the following options:
|
||||
|
||||
-p PORT, --port PORT
|
||||
-p, --port PORT
|
||||
listen on port PORT (default: 8080)
|
||||
|
||||
-i INTERFACE, --interface INTERFACE
|
||||
-i, --interface INTERFACE
|
||||
listen on interface INTERFACE (default: 0.0.0.0, any interface)
|
||||
|
||||
-a (update|download|list), ... --authenticate (update|download|list), ...
|
||||
comma-separated list of actions to authenticate (requires giving also
|
||||
the -P option). For example to password-protect package uploads and
|
||||
downloads while leaving listings public, give: -a update,download.
|
||||
Note: make sure there is no space around the comma(s); otherwise, an
|
||||
error will occur.
|
||||
-a, --authenticate (UPDATE|download|list), ...
|
||||
comma-separated list of (case-insensitive) actions to authenticate
|
||||
(requires giving also the -P option). For example to password-protect
|
||||
package uploads & downloads while leaving listings public, give:
|
||||
-a update,download.
|
||||
If unspecified, only 'update' is password-protected.
|
||||
|
||||
-P PASSWORD_FILE, --passwords PASSWORD_FILE
|
||||
-P, --passwords PASSWORD_FILE
|
||||
use apache htpasswd file PASSWORD_FILE to set usernames & passwords
|
||||
used for authentication (requires giving the -s option as well).
|
||||
used for authentication of certain actions (see -a option).
|
||||
|
||||
--disable-fallback
|
||||
disable redirect to real PyPI index for packages not found in the
|
||||
@ -229,7 +229,7 @@ pypi-server understands the following options:
|
||||
default is to use "auto" which chooses one of paste, cherrypy,
|
||||
twisted or wsgiref.
|
||||
|
||||
-r PACKAGES_DIRECTORY, --root PACKAGES_DIRECTORY
|
||||
-r, --root PACKAGES_DIRECTORY
|
||||
[deprecated] serve packages from PACKAGES_DIRECTORY
|
||||
|
||||
-o, --overwrite
|
||||
@ -305,7 +305,7 @@ def main(argv=None):
|
||||
server = DEFAULT_SERVER
|
||||
redirect_to_fallback = True
|
||||
fallback_url = "http://pypi.python.org/simple"
|
||||
authenticated = []
|
||||
authenticated = ['update']
|
||||
password_file = None
|
||||
overwrite = False
|
||||
verbosity = 1
|
||||
@ -350,7 +350,7 @@ def main(argv=None):
|
||||
if k in ("-p", "--port"):
|
||||
port = int(v)
|
||||
elif k in ("-a", "--authenticate"):
|
||||
authenticated = [a.strip() for a in v.strip(',').split(',')]
|
||||
authenticated = [a.lower() for a in re.split("[, ]+", v.strip(" ,"))]
|
||||
actions = ("list", "download", "update")
|
||||
for a in authenticated:
|
||||
if a not in actions:
|
||||
@ -404,7 +404,7 @@ def main(argv=None):
|
||||
usage()
|
||||
sys.exit(0)
|
||||
|
||||
if (password_file or authenticated) and not (password_file and authenticated):
|
||||
if password_file and not (password_file and authenticated):
|
||||
sys.exit("Must give both password file (-P) and actions to authenticate (-a).")
|
||||
|
||||
if len(roots) == 0:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user