Support authentication tokens for uploading to Hackage #9058
Conversation
Add token flag. If a token is set ignore the username and password. The token is passed to Hackage in the Authorization header.
|
Token authentication is working for |
|
I've been having a couple issues with The other issue I'm encountering is that I can't seem to work out how to create a build report that |
|
IIRC there's a hidden and undocumented |
|
I think its fine to not worry about testing the |
SebTee
changed the title
Use Nothing in pattern matching instead of wildcards.
|
One way to meaningfully test this would be to have an monad abstracting over QA notes are very good, but is there any test hackage server we can use instead of having QA people having to upload something to Hackage. |
Powershell has to have the Authorization token set in the Header dictionary parameter. Some headers (e.g. User-Agent) have to be set as a request parameter.
|
@gbaz: could (one of the) Hackage maintainers review this PR as well? BTW, I understand that Hackage is immutable, so the QA tests need to upload real sensible packages, not test packages, do they? Or is it fine, because no |
|
Its fine to test this without --publish, and just upload candidates. |
|
OK, fine. I'm re-running the failed CI jobs, since the failure is probably due to the unix package breakage. |
|
CI passed. @SebTee: once you are satisfied with the state of the PR, please kindly add label squash+merge_me and in 2 days of inactivity the PR is going to be merged. |
SebTee
added
squash+merge me
mergify
bot
added
the
merge delay passed
* Add token authorization for cabal upload Add token flag. If a token is set ignore the username and password. The token is passed to Hackage in the Authorization header. * Add token flag to upload documentation * Add token authentication for cabal report * Update auth token documentation and changelog * Add token flag to config integration tests * Add auth token header to plain-http transport * Add documentation and reduce wildcard usage Use Nothing in pattern matching instead of wildcards. * Add auth token headers to wget and powershell * Fix auth token header for powershell transport Powershell has to have the Authorization token set in the Header dictionary parameter. Some headers (e.g. User-Agent) have to be set as a request parameter. * Fix code formatting to comply with fourmolu
Adds support for authenticating uploads using authentication tokens, as discussed in issue #6738.
A new flag
--token(-t) has been created. Token authentication takes precedence over username and password meaning that, if a token is set, the username and password flags are ignored.The token is included in a HTTP header as follows:
Authorization: X-ApiKey [token].QA Notes
These tests must be run using
http-transport:curl,wget,powershell, andplain-http.Calling
cabal upload -t [valid-token] [./path/to/package.tar.gz]should successfully upload the package to Hackage.Calling
cabal upload -t [invalid-token] [./path/to/package.tar.gz]should fail to upload the package to Hackage.Calling
cabal upload -t [invalid-token] -u [username] -p [password] [./path/to/package.tar.gz]should fail to upload the package to Hackage.Calling
cabal upload -tshould output a cabal error message readingError: cabal: option `-t' requires an argument TOKEN.Calling
cabal upload [./path/to/package.tar.gz]should default to username and password authentication.Please include the following checklist in your PR:
Bonus points for added automated tests!