Ensure authentication is passed from the index url to distribution files (#1886)

Closes https://github.com/astral-sh/uv/issues/1709 Closes https://github.com/astral-sh/uv/issues/1371 Tested with the reproduction provided in #1709 which gets past the HTTP 401. Reuses the same copying logic we introduced in https://github.com/astral-sh/uv/pull/1874 to ensure authentication is attached to file URLs with a realm that matches that of the index. I had to move the authentication logic into a new crate so it could be used in `distribution-types`. We will want to something more robust in the future, like track all realms with authentication in a central store and perform lookups there. That's what `pip` does and it allows consolidation of logic like netrc lookups. That refactor feels significant though, and I'd like to get this fixed ASAP so this is a minimal fix.
2025-08-04 10:58:28 +00:00 · 2024-02-22 18:10:17 -06:00 · 2024-02-22 18:10:17 -06:00 · 8a12b2ebf9
commit 8a12b2ebf9
parent 3542a65fd0
10 changed files with 81 additions and 36 deletions
--- a/crates/pypi-types/src/base_url.rs
+++ b/crates/pypi-types/src/base_url.rs
@ -76,6 +76,12 @@ impl BaseUrl {
    pub fn as_url(&self) -> &Url {
        &self.0
    }
+
+    /// Convert to the underlying [`Url`].
+    #[must_use]
+    pub fn into_url(self) -> Url {
+        self.0
+    }
 }

 impl From<Url> for BaseUrl {