Re: Help with ticket #28426

2021-03-04 Thread Tom Forbes 
Personally I don’t think we should prompt the user for anything. If the user 
gives the username and password in the url (user:pass@host) then we can use 
that, otherwise we just throw an error. 

A more complicated solution involving making a request, detecting a 401, 
prompting the user and retrying the request is a bit overkill and potentially a 
(unlikely) breaking change.

Tom

> On 4 Mar 2021, at 17:55, 'Adam Johnson' via Django developers (Contributions 
> to Django itself)  wrote:
> 
> 
> I also think this is feature creep and if it's a complicated change it's not 
> worth it.
> 
>> On Thu, 4 Mar 2021 at 18:36, Tim Graham  wrote:
>> I'd like to see what your code looks like so far. Personally, this is 
>> sounding a lot more complicated than I imagined when I accepted the ticket. 
>> I doubt this is a highly requested feature that couldn't be solved another 
>> way (e.g. downloading the template file without Django), and It's not clear 
>> to me that adding logic to Django is worth it.
>> 
>>> On Thursday, March 4, 2021 at 11:01:41 AM UTC-5 benc...@gmail.com wrote:
>>> Thanks for the fast reply
>>> 
>>> I found these test cases but I am not sure how to extend them with basic 
>>> auth, because I don't know if the LiveServerTestCase is capable of doing 
>>> basic auth. As I see currently there is no testcase checking basic auth 
>>> here and it has to be checked by hand.
>>> 
>>> I am sorry but could you elaborate on this please because I couldn't find 
>>> these functions.
>>> 
>>> "first add view (in admin_scripts/urls.py is fine) to first check for basic 
>>> auth credentials and then pass off to `serve` (as the existing route 
>>> already does). That should give us the reproduce (or we can closed as 
>>> fixed)."
>>> 
>>> Best Regards,
>>>Bence
>>> 
>>> Carlton Gibson  ezt írta (időpont: 2021. márc. 4., 
>>> Cs, 11:15):
 Hi Bence, welcome! 
 
 There are already a couple of tests in place to check the remove fetching: 
 
 https://github.com/django/django/blob/05bbff82638731a6abfed2fe0ae06a4d429cb32f/tests/admin_scripts/tests.py#L2047-L2072
 
 Without changing the command code I'd first add view (in 
 admin_scripts/urls.py is fine) to first check for basic auth credentials 
 and then pass off to `serve` (as the existing route already does). That 
 should give us the reproduce (or we can closed as fixed). 
 
 Then I think it's easier if you open a PR with your suggested change after 
 that (but more-or-less sounds plausible without looking in depth.) 
 
 Hopefully that gets you going? 
 
 Kind Regards,
 
 Carlton
 
>>> 
 -- 
 You received this message because you are subscribed to the Google Groups 
 "Django developers (Contributions to Django itself)" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to django-develop...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/django-developers/66771c44-5b9f-4c29-b92a-91cd3092e016n%40googlegroups.com.
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/814187f8-dc2b-47e1-b91d-76d0ab78241an%40googlegroups.com.
> 
> 
> -- 
> Adam
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/CAMyDDM31cTcecyx%2BD%3DEP4nFD2qmW1f%3DOFrQfL7D2j-k9d-cT0w%40mail.gmail.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/076043F9-46D1-4B6A-A6F0-9034F87EBD5D%40tomforb.es.

Re: Help with ticket #28426

2021-03-04 Thread 'Adam Johnson' via Django developers (Contributions to Django itself) 
I also think this is feature creep and if it's a complicated change it's
not worth it.

On Thu, 4 Mar 2021 at 18:36, Tim Graham  wrote:

> I'd like to see what your code looks like so far. Personally, this is
> sounding a lot more complicated than I imagined when I accepted the ticket.
> I doubt this is a highly requested feature that couldn't be solved another
> way (e.g. downloading the template file without Django), and It's not clear
> to me that adding logic to Django is worth it.
>
> On Thursday, March 4, 2021 at 11:01:41 AM UTC-5 benc...@gmail.com wrote:
>
>> Thanks for the fast reply
>>
>> I found these test cases but I am not sure how to extend them with basic
>> auth, because I don't know if the *LiveServerTestCase *is capable of
>> doing basic auth. As I see currently there is no testcase checking basic
>> auth here and it has to be checked by hand.
>>
>> I am sorry but could you elaborate on this please because I couldn't find
>> these functions.
>>
>>
>> *"first add view (in admin_scripts/urls.py is fine) to first check for
>> basic auth credentials and then pass off to `serve` (as the existing route
>> already does). That should give us the reproduce (or we can closed as
>> fixed)."*
>>
>> Best Regards,
>>Bence
>>
>> Carlton Gibson  ezt írta (időpont: 2021. márc. 4.,
>> Cs, 11:15):
>>
>>> Hi Bence, welcome!
>>>
>>> There are already a couple of tests in place to check the remove
>>> fetching:
>>>
>>>
>>> https://github.com/django/django/blob/05bbff82638731a6abfed2fe0ae06a4d429cb32f/tests/admin_scripts/tests.py#L2047-L2072
>>>
>>> Without changing the command code I'd first add view (in
>>> admin_scripts/urls.py is fine) to first check for basic auth credentials
>>> and then pass off to `serve` (as the existing route already does). That
>>> should give us the reproduce (or we can closed as fixed).
>>>
>>> Then I think it's easier if you open a PR with your suggested change
>>> after that (but more-or-less sounds plausible without looking in depth.)
>>>
>>> Hopefully that gets you going?
>>>
>>> Kind Regards,
>>>
>>> Carlton
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-develop...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/66771c44-5b9f-4c29-b92a-91cd3092e016n%40googlegroups.com
>>> 
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/814187f8-dc2b-47e1-b91d-76d0ab78241an%40googlegroups.com
> 
> .
>


-- 
Adam

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAMyDDM31cTcecyx%2BD%3DEP4nFD2qmW1f%3DOFrQfL7D2j-k9d-cT0w%40mail.gmail.com.

Re: Help with ticket #28426

2021-03-04 Thread Bence Gáspár 
My solution for the basic auth problem would be something like this

Tim Graham  ezt írta (időpont: 2021. márc. 4., Cs,
19:36):

> I'd like to see what your code looks like so far. Personally, this is
> sounding a lot more complicated than I imagined when I accepted the ticket.
> I doubt this is a highly requested feature that couldn't be solved another
> way (e.g. downloading the template file without Django), and It's not clear
> to me that adding logic to Django is worth it.
>
> On Thursday, March 4, 2021 at 11:01:41 AM UTC-5 benc...@gmail.com wrote:
>
>> Thanks for the fast reply
>>
>> I found these test cases but I am not sure how to extend them with basic
>> auth, because I don't know if the *LiveServerTestCase *is capable of
>> doing basic auth. As I see currently there is no testcase checking basic
>> auth here and it has to be checked by hand.
>>
>> I am sorry but could you elaborate on this please because I couldn't find
>> these functions.
>>
>>
>> *"first add view (in admin_scripts/urls.py is fine) to first check for
>> basic auth credentials and then pass off to `serve` (as the existing route
>> already does). That should give us the reproduce (or we can closed as
>> fixed)."*
>>
>> Best Regards,
>>Bence
>>
>> Carlton Gibson  ezt írta (időpont: 2021. márc. 4.,
>> Cs, 11:15):
>>
>>> Hi Bence, welcome!
>>>
>>> There are already a couple of tests in place to check the remove
>>> fetching:
>>>
>>>
>>> https://github.com/django/django/blob/05bbff82638731a6abfed2fe0ae06a4d429cb32f/tests/admin_scripts/tests.py#L2047-L2072
>>>
>>> Without changing the command code I'd first add view (in
>>> admin_scripts/urls.py is fine) to first check for basic auth credentials
>>> and then pass off to `serve` (as the existing route already does). That
>>> should give us the reproduce (or we can closed as fixed).
>>>
>>> Then I think it's easier if you open a PR with your suggested change
>>> after that (but more-or-less sounds plausible without looking in depth.)
>>>
>>> Hopefully that gets you going?
>>>
>>> Kind Regards,
>>>
>>> Carlton
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-develop...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/66771c44-5b9f-4c29-b92a-91cd3092e016n%40googlegroups.com
>>> 
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/814187f8-dc2b-47e1-b91d-76d0ab78241an%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CALgZer6XVkJPP4iPQN4DQFpfg%2BCvc6ZH7So1amxC37D6nKKn%2BA%40mail.gmail.com.
commit b282c7f603f01ec074a0e7c6c133ab624e1fe78c
Author: Bence Gaspar 
Date:   Thu Mar 4 17:43:28 2021 +0100

Refs #28426 -- Added basic authentication handling to startproject --template option

Added prompt_user_passwd(url) function that prompts for the username and
password for the given url

diff --git a/django/core/management/templates.py b/django/core/management/templates.py
index 8dc6068286..e6a13c258f 100644
--- a/django/core/management/templates.py
+++ b/django/core/management/templates.py
@@ -6,7 +6,11 @@ import shutil
 import stat
 import tempfile
 from importlib import import_module
-from urllib.request import urlretrieve
+from urllib.error import HTTPError
+from urllib.request import (
+HTTPBasicAuthHandler, HTTPPasswordMgrWithDefaultRealm, build_opener,
+install_opener, urlretrieve,
+)
 
 import django
 from django.conf import settings
@@ -263,6 +267,18 @@ class TemplateCommand(BaseCommand):
 self.stdout.write('Downloading %s' % display_url)
 try:
 the_path, info = urlretrieve(url, os.path.join(tempdir, filename))
+except HTTPError as exc:
+if exc.code == 401:
+username, password = self.prompt_user_passwd(url)
+p = HTTPPasswordMgrWithDefaultRealm()
+

Re: Help with ticket #28426

2021-03-04 Thread Tim Graham 
I'd like to see what your code looks like so far. Personally, this is 
sounding a lot more complicated than I imagined when I accepted the ticket. 
I doubt this is a highly requested feature that couldn't be solved another 
way (e.g. downloading the template file without Django), and It's not clear 
to me that adding logic to Django is worth it.

On Thursday, March 4, 2021 at 11:01:41 AM UTC-5 benc...@gmail.com wrote:

> Thanks for the fast reply
>
> I found these test cases but I am not sure how to extend them with basic 
> auth, because I don't know if the *LiveServerTestCase *is capable of 
> doing basic auth. As I see currently there is no testcase checking basic 
> auth here and it has to be checked by hand.
>
> I am sorry but could you elaborate on this please because I couldn't find 
> these functions.
>
>
> *"first add view (in admin_scripts/urls.py is fine) to first check for 
> basic auth credentials and then pass off to `serve` (as the existing route 
> already does). That should give us the reproduce (or we can closed as 
> fixed)."*
>
> Best Regards,
>Bence
>
> Carlton Gibson  ezt írta (időpont: 2021. márc. 4., 
> Cs, 11:15):
>
>> Hi Bence, welcome! 
>>
>> There are already a couple of tests in place to check the remove 
>> fetching: 
>>
>>
>> https://github.com/django/django/blob/05bbff82638731a6abfed2fe0ae06a4d429cb32f/tests/admin_scripts/tests.py#L2047-L2072
>>
>> Without changing the command code I'd first add view (in 
>> admin_scripts/urls.py is fine) to first check for basic auth credentials 
>> and then pass off to `serve` (as the existing route already does). That 
>> should give us the reproduce (or we can closed as fixed). 
>>
>> Then I think it's easier if you open a PR with your suggested change 
>> after that (but more-or-less sounds plausible without looking in depth.) 
>>
>> Hopefully that gets you going? 
>>
>> Kind Regards,
>>
>> Carlton
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-develop...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/66771c44-5b9f-4c29-b92a-91cd3092e016n%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/814187f8-dc2b-47e1-b91d-76d0ab78241an%40googlegroups.com.

Re: Help with ticket #28426

2021-03-04 Thread Bence Gáspár 
Thanks for the fast reply

I found these test cases but I am not sure how to extend them with basic
auth, because I don't know if the *LiveServerTestCase *is capable of doing
basic auth. As I see currently there is no testcase checking basic auth
here and it has to be checked by hand.

I am sorry but could you elaborate on this please because I couldn't find
these functions.

*"first add view (in admin_scripts/urls.py is fine) to first check for
basic auth credentials and then pass off to `serve` (as the existing route
already does). That should give us the reproduce (or we can closed as
fixed)."*

Best Regards,
   Bence

Carlton Gibson  ezt írta (időpont: 2021. márc.
4., Cs, 11:15):

> Hi Bence, welcome!
>
> There are already a couple of tests in place to check the remove fetching:
>
>
> https://github.com/django/django/blob/05bbff82638731a6abfed2fe0ae06a4d429cb32f/tests/admin_scripts/tests.py#L2047-L2072
>
> Without changing the command code I'd first add view (in
> admin_scripts/urls.py is fine) to first check for basic auth credentials
> and then pass off to `serve` (as the existing route already does). That
> should give us the reproduce (or we can closed as fixed).
>
> Then I think it's easier if you open a PR with your suggested change after
> that (but more-or-less sounds plausible without looking in depth.)
>
> Hopefully that gets you going?
>
> Kind Regards,
>
> Carlton
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/66771c44-5b9f-4c29-b92a-91cd3092e016n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CALgZer5iS8ETNj8OwoHYhqV%3DUxyGCBrFJ5hRyHjuh4dZS_qTyg%40mail.gmail.com.

Re: Help with ticket #28426

2021-03-04 Thread Carlton Gibson 
Hi Bence, welcome! 

There are already a couple of tests in place to check the remove fetching: 

https://github.com/django/django/blob/05bbff82638731a6abfed2fe0ae06a4d429cb32f/tests/admin_scripts/tests.py#L2047-L2072

Without changing the command code I'd first add view (in 
admin_scripts/urls.py is fine) to first check for basic auth credentials 
and then pass off to `serve` (as the existing route already does). That 
should give us the reproduce (or we can closed as fixed). 

Then I think it's easier if you open a PR with your suggested change after 
that (but more-or-less sounds plausible without looking in depth.) 

Hopefully that gets you going? 

Kind Regards,

Carlton

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/66771c44-5b9f-4c29-b92a-91cd3092e016n%40googlegroups.com.