Log all upload responses with --verbose

[bhrutledge]

Towards #856. This is a quick hack to log all HTTP responses, not just --verbose, in the hopes of assisting debugging uploads that should fail, but don't.

@usinelogicielle, can you try this out in your environment? You should be able to install it with:

python3 -m pip install -e git+https://github.com/bhrutledge/twine.git@856-verbose-response#egg=twine

I'm very open to feedback on the approach, which I'd like before I add/update tests.

[usinelogicielle]

Hi,

I tested yesterday and the PR works.
This is the return of the command

$>twine upload --verbose --repository-url https://<ARTIFACTORY_URL>/artifactory/api/pypi/<REPO>   --username <USER> --password **** dist/*

Uploading distributions to https://<ARTIFACTORY_URL>/artifactory/api/pypi/<REPO>
  dist/python_artifactory_internet-1.0-py3-none-any.whl (1.8 KB)
  dist/python_artifactory_internet-1.0.tar.gz (1.0 KB)
username set by command options
password set by command options
username: <USER>
password: <hidden>
Uploading python_artifactory_internet-1.0-py3-none-any.whl
100%|██████████| 4.68k/4.68k [00:00<00:00, 45.6kB/s]
Received 403 response from https://<ARTIFACTORY_URL>/artifactory/api/pypi/<REPO>: Forbidden
Response text:
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: <ID>><br><br><a href='javascript:history.back();'>[Go Back]</a>
</body></html>
HTTPError: 403 Forbidden from https://<ARTIFACTORY_URL>/artifactory/api/pypi/<REPO>
Forbidden

The test was with the same network but with another local environment. What is strange is even with the current twine version from pip
twine version 3.7.1 (importlib_metadata: 4.8.3, pkginfo: 1.8.2, requests:
2.27.1, requests-toolbelt: 0.9.1, tqdm: 4.62.3)
The error 403 is shown.
When I had the error on the first test. I have the same twine version but no error 403.

[bhrutledge]

With failing tests fixed and a new test added, I think this is ready to review for merge.

[bhrutledge]

After dithering on it for awhile, I went back to a simple log message, that honestly feels like it will be redundant in most cases, but potentially useful. Is there other information that should be included at this level of verbosity?

Failure:

Uploading example_pkg_bhrutledge-0.0.5-py3-none-any.whl
Response from https://test.pypi.org/legacy/:
400 File already exists. See https://test.pypi.org/help/#file-name-reuse for more information.
<html>
 <head>
  <title>400 File already exists. See https://test.pypi.org/help/#file-name-reuse for more information.</title>
 </head>
 <body>
  <h1>400 File already exists. See https://test.pypi.org/help/#file-name-reuse for more information.</h1>
  The server could not comply with the request since it is either malformed or otherwise incorrect.<br/><br/>
File already exists. See https://test.pypi.org/help/#file-name-reuse for more information.


 </body>
</html>
HTTPError: 400 Bad Request from https://test.pypi.org/legacy/
File already exists. See https://test.pypi.org/help/#file-name-reuse for more information.

Success:

Uploading example_pkg_bhrutledge-0.0.6.post2-py3-none-any.whl
Response from https://test.pypi.org/legacy/:
200 OK
Uploading example-pkg-bhrutledge-0.0.6.post2.tar.gz
Response from https://test.pypi.org/legacy/:
200 OK

[sigmavirus24]

I do still wonder if we need any information (for non-PyPI artifact hosts) regarding redirects. Even if it's a count and not the specific status codes in the history.

[bhrutledge]

@sigmavirus24 I wondered about that, but I thought maybe it was moot because redirects result in an error:

twine/twine/commands/upload.py

Lines 146 to 154 in a228795

	# Bug 92. If we get a redirect we should abort because something seems
	# funky. The behaviour is not well defined and redirects being issued
	# by PyPI should never happen in reality. This should catch malicious
	# redirects as well.
	if resp.is_redirect:
	raise exceptions.RedirectDetected.from_args(
	repository_url,
	resp.headers["location"],
	)

But, I could certainly be wrong. If so, can you recommend some specific attributes of the Response object to log?

[sigmavirus24]

Ah, nevermind. That makes sense to me that we've turned off redirects.

[sigmavirus24]

If we did allow redirects, we could log len(response.history) to get the number of redirects. Alternatively, we could do a ', '.join(str(r.status_code) for r in response.history), etc.