python-poetry · maayanbar13 · May 29, 2020 · Sep 12, 2020 · Sep 12, 2020 · Sep 12, 2020
diff --git a/docs/docs/repositories.md b/docs/docs/repositories.md
@@ -134,3 +134,19 @@ default = true
 ```
 
 A default source will also be the fallback source if you add other sources.
+
+### Trusting a repository
+
+You can bypass SSL verification for a repository if you know it can be trusted (useful for corporate private repositories):
+
+```toml
+[[tool.poetry.source]]
+name = "foo"
+url = "https://foo.bar/simple/"
+trusted = true
+```
+
+You can also change it in your local configuration using the `config` command:
+```bash
+poetry config certificates.foo.trusted true
+```
diff --git a/poetry/console/commands/config.py b/poetry/console/commands/config.py
@@ -247,20 +247,32 @@ def handle(self) -> Optional[int]:
 
         # handle certs
         m = re.match(
-            r"(?:certificates)\.([^.]+)\.(cert|client-cert)", self.argument("key")
+            r"(?:certificates)\.([^.]+)\.(cert|client-cert|trusted)",
+            self.argument("key"),
         )
         if m:
+            key = "certificates.{}.{}".format(m.group(1), m.group(2))
             if self.option("unset"):
-                config.auth_config_source.remove_property(
-                    "certificates.{}.{}".format(m.group(1), m.group(2))
-                )
+                config.auth_config_source.remove_property(key)
 
                 return 0
 
-            if len(values) == 1:
-                config.auth_config_source.add_property(
-                    "certificates.{}.{}".format(m.group(1), m.group(2)), values[0]
+            if m.group(2) == "trusted":
+                from poetry.config.config import boolean_normalizer
+                from poetry.config.config import boolean_validator
+
+                self._handle_single_value(
+                    config.auth_config_source,
+                    key,
+                    (
+                        boolean_validator,
+                        boolean_normalizer,
+                        False,
+                    ),
+                    values,
                 )
+            elif len(values) == 1:
+                config.auth_config_source.add_property(key, values[0])
             else:
                 raise ValueError("You must pass exactly 1 value")
 

diff --git a/poetry/factory.py b/poetry/factory.py
@@ -146,6 +146,7 @@ def create_legacy_repository(
         from .repositories.legacy_repository import LegacyRepository
         from .utils.helpers import get_cert
         from .utils.helpers import get_client_cert
+        from .utils.helpers import get_truested
 
         if "url" in source:
             # PyPI-like repository
@@ -163,4 +164,5 @@ def create_legacy_repository(
             config=auth_config,
             cert=get_cert(auth_config, name),
             client_cert=get_client_cert(auth_config, name),
+            trusted=source.get("trusted", False) or get_truested(auth_config, name),
         )
diff --git a/poetry/installation/pip_installer.py b/poetry/installation/pip_installer.py
@@ -54,6 +54,8 @@ def install(self, package: "Package", update: bool = False) -> None:
                     )
                 )
                 args += ["--trusted-host", parsed.hostname]
+            elif repository.trusted:
+                args += ["--trusted-host", parsed.hostname]
 
             if repository.cert:
                 args += ["--cert", str(repository.cert)]

diff --git a/poetry/json/schemas/poetry-schema.json b/poetry/json/schemas/poetry-schema.json
@@ -523,6 +523,10 @@
                 "secondary": {
                     "type": "boolean",
                     "description": "Declare this repository as secondary, i.e. it will only be looked up last for packages."
+                },
+                "trusted": {
+                    "type": "boolean",
+                    "description": "Declare this repository as trusted, i.e. option --trusted-host will be used when installing packages with pip."
                 }
             }
         }

diff --git a/poetry/repositories/legacy_repository.py b/poetry/repositories/legacy_repository.py
@@ -170,6 +170,7 @@ def __init__(
         disable_cache: bool = False,
         cert: Optional[Path] = None,
         client_cert: Optional[Path] = None,
+        trusted: Optional[bool] = False,
     ) -> None:
         if name == "pypi":
             raise ValueError("The name [pypi] is reserved for repositories")
@@ -179,6 +180,7 @@ def __init__(
         self._url = url.rstrip("/")
         self._client_cert = client_cert
         self._cert = cert
+        self._trusted = trusted
         self._cache_dir = REPOSITORY_CACHE_DIR / name
         self._cache = CacheManager(
             {
@@ -222,6 +224,10 @@ def cert(self) -> Optional[Path]:
     def client_cert(self) -> Optional[Path]:
         return self._client_cert
 
+    @property
+    def trusted(self) -> bool:
+        return self._trusted
+
     @property
     def authenticated_url(self) -> str:
         if not self._session.auth:
@@ -392,12 +398,25 @@ def _get_release_info(self, name: str, version: str) -> dict:
     def _get(self, endpoint: str) -> Optional[Page]:
         url = self._url + endpoint
         try:
+            if self._trusted:
+                import urllib3
+
+                urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
             response = self.session.get(url)
+
             if response.status_code == 404:
                 return
             response.raise_for_status()
         except requests.HTTPError as e:
             raise RepositoryError(e)
+        finally:
+            if self._trusted:
+                import urllib3
+
+                urllib3.warnings.simplefilter(
+                    "default", urllib3.exceptions.InsecureRequestWarning
+                )
 
         if response.status_code in (401, 403):
             self._log(

diff --git a/poetry/utils/helpers.py b/poetry/utils/helpers.py
@@ -71,6 +71,14 @@ def get_client_cert(config: Config, repository_name: str) -> Optional[Path]:
         return None
 
 
+def get_truested(config: Config, repository_name: str) -> Optional[bool]:
+    trusted = config.get("certificates.{}.trusted".format(repository_name))
+    if trusted:
+        return bool(trusted)
+    else:
+        return None
+
+
 def _on_rm_error(func: Callable, path: str, exc_info: Exception) -> None:
     if not os.path.exists(path):
         return

diff --git a/tests/console/commands/test_config.py b/tests/console/commands/test_config.py
@@ -133,6 +133,14 @@ def test_set_cert(tester, auth_config_source, mocker):
     assert "path/to/ca.pem" == auth_config_source.config["certificates"]["foo"]["cert"]
 
 
+def test_set_trusted(tester, auth_config_source, mocker):
+    mocker.spy(ConfigSource, "__init__")
+
+    tester.execute("certificates.foo.trusted true")
+
+    assert "true" == auth_config_source.config["certificates"]["foo"]["trusted"]
+
+
 def test_config_installer_parallel(tester, command_tester_factory):
     tester.execute("--local installer.parallel")
     assert tester.io.fetch_output().strip() == "true"

diff --git a/tests/fixtures/with_trusted_source/README.rst b/tests/fixtures/with_trusted_source/README.rst
@@ -0,0 +1,2 @@
+My Package
+==========
diff --git a/tests/fixtures/with_trusted_source/pyproject.toml b/tests/fixtures/with_trusted_source/pyproject.toml
@@ -0,0 +1,62 @@
+[tool.poetry]
+name = "my-package"
+version = "1.2.3"
+description = "Some description."
+authors = [
+    "Sébastien Eustace <sebastien@eustace.io>"
+]
+license = "MIT"
+
+readme = "README.rst"
+
+homepage = "https://python-poetry.org"
+repository = "https://github.com/python-poetry/poetry"
+documentation = "https://python-poetry.org/docs"
+
+keywords = ["packaging", "dependency", "poetry"]
+
+classifiers = [
+    "Topic :: Software Development :: Build Tools",
+    "Topic :: Software Development :: Libraries :: Python Modules"
+]
+
+# Requirements
+[tool.poetry.dependencies]
+python = "~2.7 || ^3.6"
+cleo = "^0.6"
+pendulum = { git = "https://github.com/sdispater/pendulum.git", branch = "2.0" }
+requests = { version = "^2.18", optional = true, extras=[ "security" ] }
+pathlib2 = { version = "^2.2", python = "~2.7" }
+
+orator = { version = "^0.9", optional = true }
+
+# File dependency
+demo = { path = "../distributions/demo-0.1.0-py2.py3-none-any.whl" }
+
+# Dir dependency with setup.py
+my-package = { path = "../project_with_setup/" }
+
+# Dir dependency with pyproject.toml
+simple-project = { path = "../simple_project/" }
+
+
+[tool.poetry.extras]
+db = [ "orator" ]
+
+[tool.poetry.dev-dependencies]
+pytest = "~3.4"
+
+
+[tool.poetry.scripts]
+my-script = "my_package:main"
+
+
+[tool.poetry.plugins."blogtool.parsers"]
+".rst" = "some_module::SomeClass"
+
+
+[[tool.poetry.source]]
+name = "foo"
+url = "https://foo.bar/simple/"
+default = true
+trusted = true
diff --git a/tests/installation/test_pip_installer.py b/tests/installation/test_pip_installer.py
@@ -177,6 +177,36 @@ def test_requirement_git_develop_true(installer, package_git):
     assert expected == result
 
 
+def test_install_with_trusted_host():
+    pool = Pool()
+    host = "foo.bar"
+
+    default = LegacyRepository("default", f"https://{host}", trusted=True)
+
+    pool.add_repository(default, default=True)
+
+    null_env = NullEnv()
+
+    installer = PipInstaller(null_env, NullIO(), pool)
+
+    foo = Package(
+        "foo",
+        "0.0.0",
+        source_type="legacy",
+        source_reference=default._name,
+        source_url=default._url,
+    )
+
+    installer.install(foo)
+
+    assert len(null_env.executed) == 1
+    cmd = null_env.executed[0]
+    assert "--trusted-host" in cmd
+    trusted_host_index = cmd.index("--trusted-host")
+
+    assert cmd[trusted_host_index + 1] == host
+
+
 def test_uninstall_git_package_nspkg_pth_cleanup(mocker, tmp_venv, pool):
     # this test scenario requires a real installation using the pip installer
     installer = PipInstaller(tmp_venv, NullIO(), pool)

diff --git a/tests/test_factory.py b/tests/test_factory.py
@@ -152,6 +152,12 @@ def test_poetry_with_default_source():
     assert 1 == len(poetry.pool.repositories)
 
 
+def test_poetry_with_trusted_source():
+    poetry = Factory().create_poetry(fixtures_dir / "with_trusted_source")
+
+    assert 1 == len(poetry.pool.repositories)
+
+
 def test_poetry_with_non_default_source():
     poetry = Factory().create_poetry(fixtures_dir / "with_non_default_source")
 

diff --git a/tests/utils/test_helpers.py b/tests/utils/test_helpers.py
@@ -3,6 +3,7 @@
 from poetry.core.utils.helpers import parse_requires
 from poetry.utils.helpers import get_cert
 from poetry.utils.helpers import get_client_cert
+from poetry.utils.helpers import get_truested
 
 
 def test_parse_requires():
@@ -70,3 +71,10 @@ def test_get_client_cert(config):
     config.merge({"certificates": {"foo": {"client-cert": client_cert}}})
 
     assert get_client_cert(config, "foo") == Path(client_cert)
+
+
+def test_get_trusted(config):
+    trusted = "true"
+    config.merge({"certificates": {"foo": {"trusted": trusted}}})
+
+    assert get_truested(config, "foo")