Do not search for a password for requests with a token attached already (#15772)

2025-09-10 13:52:09 -05:00 · 2025-09-10 13:52:09 -05:00 · b2c59a8ace
parent 7c716d5227
commit b2c59a8ace
3 changed files with 15 additions and 5 deletions
--- a/crates/uv-auth/src/cache.rs
+++ b/crates/uv-auth/src/cache.rs
@ -148,8 +148,8 @@ impl CredentialsCache {

        let mut realms = self.realms.write().unwrap();

-        // Always replace existing entries if we have a password
-        if credentials.password().is_some() {
+        // Always replace existing entries if we have a password or token
+        if credentials.is_authenticated() {
            return realms.insert(key, credentials.clone());
        }

--- a/crates/uv-auth/src/credentials.rs
+++ b/crates/uv-auth/src/credentials.rs
@ -141,6 +141,16 @@ impl Credentials {
        }
    }

+    pub fn is_authenticated(&self) -> bool {
+        match self {
+            Self::Basic {
+                username: _,
+                password,
+            } => password.is_some(),
+            Self::Bearer { token } => !token.is_empty(),
+        }
+    }
+
    pub(crate) fn is_empty(&self) -> bool {
        match self {
            Self::Basic { username, password } => username.is_none() && password.is_none(),
--- a/crates/uv-auth/src/middleware.rs
+++ b/crates/uv-auth/src/middleware.rs
@ -328,7 +328,7 @@ impl Middleware for AuthMiddleware {
                request = credentials.authenticate(request);

                // If it's fully authenticated, finish the request
-                if credentials.password().is_some() {
+                if credentials.is_authenticated() {
                    trace!("Request for {url} is fully authenticated");
                    return self
                        .complete_request(None, request, extensions, next, auth_policy)
@ -420,7 +420,7 @@ impl Middleware for AuthMiddleware {
        .or(credentials);

        if let Some(credentials) = credentials.as_ref() {
-            if credentials.password().is_some() {
+            if credentials.is_authenticated() {
                trace!("Retrying request for {url} with credentials from cache {credentials:?}");
                retry_request = credentials.authenticate(retry_request);
                return self
@ -529,7 +529,7 @@ impl AuthMiddleware {
        let credentials = Arc::new(credentials);

        // If there's a password, send the request and cache
-        if credentials.password().is_some() {
+        if credentials.is_authenticated() {
            trace!("Request for {url} already contains username and password");
            return self
                .complete_request(Some(credentials), request, extensions, next, auth_policy)