How to download PyPI packages using Wget when anonymous access is enabled?

Muhammed Kashif
2020-06-10 08:55

Sometimes it becomes necessary to download the PyPI packages from the repositories that do not have anonymous access using the Wget command, however, this may fail with forbidden access.

For instance, we have enabled anonymous access for any of the repositories following this KB Article and when trying to download the PyPI packages using the below Wget command would fail with forbidden access.wget --user=admin --password=password -d http://localhost:8081/artifactory/api/pypi/pypi-local/6e/b0/07bb4981158e66021516a8b47793dfc7e58a7914ca82520b5c28573fa409/AdHoc-0.1.1.tar.gzDebugging support not compiled in. Ignoring --debug flag.--2020-05-18 19:28:10--  http://localhost:8081/artifactory/api/pypi/pypi-local/6e/b0/07bb4981158e66021516a8b47793dfc7e58a7914ca82520b5c28573fa409/AdHoc-0.1.1.tar.gzResolving localhost (localhost)... ::1, 127.0.0.1Connecting to localhost (localhost)|::1|:8081... connected.HTTP request sent, awaiting response... 403 Forbidden2020-05-18 19:28:11 ERROR 403: Forbidden.However, the packages are downloadable using the curl command or enabling the anonymous access to that PyPI repository.

To download the package from the PyPI repository after enabling the anonymous access to some other repository using Wget is by sending the “–auth-no-challenge” the option along with Wget. wget --user=admin --password=password -d --auth-no-challenge http://localhost:8081/artifactory/api/pypi/pypi-local/6e/b0/07bb4981158e66021516a8b47793dfc7e58a7914ca82520b5c28573fa409/AdHoc-0.1.1.tar.gzThe reason is how Wget works, curl command sends the basic authentication to Artifactory but Wget request a basic authentication challenge from the server-side i.e., Artifactory before sending the credentials, however, as the first request from Wget is anonymous and Anonymous access is enabled in Artifactory and have no permissions over the PyPI repository the request fails. Using the “–auth-no-challenge” option along with Wget command will bypass the Wget’s 
sending the basic authentication challenge request to Artifactory and sends the credentials along with the request.