If --allow-unverified is used assume it also means --allow-external

2014-01-10 10:35:55 -05:00 · 2014-01-10 10:35:55 -05:00 · 57acb26498
parent 822a12edcf
commit 57acb26498
2 changed files with 19 additions and 0 deletions
--- a/pip/index.py
+++ b/pip/index.py
@ -56,6 +56,9 @@ class PackageFinder(object):
            normalize_name(n) for n in allow_unverified
        )

+        # Anything that is allowed unverified is also allowed external
+        self.allow_external |= self.allow_unverified
+
        # Do we allow all (safe and verifiable) externally hosted files?
        self.allow_all_external = allow_all_external

--- a/tests/unit/test_finder.py
+++ b/tests/unit/test_finder.py
@ -484,6 +484,22 @@ def test_finder_finds_external_links_without_hashes_scraped_all_all_insecure(dat
    link = finder.find_requirement(req, False)
    assert link.filename == "bar-4.0.tar.gz"

+
+def test_finder_finds_external_links_without_hashes_scraped_insecure(data):
+    """
+    Tests that PackageFinder finds externally scraped links without the
+    external flag
+    """
+    req = InstallRequirement.from_line("bar", None)
+
+    # using a local index
+    finder = PackageFinder([], [data.index_url("externals")],
+                allow_unverified=["bar"],
+            )
+    link = finder.find_requirement(req, False)
+    assert link.filename == "bar-4.0.tar.gz"
+
+
 class test_link_package_versions(object):

    # patch this for travis which has distribute in it's base env for now