clojars

http://clojars.org discussion and “support”, see http://status.clojars.org for status.
dharrigan 2020-10-16T14:14:29.043500Z

Hi Everyone. I'm asking on behalf of someone who wishes to publish up a jar. A bit of background first, I've volunteered and tidied up this library <https://github.com/getsentry/sentry-clj>. The original person who did it (employee of Sentry) has long left the company. I don't work for Sentry btw. Someone within Sentry is trying to now push up the jar (after requesting help from the Admins at Clojars to reclaim ownership of the repo). This person is now having difficultly uploading the jar (I'm trying to walk them through it). I can upload (via my own username), they can't.

dharrigan 2020-10-16T14:14:41.043800Z

They are getting Failed to transfer file: <https://clojars.org/repo/io/sentry/sentry-clj/3.1.0/sentry-clj-3.1.0.pom>. Return code is: 401, ReasonPhrase: Unauthorized.

dharrigan 2020-10-16T14:15:51.044400Z

THey are using their own username and they are using CLOJARS_ and apparently the token scope is set to *

2020-10-16T14:18:39.044600Z

Is their user a member of the io.sentry group on Clojars? I see brungarc and sentry as members: https://clojars.org/groups/io.sentry/

2020-10-16T14:19:14.044900Z

Is the token they are using created under their own clojars account?

dharrigan 2020-10-16T14:21:11.045100Z

Yes, I believe so (to the first question)

dharrigan 2020-10-16T14:21:13.045300Z

dharrigan 2020-10-16T14:21:33.045700Z

Checking for the second question

dharrigan 2020-10-16T14:24:02.045900Z

They created the token under their own account

dharrigan 2020-10-16T14:26:20.046100Z

I think they need to do this, right?

dharrigan 2020-10-16T14:26:32.046300Z

any artifact within a group you have access to ('group-name/*')

dharrigan 2020-10-16T14:26:32.046500Z

a new deploy token for the io.sentry group

2020-10-16T14:27:26.046800Z

I token with * should be able to deploy to any group they are a member of. I'll ssh into the server and look at the logs to see if there is any more context there.

dharrigan 2020-10-16T14:27:35.047Z

thank you

2020-10-16T14:37:17.047200Z

The log message is :invalid-token, which means one of: • the token itself is incorrect • the token is for another user • the token is disabled See https://github.com/clojars/clojars-web/blob/main/src/clojars/auth.clj#L106-L116

dharrigan 2020-10-16T14:39:07.047500Z

Recommendation?

dharrigan 2020-10-16T14:39:15.047700Z

Regenerate a new token and try?

dharrigan 2020-10-16T14:42:48.047900Z

(going to try that)

2020-10-16T14:45:21.048100Z

If I query the db for tokens for brungarc, it returns 0. So that would imply that they are using a token created for another user.

2020-10-16T14:45:21.048300Z

They need to create a token under their own account and use that. Or use the username of the account where the token was created (`sentry`?)

dharrigan 2020-10-16T14:46:12.048500Z

Thank you, I shall pass that along. Hopefully they can sort it 🙂

dharrigan 2020-10-16T14:52:13.048700Z

done! they were using the wrong username!!!

dharrigan 2020-10-16T14:52:16.048900Z

thank you @tcrawley

dharrigan 2020-10-16T14:52:18.049100Z

<https://clojars.org/io.sentry/sentry-clj>

dharrigan 2020-10-16T14:52:23.049300Z

in all it's glory

2020-10-16T14:54:22.049500Z

Great! Glad y'all figured it out. I do see that there is no link to the source though :( Lein auto-adds that to the pom.xml - are y'all deploying with some other tool?

dharrigan 2020-10-16T14:54:33.049700Z

yes deps-deploy

dharrigan 2020-10-16T14:54:39.049900Z

I will fix it and do a MR

dharrigan 2020-10-16T14:55:03.050100Z

Baby steps 😉

2020-10-16T14:55:16.050300Z

Cool. It will require another release to update it on http://clojars.org, just FYI

dharrigan 2020-10-16T14:55:23.050500Z

I'll do it as a patch

dharrigan 2020-10-16T14:55:27.050700Z

thank you very much!

2020-10-16T14:56:08.050900Z

My pleasure!