User is prompted twice for credentials with private PyPI

[gsheni]

Description

Given a private PyPI that requires basic HTTP-based authentication credentials, the user is prompted twice for credentials. First, for the initial request to install the packages. Second, for the pip version check. This means the user must enter their username and password twice: once for the package (and its dependencies), and then again for the pip version check.

In my debugging, I saw 2 GET requests sent for /pip/. One request happens without credentials, the user is prompted, and another GET happens with credentials.

Expected behavior

The user should be prompted once for the username/password. Those credentials should be used for all requests.

pip version

24.0

Python version

3.11.9

OS

macOS

How to Reproduce

1. Create PyPI with required HTTP authentication and add packages to it.
2. Run

pip install my-package --index-url http://127.0.0.1:8000 --force-reinstall --no-cache-dir

3. Enter the username, and password when prompted.
4. Wait until all the packages have install.
5. The pip version will be checked, at which point you will be prompted again for your username & password

Output

~ ❯ pip install my-package --index-url http://repo.url --force-reinstall --no-cache-dir
Looking in indexes: http://repo.url
User for repo.url: username
Password:
Save credentials to keyring [y/N]: n
Collecting ....
Successfully installed ....
reply: 'HTTP/1.1 401 Unauthorized\r\n'
User for repo.url: username
Password:
Save credentials to keyring [y/N]: n

Code of Conduct

• I agree to follow the PSF Code of Conduct.

[SquareWaffles]

I had the same issue for quite a while but upgraded to pip 24.2 from 23.0.1 this morning and the issue was resolved on Windows 10.