Search code examples
python.htaccesspypi.htpasswdpasslib

"malformed htpasswd file" error message when starting pypi-server

When starting the pypi-server I get an error message saying "malformed htpasswd file". I get the error message even if the .htpasswd file does not exist. What is causing the error?

Here is the entire Traceback:

C:\Data>pypi-server -p 8080 -P packages\.htaccess packages
Traceback (most recent call last):
  File "c:\python27\lib\runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "c:\python27\lib\runpy.py", line 72, in _run_code
    exec code in run_globals
  File "C:\Python27\Scripts\pypi-server.exe\__main__.py", line 9, in <module>
  File "c:\python27\lib\site-packages\pypiserver\__main__.py", line 293, in main
    app = pypiserver.app(**vars(c))
  File "c:\python27\lib\site-packages\pypiserver\__init__.py", line 124, in app
    config, packages = core.configure(**kwds)
  File "c:\python27\lib\site-packages\pypiserver\core.py", line 47, in configure
    htPsswdFile = HtpasswdFile(c.password_file)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 583, in __init__
    super(HtpasswdFile, self).__init__(path, **kwds)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 166, in __init__
    self.load()
  File "c:\python27\lib\site-packages\passlib\apache.py", line 236, in load
    self._load_lines(fh)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 261, in _load_lines
    key, value = parse(line, idx+1)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 590, in _parse_record
    % lineno)
ValueError: malformed htpasswd file (error reading line 1)

I have the following folder structure:

C:\Data\packages\.htaccess 
C:\Data\packages\.htpasswd

The content of the .htaccess file is:

AuthName "Under Development"
AuthUserFile C:\Data\packages\.htpasswd
AuthType basic
Require valid-user

The content of the .htpasswd file is:

user:$apr1$zYBRb3n6$PBrNqfGoyb9ZQC5hGuRJN0
Solution

  • The pypiserver does not support .htaccess files; this is an Apache-only feature. it just reuses the .htpasswd file-format from Apache.

    Additionally, the htpasswd file is better not to be located inside the packages folder, to be impossible for pypiserver to serve it by mistake, and reveal thus its contents.

    So move the htpasswd file e.g. to the parent folder, remove the dot prefix (no need to be hidden/special), and change the startup command:

    move packages\.htpasswd .\htpasswd
del packages\.htaccess
pypiserver -p 8080 -P htpasswd packages