Gated dataset info is leaked

[albertvillanova]

Describe the bug

Unauthenticated users can access gated dataset info.

Reproduction

from huggingface_hub import HfApi

hf_api = HfApi(token=False)
dataset_info = hf_api.dataset_info("albertvillanova/gated-csv", token=False)
print(dataset_info)

Logs

DatasetInfo(id='albertvillanova/gated-csv', author='albertvillanova', sha='7ce938a89113308d5a724e6f3c9a2c07315983d4', created_at=datetime.datetime(2024, 8, 19, 9, 52, 14, tzinfo=datetime.timezone.utc), last_modified=datetime.datetime(2024, 8, 19, 9, 53, 48, tzinfo=datetime.timezone.utc), private=False, gated='manual', disabled=False, downloads=0, downloads_all_time=None, likes=0, paperswithcode_id=None, tags=['region:us'], card_data=None, siblings=[RepoSibling(rfilename='.gitattributes', size=None, blob_id=None, lfs=None), RepoSibling(rfilename='train.csv', size=None, blob_id=None, lfs=None)])

System info

- huggingface_hub version: 0.24.5
- Platform: Linux-6.1.85+-x86_64-with-glibc2.35
- Python version: 3.10.12
- Running in iPython ?: Yes
- iPython shell: Shell
- Running in notebook ?: Yes
- Running in Google Colab ?: Yes
- Token path ?: /root/.cache/huggingface/token
- Has saved token ?: False
- Configured git credential helpers: 
- FastAI: 2.7.16
- Tensorflow: 2.17.0
- Torch: 2.3.1+cu121
- Jinja2: 3.1.4
- Graphviz: 0.20.3
- keras: 3.4.1
- Pydot: 1.4.2
- Pillow: 9.4.0
- hf_transfer: N/A
- gradio: N/A
- tensorboard: N/A
- numpy: 1.26.4
- pydantic: 2.8.2
- aiohttp: 3.10.2
- ENDPOINT: https://huggingface.co
- HF_HUB_CACHE: /root/.cache/huggingface/hub
- HF_ASSETS_CACHE: /root/.cache/huggingface/assets
- HF_TOKEN_PATH: /root/.cache/huggingface/token
- HF_HUB_OFFLINE: False
- HF_HUB_DISABLE_TELEMETRY: False
- HF_HUB_DISABLE_PROGRESS_BARS: None
- HF_HUB_DISABLE_SYMLINKS_WARNING: False
- HF_HUB_DISABLE_EXPERIMENTAL_WARNING: False
- HF_HUB_DISABLE_IMPLICIT_TOKEN: False
- HF_HUB_ENABLE_HF_TRANSFER: False
- HF_HUB_ETAG_TIMEOUT: 10
- HF_HUB_DOWNLOAD_TIMEOUT: 10

[Wauplin]

This is not a bug but a feature 😉
Even when a repo is gated, some info is made accessible to the public. The actual data stored on the repo shouldn't be accessible but that's it. I'll close this issue but happy to reopen if there is a specific attribute you'd like to discuss.

cc @Pierrci on the Hub side

[albertvillanova]

Thanks for your reply, @Wauplin. Do you know since when this is the case?

Since this feature was enabled, we have dead code in the datasets library and the dataset-viewer CI failing:

• CI worker tests are broken for gated datasets: ConnectionError dataset-viewer#3025

[Wauplin]

Beginning of August I think. It also created some other side effects (see internal slack) so feel free to have a look if your issue is similar.

[Wauplin]

You can check if a dataset is gated with dataset_info(..., expand="gated"). And you can check if your token has access to the gated repo using GET /api/:repoType(models|spaces|datasets)/:namespace/:repo/auth-check (It will return 200 if the token has access, 403 if not, and 404 if no repo)

[albertvillanova]

Thanks a lot, @Wauplin.