From 7a112b03959715d649c96340af7ffbcd4b1e5fe6 Mon Sep 17 00:00:00 2001 From: Phil Lello Date: Tue, 14 Jun 2016 20:02:00 +0100 Subject: [PATCH] Check headers for missing scopes before asking for new OAuth token This patch stops the GitHub VCS driver prompting for a new access token when a repository is deleted/hidden. Specifically, it checks the X-OAuth-Scopes and X-Accepted-OAuth-Scopes response headers to see if the scopes on the current request match those needed by the API call. If they do, the 404 means that the repo is deleted/hidden, and there's no point asking for a new OAuth token. --- src/Composer/Repository/Vcs/GitHubDriver.php | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/src/Composer/Repository/Vcs/GitHubDriver.php b/src/Composer/Repository/Vcs/GitHubDriver.php index 8019e194c..5c05a218b 100644 --- a/src/Composer/Repository/Vcs/GitHubDriver.php +++ b/src/Composer/Repository/Vcs/GitHubDriver.php @@ -325,7 +325,27 @@ class GitHubDriver extends VcsDriver return $this->attemptCloneFallback(); } - $gitHubUtil->authorizeOAuthInteractively($this->originUrl, 'Your GitHub credentials are required to fetch private repository metadata ('.$this->url.')'); + $scopes_issued = array(); + $scopes_needed = array(); + if (!is_null($headers = $e->getHeaders())) { + // Check if X-OAuth-Scopes and X-Accepted-OAuth-Scopes should let us in... + foreach ($headers as $header) { + $k = substr($header, 0, strpos($header, ":")); + $v = trim(substr($header, strpos($header, ":")+1)); + switch ($k) { + case 'X-OAuth-Scopes': + $scopes_issued = explode(" ", $v); + break; + case 'X-Accepted-OAuth-Scopes': + $scopes_needed = explode(" ", $v); + break; + } + } + } + $scopes_failed = array_diff($scopes_needed, $scopes_issued); + if (is_null($headers) || count($scopes_failed)) { + $gitHubUtil->authorizeOAuthInteractively($this->originUrl, 'Your GitHub credentials are required to fetch private repository metadata ('.$this->url.')'); + } return parent::getContents($url);