berlinger-rarents
a4e3e1b584
prevent (prompt for) bitbucket auth when it redirected
...
#5584
8 years ago
moyo
997a062ebd
Support gitlab private-token (or personal-access-token) for easier access via gitlab API
...
Config example:
$HOME/.composer/auth.json
{
"gitlab-token": {
"gitlab.com": "YOUR-TOKEN-HERE"
}
}
Gitlab API authentication doc: http://doc.gitlab.com/ce/api/README.html
8 years ago
Jordi Boggiano
87fbf4a6cd
Clean ups, refs #5485
8 years ago
Stefan Grootscholten
5a31c75289
Fix some of the remaining OAuth issues.
...
- Bitbucket will silently redirect to a login page when downloading a zip.
Added a check to see if the content-type is not text/html
- Make the path from Basic Authentication to OAuth as smooth as possible.
8 years ago
Stefan Grootscholten
1241e3e83c
Simplify the if statement.
8 years ago
Stefan Grootscholten
7716ef059b
Add the access token as query string parameter.
8 years ago
Stefan Grootscholten
6c8b0cc2c1
Change authentication for bitbucket to oauth.
8 years ago
Jordi Boggiano
73d9a4717d
Update list of ciphers /cc @cs278
8 years ago
Jordi Boggiano
3ac822d5e2
Fix access_token param being incorrectly added on github requests after a redirection, fixes #5099
8 years ago
Jordi Boggiano
143db7a9f5
Fix degraded mode usage on packagist, fixes #5350
8 years ago
Jordi Boggiano
36665d791d
Merge branch '1.0'
8 years ago
Jordi Boggiano
c66639fe03
Fix content-length check to look at the last header received, fixes #5268
8 years ago
Jordi Boggiano
2062070be9
Warn users with secure-http disabled once per hostname they access insecurely to avoid bad URLs going by undetected, fixes #5008
8 years ago
Jordi Boggiano
31dcc0bdea
Merge branch '1.0'
8 years ago
Jordi Boggiano
1bf711fe1f
Guard against mbstring func_overload, fixes #5218
8 years ago
David Zuelke
d716c73333
fail download on content-length mismatch
8 years ago
Jordi Boggiano
765a958c42
Merge pull request #5137 from dzuelke/rfs_conlen
...
Fail download on content-length mismatch
8 years ago
Jordi Boggiano
b1723644e0
Use extracted ca-bundle package
8 years ago
Jordi Boggiano
e2056499cb
Avoid open_basedir warnings on is_dir() calls when probing for CABundle
8 years ago
David Zuelke
5dd4d69a6d
fail download on content-length mismatch
8 years ago
Niels Keurentjes
49524bc4ba
Centralize secure-http checking
8 years ago
Jordi Boggiano
37a1e12672
Mark failed downloads as failed instead of 100% complete, fixes #5111
8 years ago
Jordi Boggiano
4cc719cab3
Add support for SSL_CERT_DIR and openssl.capath, fixes #5017
8 years ago
Jordi Boggiano
e94066967c
Add debugging info about proxy usage, refs #4332
8 years ago
Niels Keurentjes
f794ee7870
Fixes for implicit variable declarations, return type mismatches and invalid method declarations.
8 years ago
Jordi Boggiano
cb59cf0c85
Allow exception to secure-http for packagist provider files and add docs, refs #4907
8 years ago
cinamo
b6b416111e
Fixed http check
9 years ago
cinamo
4f5b4aff9c
Undid CS changes
9 years ago
cinamo
da44f46b9c
Code style fixes
9 years ago
cinamo
ef60478926
Added secure-http flag, defaults to true
9 years ago
Jordi Boggiano
09a6a19257
Avoid decoding gzip responses after a redirect, fixes #4897
9 years ago
Jordi Boggiano
49d7d65933
Add verbosity input support to IOInterface
9 years ago
Jordi Boggiano
ae14e0f086
Add ssh2 protocol default ports, fixes #4835
9 years ago
Jordi Boggiano
1818b95149
CS fixes
9 years ago
Jordi Boggiano
5c944d45ac
Merge pull request #4827 from curry684/issue-4203
...
Added more graceful warning suppression utility
9 years ago
Jordi Boggiano
fff5074bbf
Fix additionalOptions getting dropped when SAN and redirect handling are combined, refs #4782
9 years ago
Niels Keurentjes
76c1645a0e
Merge remote-tracking branch 'upstream/master' into issue-4203
9 years ago
Niels Keurentjes
18cd4f966b
Added silencer utility to more gracefully handle error suppression without hiding errors or worse. Fixes #4203 , #4683
9 years ago
Jordi Boggiano
bdb97e7527
Reuse new TlsHelper for CA validation, refs #4798
9 years ago
Jordi Boggiano
1ea810d40b
Merge remote-tracking branch 'cs278/san-support'
9 years ago
Jordi Boggiano
78ffe0fd08
Avoid checking CA files several times
9 years ago
Jordi Boggiano
901e6f1d0e
Fix output and handling of RFS::copy() and extract redirect code into its own method, refs #4783
9 years ago
Jordi Boggiano
a574d5ef76
Merge remote-tracking branch 'cs278/follow-redirects'
9 years ago
Chris Smith
b32aad8439
Do not set TLS options on local URLs
9 years ago
Chris Smith
74aa73e841
The origin may not be the remote host
9 years ago
Chris Smith
304c268c3b
Tidy up and general improvement of sAN handling code
...
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
9 years ago
Chris Smith
7e2a015e9b
Provide support for subjectAltName on PHP < 5.6
9 years ago
Rob Bast
d6be2a693b
switch to array-replace-recursive
9 years ago
Rob Bast
2393222826
more appropriate name
9 years ago
Rob Bast
474541e9aa
apply comments
...
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
to avoid permission errors as much as possible
9 years ago
Chris Smith
33f823146b
Account for ports in URL
9 years ago
Chris Smith
34f1fcbdcb
Drop downgrade warning
9 years ago
Rob Bast
c232566e52
add a hash to make sure CA file gets recreated if the content changes
9 years ago
Rob Bast
cef97904d0
dont rewrite temp CA file if it already exists
...
and make it readable by everyone the first time we create it
9 years ago
Rob Bast
4482a1dca0
also wrong array
9 years ago
Rob Bast
f79255df29
make sure passed options are merged into defaults before checking
9 years ago
Rob Bast
94947ee772
merge isset() calls
9 years ago
Rob Bast
b95b0c2ab6
wrong array
9 years ago
Rob Bast
008cce8d85
add back sanity checks
9 years ago
Rob Bast
c1488f65bf
a quick stab at adding capath
9 years ago
Chris Smith
dd3216e93d
Refactor to use new helper methods for headers
9 years ago
Chris Smith
8a8ec6fccc
Too many redirects is not an error in PHP, return the latest response
9 years ago
Chris Smith
33471e389f
Pass redirect count using options
...
Removing the risk it might be preserved between requests.
9 years ago
Chris Smith
e830a611ec
Handle other path redirects
9 years ago
Chris Smith
ffab235edd
Remove code preventing protocol downgrades
9 years ago
Chris Smith
ce1eda25f3
Follow redirects inside RFS only when required by PHP version
9 years ago
Chris Smith
73662c725a
Don't let PHP follow redirects it doesn't validate certificates
9 years ago
Jordi Boggiano
546730dcf3
Show CA files being used in debug mode, refs #4792
9 years ago
Jordi Boggiano
a13b06725e
Add support for if-modified-since on lazy repos and turning packagist into a lazy provider repo
9 years ago
Jordi Boggiano
33c123e8c2
Fix passing of options to remotefilesystem in composer repo
9 years ago
Rob Bast
22d8b5dff4
fix possible caBundle error
9 years ago
Jordi Boggiano
8375af268c
Use fixed CN_match for github hosts, fixes #4782
9 years ago
Jordi Boggiano
fb848d2e07
Code cleanups
9 years ago
Jordi Boggiano
72fae0bf70
Declare CN_match/SNI_server_name only for php <5.6
9 years ago
Jordi Boggiano
449f68deae
Remove dangerous CN_match fallback
9 years ago
Jordi Boggiano
fc4d94f160
Code clarity and updates from the getcomposer.org installer
9 years ago
Jordi Boggiano
5d015defb8
Merge remote-tracking branch 'origin/master' into tls-config
9 years ago
Jordi Boggiano
fbab2bfa17
Move user agent definition to StreamContextFactory so it is available in all contexts
9 years ago
Jordi Boggiano
f084b1e053
Remove duplicate handling of retry-auth-failure option, refs #3765
9 years ago
Jordi Boggiano
020c126c27
Fix CS
9 years ago
Jérôme Tamarelle
4255db9e31
Allows SSH urls for gitlab and detect the scheme
...
SSH urls uses HTTPS to request the API
9 years ago
Jérôme Tamarelle
ac68a721f4
Merge remote-tracking branch 'composer/master' into gitlab
...
Conflicts:
doc/04-schema.md
src/Composer/Util/RemoteFilesystem.php
9 years ago
Jerome TAMARELLE
211d4632bb
Fix compatibility with PHP 5.3
9 years ago
Jordi Boggiano
58a6d4b7d3
Add comment
9 years ago
David Fuhr
064e1a6d6d
Fix handling of http 400 errors
...
Before 400 errors were silently dropped. This caused composer to store
the returned body (usually some html) in cache. This resulted in later
errors when composer tried to extract this error response as zip.
With this exceptions thrown it handles the error gracefully and falls
back to the next URL provided by the package configuration.
9 years ago
Jordi Boggiano
ce08582671
Fix CS
9 years ago
Jordi Boggiano
9859859f10
Add comment, fixes #4145
9 years ago
Jordi Boggiano
bbf959ac34
Do not retry failures once degraded mode is already enabled
9 years ago
Jordi Boggiano
ff84b32097
Add degraded mode to try and bypass ipv6/gzip issues, refs #4142 , refs #4121
9 years ago
Jordi Boggiano
e2b2f450dc
Merge pull request #4144 from staabm/patch-2
...
Dropped unnecessary break statements
9 years ago
Markus Staab
94a924b702
Dropped unnecessary break statements
...
Next line breaks nevertheless
9 years ago
Markus Staab
a4ad3c2146
Dropped obsolete condition
...
The conditional a few lines above already checks for `bytesMax > 0`
9 years ago
Jordi Boggiano
41f4451c20
take care of retry-auth-failure:false in case of 403 as well
9 years ago
Jordi Boggiano
e16d53893e
Remove password prompt for github tokens and require the user creates a token themselves
9 years ago
Possum
29ca21f30e
PHP version checks tweaking
9 years ago
Jordi Boggiano
1cb427ff5c
Force http1.1 protocol
9 years ago
Roshan Gautam
f870396568
Add oauth2 support for gitlab
9 years ago
Jordi Boggiano
c5cd184767
Revert 331425bcb3
as well, fixes #3612
9 years ago
Stanislav Khromov
6c35dd6b2d
Improved wording
...
All other verbs use are in the form of "doing something", ie Installing, Downloading. "connection" is the odd one out.
9 years ago
Jordi Boggiano
3470cef1f1
Merge pull request #3818 from Hellov/master
...
Duplicate download progress
9 years ago
Jordi Boggiano
331425bcb3
Fix output of first line of progress when output is not decorated, refs #3818
9 years ago
Hello
ef0191ee6a
Duplicate download progress
9 years ago
Jérôme Tamarelle
c1edfbb65c
Add tests on GitLabDriver
...
Add an interactive prompt for gitlab token
Update doc for gitlab-domains
Add tests on GitLabDriver::supports
Update doc + CS
Optimize branch detection + fix typos
Fix test on GitLab support as it depends on SSL
Remove useless method + fix repository URL containing .git
9 years ago
Jérôme Tamarelle
802b57417a
Pass GitLab credential by HTTP header instead of query string to improve security
9 years ago
Henrik Bjørnskov
782c6303bc
Initial GitLab Driver
...
This is a proof of concept, and mostly done to gather feedback on the
structure of the driver and to see if this is something that Composer
should include in core.
Various review changes based on Stof comments.
* Remove cleanup() as it is implemented by the abstract class.
* Remove wrong comment in getReferences
* Implement getSource (as GitHubDriver does)
* Finish phpDocs for methods.
9 years ago
Rob Bast
3d329622d7
overwrite -> overwriteError
9 years ago
Rob Bast
cb336a5416
Implement writeError throughout Composer
9 years ago
Padraic Brady
19e24c5804
Merge branch 'master' into tls-config
...
Conflicts:
.travis.yml
doc/03-cli.md
src/Composer/Command/ConfigCommand.php
src/Composer/Command/CreateProjectCommand.php
src/Composer/Command/DiagnoseCommand.php
src/Composer/Command/InstallCommand.php
src/Composer/Command/RequireCommand.php
src/Composer/Command/SelfUpdateCommand.php
src/Composer/Command/ShowCommand.php
src/Composer/Command/UpdateCommand.php
src/Composer/Config.php
src/Composer/Downloader/FileDownloader.php
src/Composer/Factory.php
src/Composer/Repository/ComposerRepository.php
src/Composer/Repository/PearRepository.php
src/Composer/Repository/Vcs/VcsDriver.php
src/Composer/Util/GitHub.php
src/Composer/Util/RemoteFilesystem.php
10 years ago
Rob Bast
296252330e
fix-token-retrying-itself
10 years ago
SofHad
45089a6771
[Minor] remove the unused private variables
10 years ago
Jordi Boggiano
59648b12a4
Add HHVM support in UA header
10 years ago
Jordi Boggiano
be53c5dd2c
Merge pull request #3207 from cs278/handle-low-diskspace
...
Handle low diskspace errors
10 years ago
Chris Smith
6edf40ee96
When $TMPDIR is low on space PHP streams silently fail
10 years ago
Jordi Boggiano
4ebc5c9a08
Add auth helper and reuse it in git downloader
10 years ago
François Pluchino
8b5c00bff0
Fix phpdoc
10 years ago
Jordi Boggiano
90d1b6e08a
Rename basic-auth to http-basic, add docs/schema/config support, add local auth file support, add storage to auth.json, add store-auths config option, refs #1862
10 years ago
Jordi Boggiano
a115cfd0d8
Fix regression in github fallback behavior
10 years ago
Jordi Boggiano
c811eded7d
Do not output if we are about to retry a download
10 years ago
Jordi Boggiano
b6981d09e8
Fix handling of origin url in composer repository class
10 years ago
Jordi Boggiano
eebffacd9f
Use pagination to get tags/branches from the github API
10 years ago
Jordi Boggiano
009fcb4262
Fix arg signature
10 years ago
Jordi Boggiano
f3c112e9e0
Split non-interactive and bad credential cases
10 years ago
Jordi Boggiano
b437c1cc05
Support github auth directly in the RemoteFilesystem class
10 years ago
Pádraic Brady
470fb58273
Add a bundled cacert.pem as a last resort option
10 years ago
Pádraic Brady
9881d76216
Adds Composer\Factory::createRemoteFilesystem():
...
- Implemented in self-update command
- Added to Composer\IO\BaseIO the getInputOption() and getInputArgument() getters to allow access to input
- Fixed some minor bugs
10 years ago
Pádraic Brady
81b86acc53
Merge branch 'master' of github.com:composer/composer into tls-config
...
Conflicts:
src/Composer/Util/RemoteFilesystem.php
10 years ago
Pádraic Brady
8abff794cd
Fix CN matching to use correct host (should almost eliminate TLS retries where wildcard CNs are used)
10 years ago
Jordi Boggiano
1851c29dd3
Update code to work with #2766
10 years ago
Jordi Boggiano
9db2a537e5
Merge remote-tracking branch 'cs278/github-otp-support'
10 years ago
Jordi Boggiano
28bb781324
Capture response bodies in exceptions when http requests fail
10 years ago
Pádraic Brady
2972ec3d86
Show warning when we retry a TLS connection for downloads
11 years ago
Pádraic Brady
c9c6849df0
Add Common Name (CN) matching checks and TLS connection retry (by default).
...
For example, the communicated host will be github.com, but the CN is *.github.com. Also not matching api.github.com.
The logic detects an initial TLS CN-mismatch error, and parses the correct CN from the error, then checks if the CN and URL have same host before retrying.
11 years ago
Pádraic Brady
a2bf14e381
Make disableTls a core RemoteFilesystem option - per method invites human error
11 years ago
Pádraic Brady
49590af656
$originUrl passed to RemoteFilesystem is actually a HOST string already (so far!)
11 years ago
Pádraic Brady
0a8180674e
Adding some HTTPS check to diagnose command (stash)
11 years ago
Pádraic Brady
2a552df315
Fix openssl_x509_parse() function namespace issue under PHP 5.3.3
11 years ago
Pádraic Brady
2648064e5a
Some typos/corrections
11 years ago
Pádraic Brady
1e1e713329
Added test for RemoteFilesystem TLS options setup
11 years ago
Pádraic Brady
fa54b7054c
Put CN matching above the final recursive option merge
11 years ago
Pádraic Brady
9412bb427a
Add CN_match and SNI_server_name setup to RemoteFilesystem
11 years ago
Pádraic Brady
ca4b4696b0
Added Exceptions, errors and info messages for self-update command and TLS defaults to RemoteFilesystem
11 years ago
Chris Smith
3f6a62099d
Add an option which causes reauth attempts to be bypassed
11 years ago
Chris Smith
20dac3e836
Remove GitHub OTP code from RFS class
11 years ago
Chris Smith
9a0f4392da
Trim whitepsace from each argument
11 years ago
Chris Smith
360df90ba5
Add GitHub OTP to request headers
11 years ago
Chris Smith
3f53acc9af
Test if the 401 was caused by 2FA and ask for OTP if appropriate
11 years ago
Chris Smith
23d35204cd
Bail out of the normal 401 handling routine when the origin is GitHub
11 years ago
Jordi Boggiano
cc7920000c
Ask for auth if we get a 403 and did not have auth yet, fixes #2464
11 years ago
Nils Adermann
f0b45099c1
Correct authorship info for files I edited
11 years ago
Nils Adermann
9402a9fb3c
Plugins receive composer and io objects on construction already
11 years ago