122e422682
CS fixes
7 years ago
c8cf24daad
Minor tweaks and CS fixes to new bitbucket integration, refs #6094
7 years ago
44ea284ab9
Merge remote-tracking branch 'stefangr/implement_bitbucket_api_v2'
7 years ago
260b85882f
Merge remote-tracking branch 'dzuelke/installmsgs' into 1.3
7 years ago
63447cf724
Avoid retrying forever if a gitlab token has insufficient rights, fixes #6189
7 years ago
08fc56b38a
Avoid using null value as string, fixes #6134
7 years ago
966d0bec10
One more non-camelCase variable.
8 years ago
17d5f6d88a
fix some install msg corner cases
...
mostly around updates; had to go back to a colon even for 'from cache'
8 years ago
2d36324e99
streamline install progress messages
8 years ago
3eeb6214eb
Fix RemoteFilesystem::isPublicBitBucketDownload
...
The access token was added to requests to third party hosts the bitbucket api is redirecting to.
8 years ago
b3b05949bb
Implement most desirable Authorization method.
...
As per https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication#make-requests
adding the OAuth access token in the Authorization header is desired above adding it to the URL.
8 years ago
a4af559ca8
Store access-token for re-use
...
Store the Bitbucket access-token (and the expiration time) so it can be re-used within the time it is valid.
The Bitbucket::requestToken and Bitbucket::getToken now only return the access-token and not all other parameters it receives from the Bitbucket API.
8 years ago
d80d266201
Fix dist download from bitbucket.
...
URL https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2
results in the following $pathParts:
array(5) {
[0]=>
string(0) ""
[1]=>
string(5) "ariya"
[2]=>
string(9) "phantomjs"
[3]=>
string(9) "downloads"
[4]=>
string(36) "phantomjs-2.1.1-linux-x86_64.tar.bz2"
}
A dist download URL is like:
https://bitbucket.org/user/repo/get/[git-hash].zip
array(5) {
[0]=>
string(0) ""
[1]=>
string(4) "user"
[2]=>
string(4) "repo"
[3]=>
string(3) "get"
[4]=>
string(14) "[git-hash].zip"
}
8 years ago
4d082f77b8
Simplify composer output to take less lines
8 years ago
c0e28a9043
Remove static/public method
8 years ago
489a8f3d5a
revert to simply making an exception (no acces_token) for bitbucket/user/repo/downloads URLs
...
[#5584 ]
8 years ago
5123c5cf76
remove redundant truth check
8 years ago
8845ea467a
try bitbucket downloads first time without auth
...
also add tests for #5584
8 years ago
64fc8ffe3d
prevent (prompt for) auth for bitbucket public downloads
...
#5584
8 years ago
a4e3e1b584
prevent (prompt for) bitbucket auth when it redirected
...
#5584
8 years ago
997a062ebd
Support gitlab private-token (or personal-access-token) for easier access via gitlab API
...
Config example:
$HOME/.composer/auth.json
{
"gitlab-token": {
"gitlab.com": "YOUR-TOKEN-HERE"
}
}
Gitlab API authentication doc: http://doc.gitlab.com/ce/api/README.html
8 years ago
87fbf4a6cd
Clean ups, refs #5485
8 years ago
5a31c75289
Fix some of the remaining OAuth issues.
...
- Bitbucket will silently redirect to a login page when downloading a zip.
Added a check to see if the content-type is not text/html
- Make the path from Basic Authentication to OAuth as smooth as possible.
8 years ago
1241e3e83c
Simplify the if statement.
8 years ago
7716ef059b
Add the access token as query string parameter.
8 years ago
6c8b0cc2c1
Change authentication for bitbucket to oauth.
8 years ago
73d9a4717d
Update list of ciphers /cc @cs278
8 years ago
3ac822d5e2
Fix access_token param being incorrectly added on github requests after a redirection, fixes #5099
8 years ago
143db7a9f5
Fix degraded mode usage on packagist, fixes #5350
8 years ago
36665d791d
Merge branch '1.0'
8 years ago
c66639fe03
Fix content-length check to look at the last header received, fixes #5268
8 years ago
2062070be9
Warn users with secure-http disabled once per hostname they access insecurely to avoid bad URLs going by undetected, fixes #5008
8 years ago
31dcc0bdea
Merge branch '1.0'
8 years ago
1bf711fe1f
Guard against mbstring func_overload, fixes #5218
8 years ago
d716c73333
fail download on content-length mismatch
8 years ago
765a958c42
Merge pull request #5137 from dzuelke/rfs_conlen
...
Fail download on content-length mismatch
8 years ago
b1723644e0
Use extracted ca-bundle package
8 years ago
e2056499cb
Avoid open_basedir warnings on is_dir() calls when probing for CABundle
8 years ago
5dd4d69a6d
fail download on content-length mismatch
8 years ago
49524bc4ba
Centralize secure-http checking
8 years ago
37a1e12672
Mark failed downloads as failed instead of 100% complete, fixes #5111
8 years ago
4cc719cab3
Add support for SSL_CERT_DIR and openssl.capath, fixes #5017
8 years ago
e94066967c
Add debugging info about proxy usage, refs #4332
8 years ago
f794ee7870
Fixes for implicit variable declarations, return type mismatches and invalid method declarations.
8 years ago
cb59cf0c85
Allow exception to secure-http for packagist provider files and add docs, refs #4907
8 years ago
b6b416111e
Fixed http check
9 years ago
4f5b4aff9c
Undid CS changes
9 years ago
da44f46b9c
Code style fixes
9 years ago
ef60478926
Added secure-http flag, defaults to true
9 years ago
09a6a19257
Avoid decoding gzip responses after a redirect, fixes #4897
9 years ago
49d7d65933
Add verbosity input support to IOInterface
9 years ago
ae14e0f086
Add ssh2 protocol default ports, fixes #4835
9 years ago
1818b95149
CS fixes
9 years ago
5c944d45ac
Merge pull request #4827 from curry684/issue-4203
...
Added more graceful warning suppression utility
9 years ago
fff5074bbf
Fix additionalOptions getting dropped when SAN and redirect handling are combined, refs #4782
9 years ago
76c1645a0e
Merge remote-tracking branch 'upstream/master' into issue-4203
9 years ago
18cd4f966b
Added silencer utility to more gracefully handle error suppression without hiding errors or worse. Fixes #4203 , #4683
9 years ago
bdb97e7527
Reuse new TlsHelper for CA validation, refs #4798
9 years ago
1ea810d40b
Merge remote-tracking branch 'cs278/san-support'
9 years ago
78ffe0fd08
Avoid checking CA files several times
9 years ago
901e6f1d0e
Fix output and handling of RFS::copy() and extract redirect code into its own method, refs #4783
9 years ago
a574d5ef76
Merge remote-tracking branch 'cs278/follow-redirects'
9 years ago
b32aad8439
Do not set TLS options on local URLs
9 years ago
74aa73e841
The origin may not be the remote host
9 years ago
304c268c3b
Tidy up and general improvement of sAN handling code
...
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
9 years ago
7e2a015e9b
Provide support for subjectAltName on PHP < 5.6
9 years ago
d6be2a693b
switch to array-replace-recursive
9 years ago
2393222826
more appropriate name
9 years ago
474541e9aa
apply comments
...
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
to avoid permission errors as much as possible
9 years ago
33f823146b
Account for ports in URL
9 years ago
34f1fcbdcb
Drop downgrade warning
9 years ago
c232566e52
add a hash to make sure CA file gets recreated if the content changes
9 years ago
cef97904d0
dont rewrite temp CA file if it already exists
...
and make it readable by everyone the first time we create it
9 years ago
4482a1dca0
also wrong array
9 years ago
f79255df29
make sure passed options are merged into defaults before checking
9 years ago
94947ee772
merge isset() calls
9 years ago
b95b0c2ab6
wrong array
9 years ago
008cce8d85
add back sanity checks
9 years ago
c1488f65bf
a quick stab at adding capath
9 years ago
dd3216e93d
Refactor to use new helper methods for headers
9 years ago
8a8ec6fccc
Too many redirects is not an error in PHP, return the latest response
9 years ago
33471e389f
Pass redirect count using options
...
Removing the risk it might be preserved between requests.
9 years ago
e830a611ec
Handle other path redirects
9 years ago
ffab235edd
Remove code preventing protocol downgrades
9 years ago
ce1eda25f3
Follow redirects inside RFS only when required by PHP version
9 years ago
73662c725a
Don't let PHP follow redirects it doesn't validate certificates
9 years ago
546730dcf3
Show CA files being used in debug mode, refs #4792
9 years ago
a13b06725e
Add support for if-modified-since on lazy repos and turning packagist into a lazy provider repo
9 years ago
33c123e8c2
Fix passing of options to remotefilesystem in composer repo
9 years ago
22d8b5dff4
fix possible caBundle error
9 years ago
8375af268c
Use fixed CN_match for github hosts, fixes #4782
9 years ago
fb848d2e07
Code cleanups
9 years ago
72fae0bf70
Declare CN_match/SNI_server_name only for php <5.6
9 years ago
449f68deae
Remove dangerous CN_match fallback
9 years ago
fc4d94f160
Code clarity and updates from the getcomposer.org installer
9 years ago
5d015defb8
Merge remote-tracking branch 'origin/master' into tls-config
9 years ago
fbab2bfa17
Move user agent definition to StreamContextFactory so it is available in all contexts
9 years ago
f084b1e053
Remove duplicate handling of retry-auth-failure option, refs #3765
9 years ago
020c126c27
Fix CS
9 years ago
4255db9e31
Allows SSH urls for gitlab and detect the scheme
...
SSH urls uses HTTPS to request the API
9 years ago
Jordi Boggiano
Stefan Grootscholten
David Zuelke
Roel Arents
moyo
Niels Keurentjes
cinamo
Chris Smith
Rob Bast
Jérôme Tamarelle