Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
* RemoteFilesystemTest: simplifying some mock expectations calls
- will($this->returnValue()) to willReturn()
- will($this->returnCallBack()) to willReturnCallback()
* RemoteFilesystemTest: extracting identical mocks for IOInterface into a separate getIOInterfaceMock() method
* RemoteFilesystemTest: converting protected helper methods to private.
* RemoteFilesystemTest: moving getConfigMock() private method after the public methods (with other private methods)
* adding RemoteFileSystemTest::testCopyWithRetryAuthFailureFalse() unit test.
* Allow optional injecting of AuthHelper into RemoteFilesystem constructor.
* adding RemoteFileSystemTest::testCopyWithSuccessOnRetry() unit test.
* using backward compatible @expectedException in RemoteFilesystemTest.php
* RemoteFilesystemTest: extracting RemoteFilesystem with mocked method creation into a separate method.
* RemoteFilesystemTest: extracting AuthHelper with mocked method creation into a separate method.
PackageSorter weighs the importance of a package
by counting how many times it is required by other packages.
This works by calculating the weight for each package name.
However currently the package index of the package array
is currently passed the weigh function, which basically
disables package sorting.
The reason for that is, that a package repository previously
returned the package list as associative array with package name as keys,
but currently just as an array with integer keys.
Therefore we must extract the package name from the package
before passing it to the weigh function.
This includes two breaking changes:
- the hostname is not resolved in the case of an IP address.
- a hostname with a trailing period (FQDN) is not matched.
This brings the basic implementation in line with curl behaviour, with
the addition of full IP address and range matching (curl does not
differentiate between IP addresses host names).
The NO_PROXY environment variable can be set to either a comma-separated
list of host names that should not use a proxy, or single asterisk `*`
to match all hosts.
- Port numbers can be included by prefixing the port with a colon `:`.
- IP addresses can be used, but must be enclosed in square brackets
`[...]` if they include a port number.
- IP address ranges can specified in CIDR notation, separating the IP
address and prefix-length with a forward slash `/`.
Commit: 149250ab92
ProcessExecutor::escape handled a false value inconsistently across
platforms, returning an emtpy string on Windows, otherwise `''`. This
is fixed to return `""` on Windows.
The GitDownloaderTest code has been appropriately updated.
This only removes the credentials if they are managed by composer auth.json or equivalent, if the credentials were present in the package URL to begin with they might remain
Refs #8293Fixes#3644Closes#3608
https://www.php.net/strpos has the signature
`strpos ( string $haystack , mixed $needle [, int $offset = 0 ] ) : int`
(The needle is usually the constant)
`strpos('/', $suggestion)` would only be `false` for `''` and `'/'`
So the existing check would just not suggest **anything** that was
already installed (from pecl, built-in, or composer).
The intent seems to be to not suggest non-vendored php packages
that were already installed. (b20cc22ebb)