Adding some HTTPS check to diagnose command (stash)
parent
2a552df315
commit
0a8180674e
|
@ -6,10 +6,12 @@ php:
|
|||
- 5.4
|
||||
- 5.5
|
||||
- hhvm
|
||||
- 5.6
|
||||
|
||||
matrix:
|
||||
allow_failures:
|
||||
- php: hhvm
|
||||
- php: 5.6
|
||||
|
||||
before_script:
|
||||
- sudo apt-get install parallel
|
||||
|
|
|
@ -14,6 +14,7 @@ namespace Composer\Command;
|
|||
|
||||
use Composer\Composer;
|
||||
use Composer\Factory;
|
||||
use Composer\Config;
|
||||
use Composer\Downloader\TransportException;
|
||||
use Composer\Plugin\CommandEvent;
|
||||
use Composer\Plugin\PluginEvents;
|
||||
|
@ -48,6 +49,7 @@ EOT
|
|||
|
||||
protected function execute(InputInterface $input, OutputInterface $output)
|
||||
{
|
||||
|
||||
$this->rfs = new RemoteFilesystem($this->getIO());
|
||||
$this->process = new ProcessExecutor($this->getIO());
|
||||
|
||||
|
@ -57,19 +59,6 @@ EOT
|
|||
$output->write('Checking git settings: ');
|
||||
$this->outputResult($output, $this->checkGit());
|
||||
|
||||
$output->write('Checking http connectivity: ');
|
||||
$this->outputResult($output, $this->checkHttp());
|
||||
|
||||
$opts = stream_context_get_options(StreamContextFactory::getContext('http://example.org'));
|
||||
if (!empty($opts['http']['proxy'])) {
|
||||
$output->write('Checking HTTP proxy: ');
|
||||
$this->outputResult($output, $this->checkHttpProxy());
|
||||
$output->write('Checking HTTP proxy support for request_fulluri: ');
|
||||
$this->outputResult($output, $this->checkHttpProxyFullUriRequestParam());
|
||||
$output->write('Checking HTTPS proxy support for request_fulluri: ');
|
||||
$this->outputResult($output, $this->checkHttpsProxyFullUriRequestParam());
|
||||
}
|
||||
|
||||
$composer = $this->getComposer(false);
|
||||
if ($composer) {
|
||||
$commandEvent = new CommandEvent(PluginEvents::COMMAND, 'diagnose', $input, $output);
|
||||
|
@ -85,6 +74,19 @@ EOT
|
|||
$config = Factory::createConfig();
|
||||
}
|
||||
|
||||
$output->write('Checking http connectivity: ');
|
||||
$this->outputResult($output, $this->checkHttp($config));
|
||||
|
||||
$opts = stream_context_get_options(StreamContextFactory::getContext('http://example.org'));
|
||||
if (!empty($opts['http']['proxy'])) {
|
||||
$output->write('Checking HTTP proxy: ');
|
||||
$this->outputResult($output, $this->checkHttpProxy());
|
||||
$output->write('Checking HTTP proxy support for request_fulluri: ');
|
||||
$this->outputResult($output, $this->checkHttpProxyFullUriRequestParam());
|
||||
$output->write('Checking HTTPS proxy support for request_fulluri: ');
|
||||
$this->outputResult($output, $this->checkHttpsProxyFullUriRequestParam());
|
||||
}
|
||||
|
||||
if ($oauth = $config->get('github-oauth')) {
|
||||
foreach ($oauth as $domain => $token) {
|
||||
$output->write('Checking '.$domain.' oauth access: ');
|
||||
|
@ -135,13 +137,45 @@ EOT
|
|||
return true;
|
||||
}
|
||||
|
||||
private function checkHttp()
|
||||
private function checkHttp(Config $config)
|
||||
{
|
||||
$protocol = extension_loaded('openssl') ? 'https' : 'http';
|
||||
$disableTls = false;
|
||||
$result = array();
|
||||
if($config->get('disable-tls') === true) {
|
||||
$protocol = 'http';
|
||||
$disableTls = true;
|
||||
$result[] = '<warning>Composer is configured to disable SSL/TLS protection. This will leave remote HTTPS requests vulnerable to Man-In-The-Middle attacks.</warning>';
|
||||
} else {
|
||||
$protocol = 'https';
|
||||
}
|
||||
if (!extension_loaded('openssl') && !$disableTls) {
|
||||
$result[] = '<error>Composer is configured to use SSL/TLS protection but the openssl extension is not available.</error>';
|
||||
}
|
||||
|
||||
$remoteFilesystemOptions = array();
|
||||
if (!is_null($config->get('cafile'))) {
|
||||
$remoteFilesystemOptions = array('ssl'=>array('cafile'=>$config->get('cafile')));
|
||||
}
|
||||
try {
|
||||
$json = $this->rfs->getContents('packagist.org', $protocol . '://packagist.org/packages.json', false);
|
||||
$remoteFilesystem = new RemoteFilesystem($this->getIO(), $remoteFilesystemOptions, $disableTls);
|
||||
} catch (TransportException $e) {
|
||||
if (preg_match('|cafile|', $e->getMessage())) {
|
||||
$result[] = '<error>[' . get_class($e) . '] ' . $e->getMessage() . '</error>';
|
||||
$result[] = '<error>Unable to locate a valid CA certificate file. You must set a valid \'cafile\' option.</error>';
|
||||
$result[] = '<error>You can alternatively disable this error, at your own risk, by enabling the \'disable-tls\' option.</error>';
|
||||
} else {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$json = $remoteFilesystem->getContents('packagist.org', $protocol . '://packagist.org/packages.json', false, array(), $disableTls);
|
||||
} catch (\Exception $e) {
|
||||
return $e;
|
||||
array_unshift($result, '[' . get_class($e) . '] ' . $e->getMessage());
|
||||
}
|
||||
|
||||
if (count($result) > 0) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
return true;
|
||||
|
@ -271,10 +305,16 @@ EOT
|
|||
if ($result instanceof \Exception) {
|
||||
$output->writeln('['.get_class($result).'] '.$result->getMessage());
|
||||
} elseif ($result) {
|
||||
if (is_array($result)) {
|
||||
foreach ($result as $message) {
|
||||
$output->writeln($message);
|
||||
}
|
||||
} else {
|
||||
$output->writeln($result);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private function checkPlatform()
|
||||
{
|
||||
|
|
|
@ -63,7 +63,7 @@ EOT
|
|||
|
||||
$disableTls = false;
|
||||
if($config->get('disable-tls') === true || $input->getOption('disable-tls')) {
|
||||
$output->writeln('<comment>You are running Composer with SSL/TLS protection disabled.</comment>');
|
||||
$output->writeln('<warning>You are running Composer with SSL/TLS protection disabled.</warning>');
|
||||
$baseUrl = 'http://' . self::HOMEPAGE;
|
||||
$disableTls = true;
|
||||
} elseif (!extension_loaded('openssl')) {
|
||||
|
@ -74,13 +74,14 @@ EOT
|
|||
$baseUrl = 'https://' . self::HOMEPAGE;
|
||||
}
|
||||
|
||||
try {
|
||||
$remoteFilesystemOptions = array();
|
||||
if (!is_null($config->get('cafile'))) {
|
||||
$remoteFilesystemOptions = array('ssl'=>array('cafile'=>$config->get('cafile')));
|
||||
}
|
||||
if (!is_null($input->get('cafile'))) {
|
||||
$remoteFilesystemOptions = array('ssl'=>array('cafile'=>$input->get('cafile')));
|
||||
}
|
||||
try {
|
||||
$remoteFilesystem = new RemoteFilesystem($this->getIO(), $remoteFilesystemOptions, $disableTls);
|
||||
} catch (TransportException $e) {
|
||||
if (preg_match('|cafile|', $e->getMessage())) {
|
||||
|
|
|
@ -163,7 +163,7 @@ class Factory
|
|||
if (!isset($repo['type'])) {
|
||||
throw new \UnexpectedValueException('Repository '.$index.' ('.json_encode($repo).') must have a type defined');
|
||||
}
|
||||
$name = is_int($index) && isset($repo['url']) ? preg_replace('{^https?://}i', '', $repo['url']) : $index;
|
||||
$name = is_int($index) && isset($repo['url']) ? preg_replace('{^https?://}i', '', $repo['url']) : $index; //CHECK: Why is scheme stripped?
|
||||
while (isset($repos[$name])) {
|
||||
$name .= '2';
|
||||
}
|
||||
|
|
|
@ -72,7 +72,7 @@ class RemoteFilesystem
|
|||
*
|
||||
* @return bool true
|
||||
*/
|
||||
public function copy($originUrl, $fileUrl, $fileName, $progress = true, $options = array(), $disableTls = false)
|
||||
public function copy($originUrl, $fileUrl, $fileName, $progress = true, $options = array(), $disableTls = false) //REFACTOR: to constructor for TLS opt
|
||||
{
|
||||
return $this->get($originUrl, $fileUrl, $options, $fileName, $progress, $disableTls);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue