1
0
Fork 0

Adding some HTTPS check to diagnose command (stash)

pull/2745/head
Pádraic Brady 2014-02-23 21:32:17 +00:00
parent 2a552df315
commit 0a8180674e
5 changed files with 70 additions and 27 deletions

View File

@ -6,10 +6,12 @@ php:
- 5.4
- 5.5
- hhvm
- 5.6
matrix:
allow_failures:
- php: hhvm
- php: 5.6
before_script:
- sudo apt-get install parallel

View File

@ -14,6 +14,7 @@ namespace Composer\Command;
use Composer\Composer;
use Composer\Factory;
use Composer\Config;
use Composer\Downloader\TransportException;
use Composer\Plugin\CommandEvent;
use Composer\Plugin\PluginEvents;
@ -48,6 +49,7 @@ EOT
protected function execute(InputInterface $input, OutputInterface $output)
{
$this->rfs = new RemoteFilesystem($this->getIO());
$this->process = new ProcessExecutor($this->getIO());
@ -57,19 +59,6 @@ EOT
$output->write('Checking git settings: ');
$this->outputResult($output, $this->checkGit());
$output->write('Checking http connectivity: ');
$this->outputResult($output, $this->checkHttp());
$opts = stream_context_get_options(StreamContextFactory::getContext('http://example.org'));
if (!empty($opts['http']['proxy'])) {
$output->write('Checking HTTP proxy: ');
$this->outputResult($output, $this->checkHttpProxy());
$output->write('Checking HTTP proxy support for request_fulluri: ');
$this->outputResult($output, $this->checkHttpProxyFullUriRequestParam());
$output->write('Checking HTTPS proxy support for request_fulluri: ');
$this->outputResult($output, $this->checkHttpsProxyFullUriRequestParam());
}
$composer = $this->getComposer(false);
if ($composer) {
$commandEvent = new CommandEvent(PluginEvents::COMMAND, 'diagnose', $input, $output);
@ -85,6 +74,19 @@ EOT
$config = Factory::createConfig();
}
$output->write('Checking http connectivity: ');
$this->outputResult($output, $this->checkHttp($config));
$opts = stream_context_get_options(StreamContextFactory::getContext('http://example.org'));
if (!empty($opts['http']['proxy'])) {
$output->write('Checking HTTP proxy: ');
$this->outputResult($output, $this->checkHttpProxy());
$output->write('Checking HTTP proxy support for request_fulluri: ');
$this->outputResult($output, $this->checkHttpProxyFullUriRequestParam());
$output->write('Checking HTTPS proxy support for request_fulluri: ');
$this->outputResult($output, $this->checkHttpsProxyFullUriRequestParam());
}
if ($oauth = $config->get('github-oauth')) {
foreach ($oauth as $domain => $token) {
$output->write('Checking '.$domain.' oauth access: ');
@ -135,13 +137,45 @@ EOT
return true;
}
private function checkHttp()
private function checkHttp(Config $config)
{
$protocol = extension_loaded('openssl') ? 'https' : 'http';
$disableTls = false;
$result = array();
if($config->get('disable-tls') === true) {
$protocol = 'http';
$disableTls = true;
$result[] = '<warning>Composer is configured to disable SSL/TLS protection. This will leave remote HTTPS requests vulnerable to Man-In-The-Middle attacks.</warning>';
} else {
$protocol = 'https';
}
if (!extension_loaded('openssl') && !$disableTls) {
$result[] = '<error>Composer is configured to use SSL/TLS protection but the openssl extension is not available.</error>';
}
$remoteFilesystemOptions = array();
if (!is_null($config->get('cafile'))) {
$remoteFilesystemOptions = array('ssl'=>array('cafile'=>$config->get('cafile')));
}
try {
$json = $this->rfs->getContents('packagist.org', $protocol . '://packagist.org/packages.json', false);
$remoteFilesystem = new RemoteFilesystem($this->getIO(), $remoteFilesystemOptions, $disableTls);
} catch (TransportException $e) {
if (preg_match('|cafile|', $e->getMessage())) {
$result[] = '<error>[' . get_class($e) . '] ' . $e->getMessage() . '</error>';
$result[] = '<error>Unable to locate a valid CA certificate file. You must set a valid \'cafile\' option.</error>';
$result[] = '<error>You can alternatively disable this error, at your own risk, by enabling the \'disable-tls\' option.</error>';
} else {
throw $e;
}
}
try {
$json = $remoteFilesystem->getContents('packagist.org', $protocol . '://packagist.org/packages.json', false, array(), $disableTls);
} catch (\Exception $e) {
return $e;
array_unshift($result, '[' . get_class($e) . '] ' . $e->getMessage());
}
if (count($result) > 0) {
return $result;
}
return true;
@ -271,10 +305,16 @@ EOT
if ($result instanceof \Exception) {
$output->writeln('['.get_class($result).'] '.$result->getMessage());
} elseif ($result) {
if (is_array($result)) {
foreach ($result as $message) {
$output->writeln($message);
}
} else {
$output->writeln($result);
}
}
}
}
private function checkPlatform()
{

View File

@ -63,7 +63,7 @@ EOT
$disableTls = false;
if($config->get('disable-tls') === true || $input->getOption('disable-tls')) {
$output->writeln('<comment>You are running Composer with SSL/TLS protection disabled.</comment>');
$output->writeln('<warning>You are running Composer with SSL/TLS protection disabled.</warning>');
$baseUrl = 'http://' . self::HOMEPAGE;
$disableTls = true;
} elseif (!extension_loaded('openssl')) {
@ -74,13 +74,14 @@ EOT
$baseUrl = 'https://' . self::HOMEPAGE;
}
try {
$remoteFilesystemOptions = array();
if (!is_null($config->get('cafile'))) {
$remoteFilesystemOptions = array('ssl'=>array('cafile'=>$config->get('cafile')));
}
if (!is_null($input->get('cafile'))) {
$remoteFilesystemOptions = array('ssl'=>array('cafile'=>$input->get('cafile')));
}
try {
$remoteFilesystem = new RemoteFilesystem($this->getIO(), $remoteFilesystemOptions, $disableTls);
} catch (TransportException $e) {
if (preg_match('|cafile|', $e->getMessage())) {

View File

@ -163,7 +163,7 @@ class Factory
if (!isset($repo['type'])) {
throw new \UnexpectedValueException('Repository '.$index.' ('.json_encode($repo).') must have a type defined');
}
$name = is_int($index) && isset($repo['url']) ? preg_replace('{^https?://}i', '', $repo['url']) : $index;
$name = is_int($index) && isset($repo['url']) ? preg_replace('{^https?://}i', '', $repo['url']) : $index; //CHECK: Why is scheme stripped?
while (isset($repos[$name])) {
$name .= '2';
}

View File

@ -72,7 +72,7 @@ class RemoteFilesystem
*
* @return bool true
*/
public function copy($originUrl, $fileUrl, $fileName, $progress = true, $options = array(), $disableTls = false)
public function copy($originUrl, $fileUrl, $fileName, $progress = true, $options = array(), $disableTls = false) //REFACTOR: to constructor for TLS opt
{
return $this->get($originUrl, $fileUrl, $options, $fileName, $progress, $disableTls);
}