public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

GitLab: prevent invalid loop during composer install with invalid credentials

pull/10748/head
Stephan Vock 2022-04-21 09:37:55 +01:00
parent 20d11bfdfb
commit 3b4a3d63bf
No known key found for this signature in database
GPG Key ID: 257FEE7D686036D6
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Composer/Util/AuthHelper.php
View File

@ -137,6 +137,7 @@ class AuthHelper
$message = "\n".'Could not fetch '.$url.', enter your ' . $origin . ' credentials ' .($statusCode === 401 ? 'to access private repos' : 'to go over the API rate limit'); $message = "\n".'Could not fetch '.$url.', enter your ' . $origin . ' credentials ' .($statusCode === 401 ? 'to access private repos' : 'to go over the API rate limit');
$gitLabUtil = new GitLab($this->io, $this->config, null); $gitLabUtil = new GitLab($this->io, $this->config, null);
$auth = null;
if ($this->io->hasAuthentication($origin)) { if ($this->io->hasAuthentication($origin)) {
$auth = $this->io->getAuthentication($origin); $auth = $this->io->getAuthentication($origin);
if (in_array($auth['password'], array('gitlab-ci-token', 'private-token', 'oauth2'), true)) { if (in_array($auth['password'], array('gitlab-ci-token', 'private-token', 'oauth2'), true)) {
@ -149,6 +150,12 @@ class AuthHelper
) { ) {
throw new TransportException('Could not authenticate against '.$origin, 401); throw new TransportException('Could not authenticate against '.$origin, 401);
} }
if ($auth !== null && $this->io->hasAuthentication($origin)) {
if ($auth === $this->io->getAuthentication($origin)) {
throw new TransportException("Invalid credentials for '" . $url . "', aborting.", $statusCode);
}
}
} elseif ($origin === 'bitbucket.org' || $origin === 'api.bitbucket.org') { } elseif ($origin === 'bitbucket.org' || $origin === 'api.bitbucket.org') {
$askForOAuthToken = true; $askForOAuthToken = true;
$origin = 'bitbucket.org'; $origin = 'bitbucket.org';

36
tests/Composer/Test/Util/AuthHelperTest.php
View File

@ -12,6 +12,7 @@
namespace Composer\Test\Util; namespace Composer\Test\Util;
use Composer\Downloader\TransportException;
use Composer\IO\IOInterface; use Composer\IO\IOInterface;
use Composer\Test\TestCase; use Composer\Test\TestCase;
use Composer\Util\AuthHelper; use Composer\Util\AuthHelper;
@ -513,6 +514,41 @@ class AuthHelperTest extends TestCase
$this->authHelper->storeAuth($origin, $storeAuth); $this->authHelper->storeAuth($origin, $storeAuth);
} }
public function testPromptAuthIfNeededGitLabNoAuthChange()
{
$this->setExpectedException('Composer\Downloader\TransportException');
$origin = 'gitlab.com';
$this->io
->method('hasAuthentication')
->with($origin)
->willReturn(true);
$this->io
->method('getAuthentication')
->with($origin)
->willReturn(array(
'username' => 'gitlab-user',
'password' => 'gitlab-password',
));
$this->io
->expects($this->once())
->method('setAuthentication')
->with('gitlab.com', 'gitlab-user', 'gitlab-password');
$this->config
->method('get')
->willReturnMap(array(
array('github-domains', 0, array()),
array('gitlab-domains', 0, array('gitlab.com')),
array('gitlab-token', 0, array('gitlab.com' => array('username' => 'gitlab-user', 'token' => 'gitlab-password'))),
));
$this->authHelper->promptAuthIfNeeded('https://gitlab.com/acme/archive.zip', $origin, 404, 'GitLab requires authentication and it was not provided');
}
/** /**
* @param string $origin * @param string $origin
* @param array<string, string|null> $auth * @param array<string, string|null> $auth