From 489a8f3d5a110821c226762289d382af77d93bcf Mon Sep 17 00:00:00 2001
From: Roel Arents <roel.arents@berlinger.com>
Date: Thu, 29 Sep 2016 21:16:47 +0200
Subject: [PATCH] revert to simply making an exception (no acces_token) for
 bitbucket/user/repo/downloads URLs

[#5584]
---
 src/Composer/Util/RemoteFilesystem.php | 30 +++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/Composer/Util/RemoteFilesystem.php b/src/Composer/Util/RemoteFilesystem.php
index ce2437669..3888dbc25 100644
--- a/src/Composer/Util/RemoteFilesystem.php
+++ b/src/Composer/Util/RemoteFilesystem.php
@@ -44,7 +44,6 @@ class RemoteFilesystem
     private $degradedMode = false;
     private $redirects;
     private $maxRedirects = 20;
-    private $bitBucketUrlsTriedWithoutAuth = array();
 
     /**
      * Constructor.
@@ -176,6 +175,27 @@ class RemoteFilesystem
         return $value;
     }
 
+    /**
+     * @link https://github.com/composer/composer/issues/5584
+     *
+     * @param string $urlToBitBucketFile URL to a file at bitbucket.org.
+     *
+     * @return bool Whether the given URL is a public BitBucket download which requires no authentication.
+     */
+    public static function urlIsPublicBitBucketDownload($urlToBitBucketFile)
+    {
+        $path = parse_url($urlToBitBucketFile, PHP_URL_PATH);
+
+        // Path for a public download follows this pattern /{user}/{repo}/downloads/{whatever}
+        // {@link https://blog.bitbucket.org/2009/04/12/new-feature-downloads/}
+        $pathParts = explode('/', $path);
+        if (count($pathParts) >= 4 && $pathParts[2] != 'downloads') {
+            return true;
+        }
+
+        return false;
+    }
+
     /**
      * Get file content or copy action.
      *
@@ -248,10 +268,8 @@ class RemoteFilesystem
 
         if (isset($options['bitbucket-token'])) {
             // First time be optimistic and do not use the token for a BitBucket download.
-            if (isset($this->bitBucketUrlsTriedWithoutAuth[$origFileUrl])) {
+            if (!static::urlIsPublicBitBucketDownload($origFileUrl)) {
                 $fileUrl .= (false === strpos($fileUrl,'?') ? '?' : '&') . 'access_token=' . $options['bitbucket-token'];
-            } else {
-                $this->bitBucketUrlsTriedWithoutAuth[$origFileUrl] = true;
             }
             unset($options['bitbucket-token']);
         }
@@ -348,7 +366,9 @@ class RemoteFilesystem
 
         // check for bitbucket login page asking to authenticate
         if ($originUrl === 'bitbucket.org'
-            && substr($fileUrl, 0, 37) === 'https://bitbucket.org/account/signin/'
+            && !static::urlIsPublicBitBucketDownload($fileUrl)
+            && substr($fileUrl, -4) === '.zip'
+            && preg_match('{^text/html\b}i', $contentType)
         ) {
             $result = false;
             if ($this->retryAuthFailure) {