revert to simply making an exception (no acces_token) for bitbucket/user/repo/downloads URLs

[#5584]
2016-09-29 21:16:47 +02:00 · 2016-09-29 21:16:47 +02:00 · 489a8f3d5a
parent d338a95174
commit 489a8f3d5a
1 changed files with 25 additions and 5 deletions
--- a/src/Composer/Util/RemoteFilesystem.php
+++ b/src/Composer/Util/RemoteFilesystem.php
@ -44,7 +44,6 @@ class RemoteFilesystem
    private $degradedMode = false;
    private $redirects;
    private $maxRedirects = 20;
-    private $bitBucketUrlsTriedWithoutAuth = array();

    /**
     * Constructor.
@ -176,6 +175,27 @@ class RemoteFilesystem
        return $value;
    }

+    /**
+     * @link https://github.com/composer/composer/issues/5584
+     *
+     * @param string $urlToBitBucketFile URL to a file at bitbucket.org.
+     *
+     * @return bool Whether the given URL is a public BitBucket download which requires no authentication.
+     */
+    public static function urlIsPublicBitBucketDownload($urlToBitBucketFile)
+    {
+        $path = parse_url($urlToBitBucketFile, PHP_URL_PATH);
+
+        // Path for a public download follows this pattern /{user}/{repo}/downloads/{whatever}
+        // {@link https://blog.bitbucket.org/2009/04/12/new-feature-downloads/}
+        $pathParts = explode('/', $path);
+        if (count($pathParts) >= 4 && $pathParts[2] != 'downloads') {
+            return true;
+        }
+
+        return false;
+    }
+
    /**
     * Get file content or copy action.
     *
@ -248,10 +268,8 @@ class RemoteFilesystem

        if (isset($options['bitbucket-token'])) {
            // First time be optimistic and do not use the token for a BitBucket download.
-            if (isset($this->bitBucketUrlsTriedWithoutAuth[$origFileUrl])) {
+            if (!static::urlIsPublicBitBucketDownload($origFileUrl)) {
                $fileUrl .= (false === strpos($fileUrl,'?') ? '?' : '&') . 'access_token=' . $options['bitbucket-token'];
-            } else {
-                $this->bitBucketUrlsTriedWithoutAuth[$origFileUrl] = true;
            }
            unset($options['bitbucket-token']);
        }
@ -348,7 +366,9 @@ class RemoteFilesystem

        // check for bitbucket login page asking to authenticate
        if ($originUrl === 'bitbucket.org'
-            && substr($fileUrl, 0, 37) === 'https://bitbucket.org/account/signin/'
+            && !static::urlIsPublicBitBucketDownload($fileUrl)
+            && substr($fileUrl, -4) === '.zip'
+            && preg_match('{^text/html\b}i', $contentType)
        ) {
            $result = false;
            if ($this->retryAuthFailure) {