From 93d4c8e5315625983329380d049360622e3f57a9 Mon Sep 17 00:00:00 2001 From: Dane Powell Date: Sat, 8 Jan 2022 03:03:54 -0800 Subject: [PATCH 1/4] Fix #10366: Improve messaging when GitHub tokens need SSO authorization (#10432) --- src/Composer/Util/AuthHelper.php | 17 +++++++++++++ src/Composer/Util/GitHub.php | 42 ++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/src/Composer/Util/AuthHelper.php b/src/Composer/Util/AuthHelper.php index daac49439..f49373397 100644 --- a/src/Composer/Util/AuthHelper.php +++ b/src/Composer/Util/AuthHelper.php @@ -92,6 +92,23 @@ class AuthHelper $message = "\n"; $rateLimited = $gitHubUtil->isRateLimited($headers); + $requiresSso = $gitHubUtil->requiresSso($headers); + + if ($requiresSso) { + $ssoUrl = $gitHubUtil->getSsoUrl($headers); + $message = sprintf( + 'GitHub API token requires SSO authorization. Authorize this token at ' . $ssoUrl, + $ssoUrl + ) . "\n"; + $this->io->writeError($message); + if (!$this->io->isInteractive()) { + throw new TransportException('Could not authenticate against ' . $origin, 403); + } + $this->io->ask('After authorizing your token, confirm that you would like to retry the request'); + + return array('retry' => true, 'storeAuth' => $storeAuth); + } + if ($rateLimited) { $rateLimit = $gitHubUtil->getRateLimit($headers); if ($this->io->hasAuthentication($origin)) { diff --git a/src/Composer/Util/GitHub.php b/src/Composer/Util/GitHub.php index 1c5b9a2aa..2dd53e350 100644 --- a/src/Composer/Util/GitHub.php +++ b/src/Composer/Util/GitHub.php @@ -171,6 +171,28 @@ class GitHub return $rateLimit; } + /** + * Extract SSO URL from response. + * + * @param string[] $headers Headers from Composer\Downloader\TransportException. + * + * @return string|null + */ + public function getSsoUrl(array $headers) + { + foreach ($headers as $header) { + $header = trim($header); + if (false === stripos($header, 'x-github-sso: required')) { + continue; + } + if (Preg::isMatch('{\burl=(?P[^\s;]+)}', $header, $match)) { + return $match['url']; + } + } + + return null; + } + /** * Finds whether a request failed due to rate limiting * @@ -188,4 +210,24 @@ class GitHub return false; } + + /** + * Finds whether a request failed due to lacking SSO authorization + * + * @see https://docs.github.com/en/rest/overview/other-authentication-methods#authenticating-for-saml-sso + * + * @param string[] $headers Headers from Composer\Downloader\TransportException. + * + * @return bool + */ + public function requiresSso(array $headers) + { + foreach ($headers as $header) { + if (Preg::isMatch('{^X-GitHub-SSO: required}i', trim($header))) { + return true; + } + } + + return false; + } } From d4688157e164762d19f178f14b263af7ac04ca08 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sat, 8 Jan 2022 12:30:30 +0100 Subject: [PATCH 2/4] Update changelog --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b526cfa5..e5c61cc77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +### [2.2.4] 2022-01-08 + + * Fixed handling of process timeout when running async processes during installation + * Fixed GitLab API handling when projects have a repository disabled (#10440) + * Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#10434) + * Fixed partial update issues with path repos missing if a path repo is required by a path repo (#10431) + * Fixed support for sourcing binaries via the new bin proxies ([#10389](https://github.com/composer/composer/issues/10389#issuecomment-1007372740)) + * Fixed messaging when GitHub tokens need SSO authorization (#10432) + ### [2.2.3] 2021-12-31 * Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387) @@ -1358,6 +1367,7 @@ * Initial release +[2.2.4]: https://github.com/composer/composer/compare/2.2.3...2.2.4 [2.2.3]: https://github.com/composer/composer/compare/2.2.2...2.2.3 [2.2.2]: https://github.com/composer/composer/compare/2.2.1...2.2.2 [2.2.1]: https://github.com/composer/composer/compare/2.2.0...2.2.1 From 8a5ad75194f901e3b39ece4bbd22cbdabc79ae8f Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sat, 8 Jan 2022 12:30:42 +0100 Subject: [PATCH 3/4] Release 2.2.4 --- src/Composer/Composer.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Composer/Composer.php b/src/Composer/Composer.php index 624e02507..d867aba32 100644 --- a/src/Composer/Composer.php +++ b/src/Composer/Composer.php @@ -52,10 +52,10 @@ class Composer * const RELEASE_DATE = '@release_date@'; * const SOURCE_VERSION = '1.8-dev+source'; */ - const VERSION = '@package_version@'; - const BRANCH_ALIAS_VERSION = '@package_branch_alias_version@'; - const RELEASE_DATE = '@release_date@'; - const SOURCE_VERSION = '2.2.999-dev+source'; + const VERSION = '2.2.4'; + const BRANCH_ALIAS_VERSION = ''; + const RELEASE_DATE = '2022-01-08 12:30:42'; + const SOURCE_VERSION = ''; /** * Version number of the internal composer-runtime-api package From d76485af741a9b2b9887b271aab171c01f265c2a Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sat, 8 Jan 2022 12:30:43 +0100 Subject: [PATCH 4/4] Reverting release version changes --- src/Composer/Composer.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Composer/Composer.php b/src/Composer/Composer.php index d867aba32..624e02507 100644 --- a/src/Composer/Composer.php +++ b/src/Composer/Composer.php @@ -52,10 +52,10 @@ class Composer * const RELEASE_DATE = '@release_date@'; * const SOURCE_VERSION = '1.8-dev+source'; */ - const VERSION = '2.2.4'; - const BRANCH_ALIAS_VERSION = ''; - const RELEASE_DATE = '2022-01-08 12:30:42'; - const SOURCE_VERSION = ''; + const VERSION = '@package_version@'; + const BRANCH_ALIAS_VERSION = '@package_branch_alias_version@'; + const RELEASE_DATE = '@release_date@'; + const SOURCE_VERSION = '2.2.999-dev+source'; /** * Version number of the internal composer-runtime-api package