public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Provide different URL options to encourage users to create low-privilege GitHub tokens (#10256)

pull/10262/head
Matthias Pigulla 2021-11-08 10:52:22 +01:00 committed by GitHub
parent 9f433aba76
commit 4c9e567c39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Composer/Util/GitHub.php
View File

@ -90,9 +90,15 @@ class GitHub
}
$note .= ' ' . date('Y-m-d Hi');
$url = 'https://'.$originUrl.'/settings/tokens/new?scopes=&description=' . str_replace('%20', '+', rawurlencode($note));
$this->io->writeError(sprintf('When working with _public_ GitHub repositories only, head to %s to retrieve a token.', $url));
$this->io->writeError('This token will have read-only permission for public information only.');
$url = 'https://'.$originUrl.'/settings/tokens/new?scopes=repo&description=' . str_replace('%20', '+', rawurlencode($note));
$this->io->writeError(sprintf('Head to %s', $url));
$this->io->writeError(sprintf('to retrieve a token. It will be stored in "%s" for future use by Composer.', $this->config->getAuthConfigSource()->getName()));
$this->io->writeError(sprintf('When you need to access _private_ GitHub repositories as well, go to %s', $url));
$this->io->writeError('Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.');
$this->io->writeError(sprintf('Tokens will be stored in plain text in "%s" for future use by Composer.', $this->config->getAuthConfigSource()->getName()));
$this->io->writeError('For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth');
$token = trim($this->io->askAndHideAnswer('Token (hidden): '));