From 4c9e567c39a4f8d9709b0867d0ba0abdbc753be0 Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Mon, 8 Nov 2021 10:52:22 +0100 Subject: [PATCH] Provide different URL options to encourage users to create low-privilege GitHub tokens (#10256) --- src/Composer/Util/GitHub.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/Composer/Util/GitHub.php b/src/Composer/Util/GitHub.php index 208b73c99..190b50fe1 100644 --- a/src/Composer/Util/GitHub.php +++ b/src/Composer/Util/GitHub.php @@ -90,9 +90,15 @@ class GitHub } $note .= ' ' . date('Y-m-d Hi'); + $url = 'https://'.$originUrl.'/settings/tokens/new?scopes=&description=' . str_replace('%20', '+', rawurlencode($note)); + $this->io->writeError(sprintf('When working with _public_ GitHub repositories only, head to %s to retrieve a token.', $url)); + $this->io->writeError('This token will have read-only permission for public information only.'); + $url = 'https://'.$originUrl.'/settings/tokens/new?scopes=repo&description=' . str_replace('%20', '+', rawurlencode($note)); - $this->io->writeError(sprintf('Head to %s', $url)); - $this->io->writeError(sprintf('to retrieve a token. It will be stored in "%s" for future use by Composer.', $this->config->getAuthConfigSource()->getName())); + $this->io->writeError(sprintf('When you need to access _private_ GitHub repositories as well, go to %s', $url)); + $this->io->writeError('Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.'); + $this->io->writeError(sprintf('Tokens will be stored in plain text in "%s" for future use by Composer.', $this->config->getAuthConfigSource()->getName())); + $this->io->writeError('For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth'); $token = trim($this->io->askAndHideAnswer('Token (hidden): '));