From 8f455d7c0c4be1dddc111e1277bff9b3a4d49a0b Mon Sep 17 00:00:00 2001
From: Joe <cuchac@email.cz>
Date: Wed, 18 Sep 2024 11:00:09 +0200
Subject: [PATCH] Add allow-missing-requirements config setting to ignore
 missing requirements (#11966)

* Add allow-missing-requirements configuration to ignore error during install if there are any missing requirements

* Add test for allow-missing-requirements config

---------

Co-authored-by: Joe <joe@wpj.cz>
---
 doc/06-config.md                              |  6 +++
 res/composer-schema.json                      |  4 ++
 src/Composer/Config.php                       |  1 +
 src/Composer/Installer.php                    |  4 +-
 ...tall-from-incomplete-lock-with-ignore.test | 47 +++++++++++++++++++
 5 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock-with-ignore.test

diff --git a/doc/06-config.md b/doc/06-config.md
index 273a1e379..19a0df714 100644
--- a/doc/06-config.md
+++ b/doc/06-config.md
@@ -481,4 +481,10 @@ throw, but you can set this config option to `["example.org"]` to allow using sv
 URLs on that hostname. This is a better/safer alternative to disabling `secure-http`
 altogether.
 
+## allow-missing-requirements
+
+Defaults to `false`. Ignores error during `install` if there are any missing
+requirements - the lock file is not up to date with the latest changes in
+`composer.json`.
+
 &larr; [Repositories](05-repositories.md)  |  [Runtime](07-runtime.md) &rarr;
diff --git a/res/composer-schema.json b/res/composer-schema.json
index 0f06cc542..8a3d82b1b 100644
--- a/res/composer-schema.json
+++ b/res/composer-schema.json
@@ -662,6 +662,10 @@
                 "platform-check": {
                     "type": ["boolean", "string"],
                     "description": "Defaults to \"php-only\" which checks only the PHP version. Setting to true will also check the presence of required PHP extensions. If set to false, Composer will not create and require a platform_check.php file as part of the autoloader bootstrap."
+                },
+                "allow-missing-requirements": {
+                    "type": ["boolean"],
+                    "description": "Defaults to false. If set to true, Composer will allow install when lock file is not up to date with the latest changes in composer.json."
                 }
             }
         },
diff --git a/src/Composer/Config.php b/src/Composer/Config.php
index 3cf84a73f..34737c09c 100644
--- a/src/Composer/Config.php
+++ b/src/Composer/Config.php
@@ -84,6 +84,7 @@ class Config
         'gitlab-token' => [],
         'http-basic' => [],
         'bearer' => [],
+        'allow-missing-requirements' => false,
     ];
 
     /** @var array<string, mixed> */
diff --git a/src/Composer/Installer.php b/src/Composer/Installer.php
index b88906aae..2502a7d02 100644
--- a/src/Composer/Installer.php
+++ b/src/Composer/Installer.php
@@ -742,7 +742,9 @@ class Installer
             if ($missingRequirementInfo !== []) {
                 $this->io->writeError($missingRequirementInfo);
 
-                return self::ERROR_LOCK_FILE_INVALID;
+                if (!$this->config->get('allow-missing-requirements')) {
+                    return self::ERROR_LOCK_FILE_INVALID;
+                }
             }
 
             foreach ($lockedRepository->getPackages() as $package) {
diff --git a/tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock-with-ignore.test b/tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock-with-ignore.test
new file mode 100644
index 000000000..856a4257b
--- /dev/null
+++ b/tests/Composer/Test/Fixtures/installer/install-from-incomplete-lock-with-ignore.test
@@ -0,0 +1,47 @@
+--TEST--
+Requirements from the composer file are not installed if the lock file is present and missing requirements warning
+is issued when allow-missing-requirements if enabled
+--COMPOSER--
+{
+    "repositories": [
+        {
+            "type": "package",
+            "package": [
+                { "name": "required/pkg", "version": "1.0.0" },
+                { "name": "newly-required/pkg", "version": "1.0.0" }
+            ]
+        }
+    ],
+    "require": {
+        "required/pkg": "1.0.0",
+        "newly-required/pkg": "1.0.0"
+    },
+    "config": {
+        "allow-missing-requirements": true
+    }
+}
+--LOCK--
+{
+    "packages": [
+        { "name": "required/pkg", "version": "1.0.0" }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false
+}
+--RUN--
+install
+--EXPECT-OUTPUT--
+Installing dependencies from lock file (including require-dev)
+Verifying lock file contents can be installed on current platform.
+- Required package "newly-required/pkg" is not present in the lock file.
+This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.
+Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md
+and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require-r
+Package operations: 1 install, 0 updates, 0 removals
+Generating autoload files
+--EXPECT--
+Installing required/pkg (1.0.0)