From b3b05949bbb5c07a03a19ec679f146dedcca1f18 Mon Sep 17 00:00:00 2001 From: Stefan Grootscholten Date: Tue, 27 Dec 2016 16:29:39 +0100 Subject: [PATCH] Implement most desirable Authorization method. As per https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication#make-requests adding the OAuth access token in the Authorization header is desired above adding it to the URL. --- src/Composer/Util/RemoteFilesystem.php | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/Composer/Util/RemoteFilesystem.php b/src/Composer/Util/RemoteFilesystem.php index 4437f79ea..b6fd65a46 100644 --- a/src/Composer/Util/RemoteFilesystem.php +++ b/src/Composer/Util/RemoteFilesystem.php @@ -245,14 +245,6 @@ class RemoteFilesystem unset($options['gitlab-token']); } - if (isset($options['bitbucket-token'])) { - // skip using the token for BitBucket downloads as these are not working with auth - if (!$this->isPublicBitBucketDownload($origFileUrl)) { - $fileUrl .= (false === strpos($fileUrl,'?') ? '?' : '&') . 'access_token=' . $options['bitbucket-token']; - } - unset($options['bitbucket-token']); - } - if (isset($options['http'])) { $options['http']['ignore_errors'] = true; } @@ -730,7 +722,9 @@ class RemoteFilesystem } elseif ('bitbucket.org' === $originUrl && $this->fileUrl !== Bitbucket::OAUTH2_ACCESS_TOKEN_URL && 'x-token-auth' === $auth['username'] ) { - $options['bitbucket-token'] = $auth['password']; + if (!$this->isPublicBitBucketDownload($this->fileUrl)) { + $headers[] = 'Authorization: Bearer ' . $auth['password']; + } } else { $authStr = base64_encode($auth['username'] . ':' . $auth['password']); $headers[] = 'Authorization: Basic '.$authStr;