* master:
Add tests for edge cases of packages providing names which exist as real packages
Add another test verifying that a package may provide an incompatible version of sth that actually exists
Fix provider coexistence test, needs another requirement to install both
Fix test filename to end with .test extension so it gets run
Update config section to note required scope for GitLab tokens
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes#9079
Also remove credentials from cache dirs in git/svn drivers, fixes#7439, refs #9155
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Sanitize repo URLs to mask HTTP auth passwords from cache directory
Util/Zip: fix strpos args order
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
* RemoteFilesystemTest: simplifying some mock expectations calls
- will($this->returnValue()) to willReturn()
- will($this->returnCallBack()) to willReturnCallback()
* RemoteFilesystemTest: extracting identical mocks for IOInterface into a separate getIOInterfaceMock() method
* RemoteFilesystemTest: converting protected helper methods to private.
* RemoteFilesystemTest: moving getConfigMock() private method after the public methods (with other private methods)
* adding RemoteFileSystemTest::testCopyWithRetryAuthFailureFalse() unit test.
* Allow optional injecting of AuthHelper into RemoteFilesystem constructor.
* adding RemoteFileSystemTest::testCopyWithSuccessOnRetry() unit test.
* using backward compatible @expectedException in RemoteFilesystemTest.php
* RemoteFilesystemTest: extracting RemoteFilesystem with mocked method creation into a separate method.
* RemoteFilesystemTest: extracting AuthHelper with mocked method creation into a separate method.
* Add AuthHelper::addAuthenticationHeader() test on missing authentication credentials.
* Add AuthHelper::addAuthenticationHeader() test on bearer password.
* Add AuthHelper::addAuthenticationHeader() test on Github token.
* Add AuthHelper::addAuthenticationHeader() test on Gitlab Oauth token.
* Add $authenticationDisplayMessage write expectation to AuthHelper::addAuthenticationHeader() tests.
* Add AuthHelper::addAuthenticationHeader() test on Gitlab private token.
* Add AuthHelper::addAuthenticationHeader() test on Bitbucket Oauth token.
* Add AuthHelper::addAuthenticationHeader() test on Bitbucket public urls.
* Add AuthHelper::addAuthenticationHeader() test on Basic Http Authentication.
* Add AuthHelper::isPublicBitBucketDownload() tests.
* Rename AuthHelperTest $credentials variable to $auth.
* Add AuthHelper::storeAuth() test for auto-store option.
* Add AuthHelper::storeAuth() test for user prompt and y(es) answer.
* Add AuthHelper::storeAuth() test for user prompt and n(o) answer.
* Add AuthHelper::storeAuth() test for user prompt with invalid answer.
* Add AuthHelper::promptAuthIfNeeded() test for Github authentication failure.
- add GitHub hard dependency mock (new GitHub(...) mock)
* Run AuthHelper::promptAuthIfNeeded() tests only with PHP > 5.3
* Run AuthHelper::promptAuthIfNeeded() tests only with PHP >= 5.4
* Run AuthHelper::promptAuthIfNeeded() tests only with PHP 5.4
* Exclude PHPStan analyses of '../tests/Composer/Test/Util/Mocks/*'
* Exclude AuthHelper::promptAuthIfNeeded() tests from current pull request.
* Extract repetitive AuthHelperTest authentication expectation into a method.
PackageSorter weighs the importance of a package
by counting how many times it is required by other packages.
This works by calculating the weight for each package name.
However currently the package index of the package array
is currently passed the weigh function, which basically
disables package sorting.
The reason for that is, that a package repository previously
returned the package list as associative array with package name as keys,
but currently just as an array with integer keys.
Therefore we must extract the package name from the package
before passing it to the weigh function.
This includes two breaking changes:
- the hostname is not resolved in the case of an IP address.
- a hostname with a trailing period (FQDN) is not matched.
This brings the basic implementation in line with curl behaviour, with
the addition of full IP address and range matching (curl does not
differentiate between IP addresses host names).
The NO_PROXY environment variable can be set to either a comma-separated
list of host names that should not use a proxy, or single asterisk `*`
to match all hosts.
- Port numbers can be included by prefixing the port with a colon `:`.
- IP addresses can be used, but must be enclosed in square brackets
`[...]` if they include a port number.
- IP address ranges can specified in CIDR notation, separating the IP
address and prefix-length with a forward slash `/`.
* master: (48 commits)
SVN: hide passwords for debug output
Free $solver asap
fixes#8179
[minor] Fixed a typo in the CHANGELOG.md.
Update deps
Update changelog
Revert "Allow overriding self-update target file with envvar COMPOSER_SELF_UPDATE_TARGET" Revert "Add docs for COMPOSER_SELF_UPDATE_TARGET, refs #8151"
Add docs for COMPOSER_SELF_UPDATE_TARGET, refs #8151
Fix display of HHVM warning appearing when HHVM is not in use, fixes#8138
Read classmap-authoritative and apcu-autoloader from project config when installing via create-project, fixes#8155
Use possessive quantifiers
Update xdebug-handler to 1.3.3
fixes#8159
Allow overriding self-update target file with envvar COMPOSER_SELF_UPDATE_TARGET
flag should come before script name
use full command name, not abbreviated/alias
modify text
Document the alternatives to disable the default script timeout
Anchor pattern
Fix URL resolution for Composer repositories
...
Added a encapsulated group to the replacement parameter of the `preg_replace` for GitLab in `\Composer\Util\Url::updateDistReference()`. This fixes#6994.
Where systems use multiple ini files it is perhaps more useful to
suggest running `php --ini` to see their locations, rather than showing
the loaded php.ini (if one exists).
Some packages, e. g. `tm/tooly-composer-script`, are using the composer classes to e. g. create symlinks or perform other file operations. While there's only a `copyThenRemove()` method this commit introduces a new `copy()` method. `copy()` behaves the same as the copy part of `copyThenRemove()` did with one exception: it returns `true` on success and `false` on failure. Copying a directory may lead to a `false`, while the whole directory or some of its files couldn't been copied. To ensure backwards compatibility `copyThenRemove()` calls `copy()` now. This commit also adds the necessary tests.
Store the Bitbucket access-token (and the expiration time) so it can be re-used within the time it is valid.
The Bitbucket::requestToken and Bitbucket::getToken now only return the access-token and not all other parameters it receives from the Bitbucket API.
any tests that use the filesystem should have their own unique directory, as we run our test suite in parallel and
cleanup of tests (removing directories) should not interfere with currently running tests
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
issue https://github.com/composer/composer/issues/3744
summary of changes
- replaced bin script "fetch-spdx-identifiers" by "update-spdx-licenses"
- "update-spdx-licenses" uses "Composer/Util/SpdxLicensesUpdater" to update "spdx-licenses.json" file with license identifier, fullname and osi-approved-status
- dropped "spdx-identifiers.json" (identifiers only)
- dropped "SpdxLicenseIdentifier", it's just "SpdxLicense" now
- modified "ShowCommand" to output the license with metadata and removed some unused method arguments (cleanup)
The testsuite didn't run through for me because the php symlink() function
was missing.
It is only available on Windows Visa/Server 2008 or higher.
This commit fixes the issue by checking if the method exists, and if not,
marks the test as skipped because of a non-matching precondition.
- added some tests
- minor bug fixes discovered during testing
- resolved two deprecations (rate limit api and authorizations api)
- added some more comments to make the flow more understandable
Nils Adermann