Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.
Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.
Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
If a path repository points at a directory that is managed by composer installers, the path that gets set ends up being relative, and this check fails to see that the source is already present, and therefore removes it.
Since ->install is already using realpath around the $path argument, remove should as well.
For an example repository that demonstrates this bug See: https://github.com/ryanaslett/pathrepotestcase
See https://wiki.php.net/rfc/named_params#internal_functions
(implemented but not yet merged)
An ArgumentCountError will be thrown when passing variadic arguments to
a function with call_user_func_array() if extra unknown named arguments
are encountered.
Fatal error: Uncaught ArgumentCountError: array_merge() does not accept unknown named parameters in phar:///path/to/composer.phar/src/Composer/DependencyResolver/DefaultPolicy.php:84
(e.g. for `['phpunit/phpunit' => [72]]`)