PageRenderTime 74ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/src/Composer/Util/AuthHelper.php

http://github.com/composer/composer
PHP | 264 lines | 191 code | 27 blank | 46 comment | 52 complexity | 46bb43ccb9b6ea5241c426c483cf8f63 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of Composer.
    5. 

  5.  *
    6. 

  6.  * (c) Nils Adermann <naderman@naderman.de>
    7. 

  7.  *     Jordi Boggiano <j.boggiano@seld.be>
    8. 

  8.  *
    9. 

  9.  * For the full copyright and license information, please view the LICENSE
    10. 

  10.  * file that was distributed with this source code.
    11. 

  11.  */
    12. 

  12. 

  13. namespace Composer\Util;
    14. 

  14. 

  15. use Composer\Config;
    16. 

  16. use Composer\IO\IOInterface;
    17. 

  17. use Composer\Downloader\TransportException;
    18. 

  18. 

  19. /**
    20. 

  20.  * @author Jordi Boggiano <j.boggiano@seld.be>
    21. 

  21.  */
    22. 

  22. class AuthHelper
    23. 

  23. {
    24. 

  24.     protected $io;
    25. 

  25.     protected $config;
    26. 

  26.     private $displayedOriginAuthentications = array();
    27. 

  27. 

  28.     public function __construct(IOInterface $io, Config $config)
    29. 

  29.     {
    30. 

  30.         $this->io = $io;
    31. 

  31.         $this->config = $config;
    32. 

  32.     }
    33. 

  33. 

  34.     /**
    35. 

  35.      * @param string $origin
    36. 

  36.      * @param string|bool $storeAuth
    37. 

  37.      */
    38. 

  38.     public function storeAuth($origin, $storeAuth)
    39. 

  39.     {
    40. 

  40.         $store = false;
    41. 

  41.         $configSource = $this->config->getAuthConfigSource();
    42. 

  42.         if ($storeAuth === true) {
    43. 

  43.             $store = $configSource;
    44. 

  44.         } elseif ($storeAuth === 'prompt') {
    45. 

  45.             $answer = $this->io->askAndValidate(
    46. 

  46.                 'Do you want to store credentials for '.$origin.' in '.$configSource->getName().' ? [Yn] ',
    47. 

  47.                 function ($value) {
    48. 

  48.                     $input = strtolower(substr(trim($value), 0, 1));
    49. 

  49.                     if (in_array($input, array('y','n'))) {
    50. 

  50.                         return $input;
    51. 

  51.                     }
    52. 

  52.                     throw new \RuntimeException('Please answer (y)es or (n)o');
    53. 

  53.                 },
    54. 

  54.                 null,
    55. 

  55.                 'y'
    56. 

  56.             );
    57. 

  57. 

  58.             if ($answer === 'y') {
    59. 

  59.                 $store = $configSource;
    60. 

  60.             }
    61. 

  61.         }
    62. 

  62.         if ($store) {
    63. 

  63.             $store->addConfigSetting(
    64. 

  64.                 'http-basic.'.$origin,
    65. 

  65.                 $this->io->getAuthentication($origin)
    66. 

  66.             );
    67. 

  67.         }
    68. 

  68.     }
    69. 

  69. 

  70.     /**
    71. 

  71.      * @param string $url
    72. 

  72.      * @param string $origin
    73. 

  73.      * @param int $statusCode HTTP status code that triggered this call
    74. 

  74.      * @param string|null $reason a message/description explaining why this was called
    75. 

  75.      * @param string[] $headers
    76. 

  76.      * @return array|null containing retry (bool) and storeAuth (string|bool) keys, if retry is true the request should be
    77. 

  77.      *               retried, if storeAuth is true then on a successful retry the authentication should be persisted to auth.json
    78. 

  78.      */
    79. 

  79.     public function promptAuthIfNeeded($url, $origin, $statusCode, $reason = null, $headers = array())
    80. 

  80.     {
    81. 

  81.         $storeAuth = false;
    82. 

  82.         $retry = false;
    83. 

  83. 

  84.         if (in_array($origin, $this->config->get('github-domains'), true)) {
    85. 

  85.             $gitHubUtil = new GitHub($this->io, $this->config, null);
    86. 

  86.             $message = "\n";
    87. 

  87. 

  88.             $rateLimited = $gitHubUtil->isRateLimited($headers);
    89. 

  89.             if ($rateLimited) {
    90. 

  90.                 $rateLimit = $gitHubUtil->getRateLimit($headers);
    91. 

  91.                 if ($this->io->hasAuthentication($origin)) {
    92. 

  92.                     $message = 'Review your configured GitHub OAuth token or enter a new one to go over the API rate limit.';
    93. 

  93.                 } else {
    94. 

  94.                     $message = 'Create a GitHub OAuth token to go over the API rate limit.';
    95. 

  95.                 }
    96. 

  96. 

  97.                 $message = sprintf(
    98. 

  98.                     'GitHub API limit (%d calls/hr) is exhausted, could not fetch '.$url.'. '.$message.' You can also wait until %s for the rate limit to reset.',
    99. 

  99.                     $rateLimit['limit'],
    100. 

  100.                     $rateLimit['reset']
    101. 

  101.                 )."\n";
    102. 

  102.             } else {
    103. 

  103.                 $message .= 'Could not fetch '.$url.', please ';
    104. 

  104.                 if ($this->io->hasAuthentication($origin)) {
    105. 

  105.                     $message .= 'review your configured GitHub OAuth token or enter a new one to access private repos';
    106. 

  106.                 } else {
    107. 

  107.                     $message .= 'create a GitHub OAuth token to access private repos';
    108. 

  108.                 }
    109. 

  109.             }
    110. 

  110. 

  111.             if (!$gitHubUtil->authorizeOAuth($origin)
    112. 

  112.                 && (!$this->io->isInteractive() || !$gitHubUtil->authorizeOAuthInteractively($origin, $message))
    113. 

  113.             ) {
    114. 

  114.                 throw new TransportException('Could not authenticate against '.$origin, 401);
    115. 

  115.             }
    116. 

  116.         } elseif (in_array($origin, $this->config->get('gitlab-domains'), true)) {
    117. 

  117.             $message = "\n".'Could not fetch '.$url.', enter your ' . $origin . ' credentials ' .($statusCode === 401 ? 'to access private repos' : 'to go over the API rate limit');
    118. 

  118.             $gitLabUtil = new GitLab($this->io, $this->config, null);
    119. 

  119. 

  120.             if ($this->io->hasAuthentication($origin) && ($auth = $this->io->getAuthentication($origin)) && in_array($auth['password'], array('gitlab-ci-token', 'private-token', 'oauth2'), true)) {
    121. 

  121.                 throw new TransportException("Invalid credentials for '" . $url . "', aborting.", $statusCode);
    122. 

  122.             }
    123. 

  123. 

  124.             if (!$gitLabUtil->authorizeOAuth($origin)
    125. 

  125.                 && (!$this->io->isInteractive() || !$gitLabUtil->authorizeOAuthInteractively(parse_url($url, PHP_URL_SCHEME), $origin, $message))
    126. 

  126.             ) {
    127. 

  127.                 throw new TransportException('Could not authenticate against '.$origin, 401);
    128. 

  128.             }
    129. 

  129.         } elseif ($origin === 'bitbucket.org') {
    130. 

  130.             $askForOAuthToken = true;
    131. 

  131.             if ($this->io->hasAuthentication($origin)) {
    132. 

  132.                 $auth = $this->io->getAuthentication($origin);
    133. 

  133.                 if ($auth['username'] !== 'x-token-auth') {
    134. 

  134.                     $bitbucketUtil = new Bitbucket($this->io, $this->config);
    135. 

  135.                     $accessToken = $bitbucketUtil->requestToken($origin, $auth['username'], $auth['password']);
    136. 

  136.                     if (!empty($accessToken)) {
    137. 

  137.                         $this->io->setAuthentication($origin, 'x-token-auth', $accessToken);
    138. 

  138.                         $askForOAuthToken = false;
    139. 

  139.                     }
    140. 

  140.                 } else {
    141. 

  141.                     throw new TransportException('Could not authenticate against ' . $origin, 401);
    142. 

  142.                 }
    143. 

  143.             }
    144. 

  144. 

  145.             if ($askForOAuthToken) {
    146. 

  146.                 $message = "\n".'Could not fetch ' . $url . ', please create a bitbucket OAuth token to ' . (($statusCode === 401 || $statusCode === 403) ? 'access private repos' : 'go over the API rate limit');
    147. 

  147.                 $bitBucketUtil = new Bitbucket($this->io, $this->config);
    148. 

  148.                 if (! $bitBucketUtil->authorizeOAuth($origin)
    149. 

  149.                     && (! $this->io->isInteractive() || !$bitBucketUtil->authorizeOAuthInteractively($origin, $message))
    150. 

  150.                 ) {
    151. 

  151.                     throw new TransportException('Could not authenticate against ' . $origin, 401);
    152. 

  152.                 }
    153. 

  153.             }
    154. 

  154.         } else {
    155. 

  155.             // 404s are only handled for github
    156. 

  156.             if ($statusCode === 404) {
    157. 

  157.                 return;
    158. 

  158.             }
    159. 

  159. 

  160.             // fail if the console is not interactive
    161. 

  161.             if (!$this->io->isInteractive()) {
    162. 

  162.                 if ($statusCode === 401) {
    163. 

  163.                     $message = "The '" . $url . "' URL required authentication.\nYou must be using the interactive console to authenticate";
    164. 

  164.                 } elseif ($statusCode === 403) {
    165. 

  165.                     $message = "The '" . $url . "' URL could not be accessed: " . $reason;
    166. 

  166.                 } else {
    167. 

  167.                     $message = "Unknown error code '" . $statusCode . "', reason: " . $reason;
    168. 

  168.                 }
    169. 

  169. 

  170.                 throw new TransportException($message, $statusCode);
    171. 

  171.             }
    172. 

  172.             // fail if we already have auth
    173. 

  173.             if ($this->io->hasAuthentication($origin)) {
    174. 

  174.                 throw new TransportException("Invalid credentials for '" . $url . "', aborting.", $statusCode);
    175. 

  175.             }
    176. 

  176. 

  177.             $this->io->writeError('    Authentication required (<info>'.$origin.'</info>):');
    178. 

  178.             $username = $this->io->ask('      Username: ');
    179. 

  179.             $password = $this->io->askAndHideAnswer('      Password: ');
    180. 

  180.             $this->io->setAuthentication($origin, $username, $password);
    181. 

  181.             $storeAuth = $this->config->get('store-auths');
    182. 

  182.         }
    183. 

  183. 

  184.         $retry = true;
    185. 

  185. 

  186.         return array('retry' => $retry, 'storeAuth' => $storeAuth);
    187. 

  187.     }
    188. 

  188. 

  189.     /**
    190. 

  190.      * @param array $headers
    191. 

  191.      * @param string $origin
    192. 

  192.      * @param string $url
    193. 

  193.      * @return array updated headers array
    194. 

  194.      */
    195. 

  195.     public function addAuthenticationHeader(array $headers, $origin, $url)
    196. 

  196.     {
    197. 

  197.         if ($this->io->hasAuthentication($origin)) {
    198. 

  198.             $authenticationDisplayMessage = null;
    199. 

  199.             $auth = $this->io->getAuthentication($origin);
    200. 

  200.             if ($auth['password'] === 'bearer') {
    201. 

  201.                 $headers[] = 'Authorization: Bearer '.$auth['username'];
    202. 

  202.             } elseif ('github.com' === $origin && 'x-oauth-basic' === $auth['password']) {
    203. 

  203.                 // only add the access_token if it is actually a github API URL
    204. 

  204.                 if (preg_match('{^https?://api\.github\.com/}', $url)) {
    205. 

  205.                     $headers[] = 'Authorization: token '.$auth['username'];
    206. 

  206.                     $authenticationDisplayMessage = 'Using GitHub token authentication';
    207. 

  207.                 }
    208. 

  208.             } elseif (in_array($origin, $this->config->get('gitlab-domains'), true)) {
    209. 

  209.                 if ($auth['password'] === 'oauth2') {
    210. 

  210.                     $headers[] = 'Authorization: Bearer '.$auth['username'];
    211. 

  211.                     $authenticationDisplayMessage = 'Using GitLab OAuth token authentication';
    212. 

  212.                 } elseif ($auth['password'] === 'private-token' || $auth['password'] === 'gitlab-ci-token') {
    213. 

  213.                     $headers[] = 'PRIVATE-TOKEN: '.$auth['username'];
    214. 

  214.                     $authenticationDisplayMessage = 'Using GitLab private token authentication';
    215. 

  215.                 }
    216. 

  216.             } elseif (
    217. 

  217.                 'bitbucket.org' === $origin
    218. 

  218.                 && $url !== Bitbucket::OAUTH2_ACCESS_TOKEN_URL
    219. 

  219.                 && 'x-token-auth' === $auth['username']
    220. 

  220.             ) {
    221. 

  221.                 if (!$this->isPublicBitBucketDownload($url)) {
    222. 

  222.                     $headers[] = 'Authorization: Bearer ' . $auth['password'];
    223. 

  223.                     $authenticationDisplayMessage = 'Using Bitbucket OAuth token authentication';
    224. 

  224.                 }
    225. 

  225.             } else {
    226. 

  226.                 $authStr = base64_encode($auth['username'] . ':' . $auth['password']);
    227. 

  227.                 $headers[] = 'Authorization: Basic '.$authStr;
    228. 

  228.                 $authenticationDisplayMessage = 'Using HTTP basic authentication with username "' . $auth['username'] . '"';
    229. 

  229.             }
    230. 

  230. 

  231.             if ($authenticationDisplayMessage && !in_array($origin, $this->displayedOriginAuthentications, true)) {
    232. 

  232.                 $this->io->writeError($authenticationDisplayMessage, true, IOInterface::DEBUG);
    233. 

  233.                 $this->displayedOriginAuthentications[] = $origin;
    234. 

  234.             }
    235. 

  235.         }
    236. 

  236. 

  237.         return $headers;
    238. 

  238.     }
    239. 

  239. 

  240.     /**
    241. 

  241.      * @link https://github.com/composer/composer/issues/5584
    242. 

  242.      *
    243. 

  243.      * @param string $urlToBitBucketFile URL to a file at bitbucket.org.
    244. 

  244.      *
    245. 

  245.      * @return bool Whether the given URL is a public BitBucket download which requires no authentication.
    246. 

  246.      */
    247. 

  247.     public function isPublicBitBucketDownload($urlToBitBucketFile)
    248. 

  248.     {
    249. 

  249.         $domain = parse_url($urlToBitBucketFile, PHP_URL_HOST);
    250. 

  250.         if (strpos($domain, 'bitbucket.org') === false) {
    251. 

  251.             // Bitbucket downloads are hosted on amazonaws.
    252. 

  252.             // We do not need to authenticate there at all
    253. 

  253.             return true;
    254. 

  254.         }
    255. 

  255. 

  256.         $path = parse_url($urlToBitBucketFile, PHP_URL_PATH);
    257. 

  257. 

  258.         // Path for a public download follows this pattern /{user}/{repo}/downloads/{whatever}
    259. 

  259.         // {@link https://blog.bitbucket.org/2009/04/12/new-feature-downloads/}
    260. 

  260.         $pathParts = explode('/', $path);
    261. 

  261. 

  262.         return count($pathParts) >= 4 && $pathParts[3] == 'downloads';
    263. 

  263.     }
    264. 

  264. }
    265. 

  265.