Private repositories: cannot change username and/or password #3644
Comments
|
Wow man thanks. was looking for the solution 2 days |
|
I was bitten by this today and I traced it back to this part: composer/src/Composer/Util/Git.php Lines 57 to 61 in fdcae61 For each dependency, credentials are stored once in I wholeheartedly agree with the comments by @frederikbosch here: https://github.com/composer/composer/pull/3608/files#r23305353 I think the current behavior is confusing, useless and dangerous. It should be removed and if it actually breaks an existing automated flow, then this flow was broken to begin with: Why would any flow rely on credentials that are secretly cached inside the dependency directory. On the other hand, removing this code would open up a much more reasonable flow: Set credentials (which can be a temporary CI token) in |
|
Sorry this took so long but should be fixed in the next 1.9 release, you can run |
|
@Seldaek No hard feelings, you guys have done awesome work with composer. You rock! |
* Debug: display used authentication for http calls * Command::execute() should always return an integer. * Check that if the getUrlMatches method returns an empty value which means the path is incorrect * Test to check there is a RuntimeException thrown when a path repository doesn't exist * Add details of the path to aid debugging * Remove extra line in method following CS-Fixer * Remove unused variable * added package homepage information to the command 'show' * changed homepage information position * Consider replaces when checking package dependents * Remove invalid array keys * Fix misc phpdoc and strpos arg order nits https://www.php.net/strpos has the signature `strpos ( string $haystack , mixed $needle [, int $offset = 0 ] ) : int` (The needle is usually the constant) `strpos('/', $suggestion)` would only be `false` for `''` and `'/'` So the existing check would just not suggest **anything** that was already installed (from pecl, built-in, or composer). The intent seems to be to not suggest non-vendored php packages that were already installed. (b20cc22) * Added comment why source link check is necessary * Add option to disable the lock file When the `lock` option is set to false, composer will not write a `composer.lock` file to disk. This signals that the package is meant to be developed with unlocked and always updated dependencies. At the moment, both `install` and `update` are allowed to install the dependencies for such a package. If composer#6822 is implemented, only `update` should be used for packages without a lockfile. composer#8354 * Add tests for installer with lock: false composer#8354 * Added clear cache for windows, fix tests * Don't necessarily mention Google There's other search engines as well. * Add messages to junction tests to see failures * HgDriver: don't run command in non-existing directory * Add Windows proc-open errors to troubleshooting.md As per these issues: https://github.com/composer/composer/issues/7186 composer#8152 * Fix composer outdated command on PHP 7.4; fixes composer#8346 * Avoid calling findPackage for non-platform packages * Update safeguard code, fixes composer#8383 * 5.3 support :/ * Fix require command to allow working on network mounts, fixes composer#8231 * Validate schema name, type and version * Added phpdoc for ComposerAutoloaderInit$SHA1::getLoader() (composer#8393) * Don't show root warning for docker containers Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com> * Validate composer show with --tree and --path options set (composer#8390) * make optimized autoloader respect PSR standards * Move test file parsing into try/catch block to avoid phpunit swallowing errors * Avoid clearing the error output during removeDirectory execution, losing git error output, fixes composer#8351 * Fix gitlab support for basic-auth fallback from ssh URLs * Fix github auth to try https with pwd also, fixes composer#8356 * Avoid overwriting credentials with existing ones from git repos, refs composer#8293 * Remove credentials from git remotes in cache and vendor dirs This only removes the credentials if they are managed by composer auth.json or equivalent, if the credentials were present in the package URL to begin with they might remain Refs composer#8293 Fixes composer#3644 Closes composer#3608 * Fix output of dump-autoload command to avoid interfering with warnings, refs composer#8397 * Change PSR-fix for optimized autoloader to only warn for now, refs composer#8397 * Fix tests for PSR-fix in optimized autoloader, refs composer#8397 * Fix tests for PSR-fix in optimized autoloader, refs composer#8397 * Fix PSR warnings for optimized autoloader, refs composer#8397, refs composer#8403 * Output a hint that maybe you are not in the right directory, fixes composer#8404 * Prepare 1.9.1 changelog * Fix PSR warnings for optimized autoloader, refs composer#8397, refs composer#8403 * Update dependencies * Fix: Xdebug vs xdebug * Fix: Add environment variables related to Xdebug to documentation
Beacuse the password is hardcoded in the composer remote (.git/config), the user is not able to change authentication credentials in auth.json. The only way to do this is by removing the vendor folder and run
composer installagain.PR #3608 fixes this issue.
The text was updated successfully, but these errors were encountered: