-
-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow storing credentials globally when 'local' auth.json file exists #11188
Allow storing credentials globally when 'local' auth.json file exists #11188
Conversation
src/Composer/Util/Bitbucket.php
Outdated
$this->io->writeError('Ensure you enter a "Callback URL" (http://example.com is fine) or it will not be possible to create an Access Token (this callback url will not be used by composer)'); | ||
|
||
$storeInLocalAuthConfig = false; | ||
if ($localAuthConfig !== null) { | ||
$storeInLocalAuthConfig = $this->io->askConfirmation('A local auth config source was found, do you want to store the token there?', false); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Considering it was previously always writing to the local one, I think the default here should be true
to ensure BC if non-interactive. Same for GitHub/GitLab.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The initial reason I added this PR was because we have a license key for a private satis server distributed in an auth.json file, but when developers get rate limited on the github api for example their oauth key gets added to the auth.json file and may now accidentally be comitted. Adding false as a default makes sense here IMHO, as it has to be a consious descision to add credentials to vcs.
I do see your point though, as the auth.json file might not be in vcs for all Composer users. I've updated the default to false.
…f a local auth config file exists
Thanks! |
…f a local auth config file exists (composer#11188)
When in interactive mode with missing credentials, the credentials are always stored in the local auth.json file if it exists, even though credentials in the auth.json might be shared through git and the user wants to store their credentials in their global auth.json:
This PR adds the ability to choose where to store this newly acquired token when such a local auth.json file exists before prompting for the token:
Also, in the Github and BitBucket authentication, existing keys were incorrectly removed from the composer.json file instead of the auth.json file. Those issues are also fixed in this PR.