Giters

composer / satis

Simple static Composer repository generator - For a full private Composer repo use Private Packagist

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Deprecation notice for authentication via URL query parameters

mabasic opened this issue · comments

commented

Describe the bug
When I click on any of the releases on the renderer html page for a package, I get a GitHub Not found page. Shortly after I have received an email from Github saying:

Please use the Authorization HTTP header instead, as using the access_token query parameter is deprecated. If this token is being used by an app you don't have control over, be aware that it may stop working as a result of this deprecation.

Depending on your API usage, we'll be sending you this email reminder on a monthly basis for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.

Thanks,
The GitHub Team

To Reproduce
Click on any of the releases on the renderer html page for a package hosted on GitHub.

Outcome

{
  "message": "Not Found",
  "documentation_url": "https://developer.github.com/v3/repos/contents/#get-archive-link"
}

Expected behavior
I should be navigated to the release page for that release or something similar.

commented

Were you using the latest version? Cause that was fixed in Composer 1.9.3 which we are using for Satis too. I just updated all dependencies though. Can you check and see if it works now perhaps?

commented

Were you using the latest version? Cause that was fixed in Composer 1.9.3 which we are using for Satis too. I just updated all dependencies though. Can you check and see if it works now perhaps?

I'm using docker to run satis. On my webpage it says 2.0.0-dev.

I'm assuming that I am on the master branch with that release?

How can I run an older version of Satis with provided docker image?

Ahh, you meant composer version... is satis in docker being run with host version of composer? I'm a bit confused here. I will have to check the server version of composer, update and report back.

commented

My host version of composer was 1.6.3 which is a bit outdated, that was because I was using apt to install it. I've updated it now to the latest version 1.10.6 and ran the command, but the issue remains.

I'm guessing that my host composer version has nothing to do with Satis running in docker...

Why is the docker image using Satis master branch?

commented

Did you pull the latest docker tag? It could be you haven't updated in a while. Can you try and see if docker pull composer/satis and then rerunning your command(s) yields better results?

commented

I have just pulled the latest docker image and it updated it to the latest version.

I ran the command, it updated the viewes, and when I click on a release I get the same response not found etc.

commented

Can you share your complete satis.json configuration?

commented

Sure thing.

{
    "name": "My packages",
    "homepage": "https://subdomain.domain.com",
    "repositories": [
        {
            "type": "vcs",
            "url": "git@github.com:xxx/yyy.git"
        }
    ],
    "require-all": true
}
commented

Which link element in the html output are you trying to access and can you provide an example of a URI satis generates there?

commented

I am clicking on these links:

Annotation 2020-05-27 105357

When I hover over the release I see links in this format:

https://api.github.com/repos/xxx/yyy/zipball/{key}

When I click on a link I get:

{
  "message": "Not Found",
  "documentation_url": "https://developer.github.com/v3/repos/contents/#get-archive-link"
}

The repository is a private repository on GitHub. I am logged in to GitHub website and have access to it.

commented

I have pulled the latest docker image from 4 days ago and the issue still persists.

I think that the docker image hosted on docker hub needs to be updated to use composer at least 1.9.3. @alcohol How can I do this?

commented

Right now it seems to use 1.10.7 (see

satis/composer.lock

Lines 76 to 77 in e51eac2

"name": "composer/composer",
"version": "1.10.7",
). I will update the dependencies in a moment and then you can try again.

commented

I have tried just now but I still get the same thing when I click on any release.

See here: https://packages.laravelista.com/

Is this a bug, is this functionality broken?

This is the same issue maybe #593

If the composer version inside docker is higher than 1.9.3 then that is not the fix.

commented

Uh, but that seems to be a private repository.

commented

@alcohol Meaning?

I assume that when I click on something and get 404 that something is broken.

If this is the default behavior for private packages should those links be removed?

commented

@mabasic why ? If you have access to the private repository, the link won't be a 404.

commented

I have access to the private repository, but when I click on the link I still get 404. When I go to https://github.com/laravelista/algo/tree/master I can see the code and everything.

commented

ah, indeed, the links to https://api.github.com for Zip archives don't work for private repositories (the authentication works differently for the API)

commented

@stof Could we add a field to repositories in satis.json to indicate if the repository is private and then hide the links, just display text?

Example:

{
    "name": "My packages",
    "homepage": "https://subdomain.domain.com",
    "repositories": [
        {
            "type": "vcs",
            "url": "git@github.com:xxx/yyy.git",
            "private": true
        }
    ],
    "require-all": true
}

?