added support for all authentication methods of composer

FalkoHilbert · FalkoHilbert · commit 6017411ea712 · 2025-10-20T12:22:39.000+02:00
resolves #9093
diff --git a/composer/helpers/v2/src/UpdateChecker.php b/composer/helpers/v2/src/UpdateChecker.php
@@ -17,19 +17,59 @@ public static function getLatestResolvableVersion(array $args): ?string
         [$workingDirectory, $dependencyName, $gitCredentials, $registryCredentials] = $args;
 
         $httpBasicCredentials = [];
+        $bearerCredentials = [];
+        $githubOauthCredentials = [];
+        $gitlabOauthCredentials = [];
+        $gitlabTokenCredentials = [];
+        $bitbucketOauthCredentials = [];
 
         foreach ($gitCredentials as $credentials) {
-            $httpBasicCredentials[$credentials['host']] = [
-                'username' => $credentials['username'],
-                'password' => $credentials['password'],
-            ];
+            if (isset($credentials['host']) && isset($credentials['username']) && isset($credentials['password'])) {
+                $httpBasicCredentials[$credentials['host']] = [
+                    'username' => $credentials['username'],
+                    'password' => $credentials['password'],
+                ];
+            }
         }
 
         foreach ($registryCredentials as $credentials) {
-            $httpBasicCredentials[$credentials['registry']] = [
-                'username' => $credentials['username'],
-                'password' => $credentials['password'],
-            ];
+            $host = $credentials['registry'] ?? null;
+            if (!$host) {
+                continue;
+            }
+
+            // http-basic
+            if (isset($credentials['username']) && isset($credentials['password'])) {
+                $httpBasicCredentials[$host] = [
+                    'username' => $credentials['username'],
+                    'password' => $credentials['password'],
+                ];
+            }
+
+            $authType = $credentials['auth_type'] ?? null;
+            // bearer
+            if ($authType === 'bearer' && isset($credentials['token'])) {
+                $bearerCredentials[$host] = $credentials['token'];
+            }
+            // github-oauth
+            if ($authType === 'github-oauth' && isset($credentials['token'])) {
+                $githubOauthCredentials[$host] = $credentials['token'];
+            }
+            // gitlab-oauth
+            if ($authType === 'gitlab-oauth' && isset($credentials['token'])) {
+                $gitlabOauthCredentials[$host] = $credentials['token'];
+            }
+            // gitlab-token
+            if ($authType === 'gitlab-token' && isset($credentials['token'])) {
+                $gitlabTokenCredentials[$host] = $credentials['token'];
+            }
+            // bitbucket-oauth
+            if ($authType === 'bitbucket-oauth' && (isset($credentials['key']) || isset($credentials['consumer-key']) || isset($credentials['username'])) && (isset($credentials['secret']) || isset($credentials['consumer-secret']) || isset($credentials['password']))) {
+                $bitbucketOauthCredentials[$host] = [
+                    'consumer-key' => $credentials['key'] ?? $credentials['consumer-key'] ?? $credentials['username'] ?? '',
+                    'consumer-secret' => $credentials['secret'] ?? $credentials['consumer-secret'] ?? $credentials['password'] ?? '',
+                ];
+            }
         }
 
         $io = new ExceptionIO();
@@ -38,13 +78,28 @@ public static function getLatestResolvableVersion(array $args): ?string
 
         $config = $composer->getConfig();
 
-        if (0 < count($httpBasicCredentials)) {
-            $config->merge([
-                'config' => [
-                    'http-basic' => $httpBasicCredentials,
-                ],
-            ]);
+        $configToMerge = ['config' => []];
+        if (!empty($httpBasicCredentials)) {
+            $configToMerge['config']['http-basic'] = $httpBasicCredentials;
+        }
+        if (!empty($bearerCredentials)) {
+            $configToMerge['config']['bearer'] = $bearerCredentials;
+        }
+        if (!empty($githubOauthCredentials)) {
+            $configToMerge['config']['github-oauth'] = $githubOauthCredentials;
+        }
+        if (!empty($gitlabOauthCredentials)) {
+            $configToMerge['config']['gitlab-oauth'] = $gitlabOauthCredentials;
+        }
+        if (!empty($gitlabTokenCredentials)) {
+            $configToMerge['config']['gitlab-token'] = $gitlabTokenCredentials;
+        }
+        if (!empty($bitbucketOauthCredentials)) {
+            $configToMerge['config']['bitbucket-oauth'] = $bitbucketOauthCredentials;
+        }
 
+        if (!empty($configToMerge['config'])) {
+            $config->merge($configToMerge);
             $io->loadConfiguration($config);
         }
 
diff --git a/composer/helpers/v2/src/Updater.php b/composer/helpers/v2/src/Updater.php
@@ -33,33 +33,81 @@ public static function update(array $args): array
         $composer = Factory::create($io);
         $config = $composer->getConfig();
         $httpBasicCredentials = [];
+        $bearerCredentials = [];
+        $githubOauthCredentials = [];
+        $gitlabOauthCredentials = [];
+        $gitlabTokenCredentials = [];
+        $bitbucketOauthCredentials = [];
 
         $pm = new DependabotPluginManager($io, $composer, null, false);
         $composer->setPluginManager($pm);
         $pm->loadInstalledPlugins();
 
         foreach ($gitCredentials as &$cred) {
-            $httpBasicCredentials[$cred['host']] = [
-                'username' => $cred['username'],
-                'password' => $cred['password'],
-            ];
+            if (isset($cred['host']) && isset($cred['username']) && isset($cred['password'])) {
+                $httpBasicCredentials[$cred['host']] = [
+                    'username' => $cred['username'],
+                    'password' => $cred['password'],
+                ];
+            }
         }
 
         foreach ($registryCredentials as &$cred) {
-            $httpBasicCredentials[$cred['registry']] = [
-                'username' => $cred['username'],
-                'password' => $cred['password'],
-            ];
+            $host = $cred['registry'] ?? null;
+            if (!$host) {
+                continue;
+            }
+
+            if (isset($cred['username']) && isset($cred['password'])) {
+                $httpBasicCredentials[$host] = [
+                    'username' => $cred['username'],
+                    'password' => $cred['password'],
+                ];
+            }
+
+            $authType = $cred['auth_type'] ?? null;
+            if ($authType === 'bearer' && isset($cred['token'])) {
+                $bearerCredentials[$host] = $cred['token'];
+            }
+            if ($authType === 'github-oauth' && isset($cred['token'])) {
+                $githubOauthCredentials[$host] = $cred['token'];
+            }
+            if ($authType === 'gitlab-oauth' && isset($cred['token'])) {
+                $gitlabOauthCredentials[$host] = $cred['token'];
+            }
+            if ($authType === 'gitlab-token' && isset($cred['token'])) {
+                $gitlabTokenCredentials[$host] = $cred['token'];
+            }
+            if ($authType === 'bitbucket-oauth' && (isset($cred['key']) || isset($cred['consumer-key']) || isset($cred['username'])) && (isset($cred['secret']) || isset($cred['consumer-secret']) || isset($cred['password']))) {
+                $bitbucketOauthCredentials[$host] = [
+                    'consumer-key' => $cred['key'] ?? $cred['consumer-key'] ?? $cred['username'] ?? '',
+                    'consumer-secret' => $cred['secret'] ?? $cred['consumer-secret'] ?? $cred['password'] ?? '',
+                ];
+            }
         }
 
-        if ($httpBasicCredentials) {
-            $config->merge(
-                [
-                    'config' => [
-                        'http-basic' => $httpBasicCredentials,
-                    ],
-                ]
-            );
+        $mergeConfig = ['config' => []];
+        if (!empty($httpBasicCredentials)) {
+            $mergeConfig['config']['http-basic'] = $httpBasicCredentials;
+        }
+        if (!empty($bearerCredentials)) {
+            $mergeConfig['config']['bearer'] = $bearerCredentials;
+        }
+        if (!empty($githubOauthCredentials)) {
+            $mergeConfig['config']['github-oauth'] = $githubOauthCredentials;
+        }
+        if (!empty($gitlabOauthCredentials)) {
+            $mergeConfig['config']['gitlab-oauth'] = $gitlabOauthCredentials;
+        }
+        if (!empty($gitlabTokenCredentials)) {
+            $mergeConfig['config']['gitlab-token'] = $gitlabTokenCredentials;
+        }
+        if (!empty($bitbucketOauthCredentials)) {
+            $mergeConfig['config']['bitbucket-oauth'] = $bitbucketOauthCredentials;
+        }
+
+        if (!empty($mergeConfig['config'])) {
+            $config->merge($mergeConfig);
             $io->loadConfiguration($config);
         }
 
diff --git a/composer/lib/dependabot/composer/update_checker/version_resolver.rb b/composer/lib/dependabot/composer/update_checker/version_resolver.rb
@@ -622,16 +622,19 @@ def requirement_valid?(req_string)
 
         sig { returns(T::Array[Dependabot::Credential]) }
         def git_credentials
+          # Pass git_source credentials if they have basic auth available. Composer expects http-basic for git hosts.
           credentials
             .select { |cred| cred["type"] == "git_source" }
             .select { |cred| cred["password"] }
         end
 
         sig { returns(T::Array[Dependabot::Credential]) }
         def registry_credentials
+          # Include composer repository credentials that use either basic auth (username/password)
+          # or token-based auth (token-based methods are handled in the PHP helper layer).
           credentials
             .select { |cred| cred["type"] == PackageManager::REPOSITORY_KEY }
-            .select { |cred| cred["password"] }
+            .select { |cred| cred["password"] || cred["token"] || cred["auth_type"] }
         end
       end
     end
