ffraenz / private-composer-installer

Composer install helper outsourcing sensitive keys from the package URL into environment variables
MIT License
227 stars 16 forks source link

Support for Yith plugins #44

Closed Evaske closed 2 years ago

Evaske commented 2 years ago

Hi,

I am trying to install some Yith theme plugins and running in to an issue with auth. I can see from logging in to their site that a cookie is required for the auth and so I have tried setting that as per the composer manual but I still keep getting asked for auth details. I have confirmed the cookie works by using Postman to make a test request so I can only assume the custom header isn't getting set?

{
    "type": "package",
    "options":  {
        "http": {
            "header": [
            "Cookie: login_header_here"
            ]
        }
    },
    "package": {
        "name": "yith/yith-woocommerce-ajax-product-filter",
        "version": "4.4.0",
        "type": "wordpress-plugin",
        "dist": {
            "type": "zip",
            "url": "https://yithemes.com/?wc-api=download-api&request=get_file&licence_key=licence_key&product_id=52749"
        },
        "require": {
            "ffraenz/private-composer-installer": "^5.0"
        }
    }
}

I have tried moving that options block in to various places in case I had it in the wrong one but that hasn't made any difference. Any ideas how to get that Cookie to send with the request?

szepeviktor commented 2 years ago

Hello @Evaske! AFAIK private-composer-installer does not support sending cookies. BTW How would you get a cookie in an automated manner?

szepeviktor commented 2 years ago

It seems Composer supports extra HTTP headers for repositories only. https://getcomposer.org/doc/articles/authentication-for-private-packages.md#manual-custom-token-authentication

szepeviktor commented 2 years ago

Take a peak into Yithemes' own updater. Maybe your URL is in there! https://github.com/wp-plugins/yith-woocommerce-wishlist/blob/master/plugin-fw/lib/yit-upgrade.php#L209-L232

You can read those keys from WP with WP-CLI and export them as shell variables.

Evaske commented 2 years ago

I didn't even think of looking in their upgrade script! I'll have a play and see if I can get hold of a working URL.

szepeviktor commented 2 years ago

You can do these before running composer.

export PLUGIN_YITH_SECRET_KEY="$(wp eval 'echo get_option("yit_products_licence_activation")["secret_key"];')"
export PLUGIN_YITH...

...it turns out this 👆 is technically incorrect but shows how to proceed.

ffraenz commented 2 years ago

As @szepeviktor already mentioned, this package does currently not support

Things along these lines are already being discussed in #22.