search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
10.84k stars 3.13k forks source link

Github token needed when upgrading (specifically for Composer) #12014

Closed jarrodCoombes closed 1 year ago

jarrodCoombes commented 1 year ago

Debug mode

Describe the bug

When I run the upgrade for Snipe php upgrade.php step 8 (Composer dependancies) gets to a point and asks me to enter a token to download some part of the update. When I generate both a public and private access token, it does not seem to accept these and still prompts for the token.

I am not sure if this is just me doing something wrong, so it may not be a bug. But I would sure love to fix this once and for all so that I can upgrade Snipe when I need to without it taking hours and days to accomplish.

Is this expected behaviour? Or am I just special somehow?

Reproduction steps

1.Run php upgrade.php 2.Get stuck at the token entry dialogue 3. ...

Expected behavior

It should upgrade with no prompting for a token.

Screenshots

No response

Snipe-IT Version

6.0.5

Operating System

Ubuntu Server 20.04.5 LTS

Web Server

Apache 2

PHP Version

7.4.3

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

--------------------------------------------------------
STEP 8: Updating composer dependencies:
(This may take a moment.)
--------------------------------------------------------

-- Running the app in production mode.
-- We couldn't find a local composer.phar. No worries, trying globally.
Since you are running composer globally, we won't try to update it for you.
If you run into issues with this step, try running `composer self-update` 
before running this updater again

Installing dependencies from lock file
Verifying lock file contents can be installed on current platform.
Package operations: 0 installs, 58 updates, 2 removals
  - Downloading symfony/deprecation-contracts (v2.5.2)
  - Downloading guzzlehttp/psr7 (2.4.0)
  - Downloading guzzlehttp/guzzle (7.4.5)
  - Downloading symfony/polyfill-mbstring (v1.26.0)
  - Downloading symfony/polyfill-php80 (v1.26.0)
  - Downloading symfony/polyfill-ctype (v1.26.0)
  - Downloading symfony/var-dumper (v5.4.9)
  - Downloading symfony/polyfill-php72 (v1.26.0)
  - Downloading symfony/polyfill-intl-normalizer (v1.26.0)
  - Downloading symfony/polyfill-intl-idn (v1.26.0)
  - Downloading symfony/mime (v5.4.10)
  - Downloading symfony/polyfill-php73 (v1.26.0)
  - Downloading symfony/http-foundation (v5.4.10)
  - Downloading symfony/event-dispatcher-contracts (v2.5.2)
  - Downloading symfony/event-dispatcher (v5.4.9)
  - Downloading symfony/error-handler (v5.4.9)
  - Downloading symfony/http-kernel (v5.4.10)
  - Downloading symfony/polyfill-intl-grapheme (v1.26.0)
  - Downloading symfony/string (v5.4.10)
  - Downloading symfony/service-contracts (v2.5.2)
  - Downloading symfony/console (v5.4.10)
  - Downloading symfony/polyfill-iconv (v1.26.0)
  - Downloading symfony/polyfill-php81 (v1.26.0)
  - Downloading symfony/translation-contracts (v2.5.2)
  - Downloading symfony/translation (v5.4.9)
  - Downloading nesbot/carbon (2.59.1)
  - Downloading monolog/monolog (2.7.0)
  - Downloading league/commonmark (2.3.4)
  - Downloading laravel/serializable-closure (v1.2.0)
  - Syncing webmozart/assert (1.11.0) into cache
  - Downloading laravel/framework (v8.83.22)
  - Downloading arietimmerman/laravel-scim-server (dev-master 9e7a8fd)
  - Downloading barryvdh/laravel-debugbar (v3.7.0)
  - Downloading dompdf/dompdf (v2.0.0)
  - Downloading barryvdh/laravel-dompdf (v2.0.0)
  - Downloading doctrine/annotations (1.13.3)
  - Syncing doctrine/reflection (1.2.3) into cache
  - Downloading doctrine/cache (1.13.0)
  - Downloading doctrine/dbal (3.3.7)
  - Downloading squizlabs/php_codesniffer (3.7.1)
  - Downloading facade/ignition (2.17.6)
  - Syncing fideloper/proxy (4.4.2) into cache
  - Downloading intervention/image (2.7.2)
  - Downloading paragonie/constant_time_encoding (v2.6.3)
  - Downloading nyholm/psr7 (1.5.1)
  - Downloading league/uri (6.7.1)
  - Downloading firebase/php-jwt (v6.3.0)
  - Downloading nikic/php-parser (v4.14.0)
  - Downloading psy/psysh (v0.11.7)
  - Downloading laravel/ui (v3.4.6)
  - Downloading aws/aws-sdk-php (3.231.12)
  - Syncing league/flysystem-aws-s3-v3 (1.0.30) into cache
  - Downloading maennchen/zipstream-php (2.2.1)
  - Downloading phpoffice/phpspreadsheet (1.24.1)
  - Downloading livewire/livewire (v2.10.6)
  - Syncing pragmarx/google2fa (v8.0.1) into cache
  - Downloading tecnickcom/tc-lib-color (1.14.14)
  - Downloading tecnickcom/tc-lib-barcode (1.17.14)
  0/53 [>---------------------------]   0%
Could not fetch https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/219aa369ceff116e673852dce47c3a41794c14bd, please review your configured GitHub OAuth token or enter a new one to access private repos
When working with _public_ GitHub repositories only, head to https://github.com/settings/tokens/new?scopes=&description=Composer+on+odo+2022-10-21+1340 to retrieve a token.
This token will have read-only permission for public information only.
When you need to access _private_ GitHub repositories as well, go to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+odo+2022-10-21+1340
Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.
Tokens will be stored in plain text in "/var/www/.config/composer/auth.json" for future use by Composer.
For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
Token (hidden): 
Token stored successfully.

Could not fetch https://api.github.com/repos/symfony/deprecation-contracts/zipball/e8b495ea28c1d97b5e0c121748d6f9b53d075c66, please review your configured GitHub OAuth token or enter a new one to access private repos
When working with _public_ GitHub repositories only, head to https://github.com/settings/tokens/new?scopes=&description=Composer+on+odo+2022-10-21+1341 to retrieve a token.
This token will have read-only permission for public information only.
When you need to access _private_ GitHub repositories as well, go to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+odo+2022-10-21+1341
Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.
Tokens will be stored in plain text in "/var/www/.config/composer/auth.json" for future use by Composer.
For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
Token (hidden):  <enter nothing for the token>

In GitHub.php line 104:

  [TypeError]                                          
  trim() expects parameter 1 to be string, null given  

Exception trace:
  at phar:///usr/local/bin/composer/src/Composer/Util/GitHub.php:104
 trim() at phar:///usr/local/bin/composer/src/Composer/Util/GitHub.php:104
 Composer\Util\GitHub->authorizeOAuthInteractively() at phar:///usr/local/bin/composer/src/Composer/Util/AuthHelper.php:133
 Composer\Util\AuthHelper->promptAuthIfNeeded() at phar:///usr/local/bin/composer/src/Composer/Util/Http/CurlDownloader.php:546
 Composer\Util\Http\CurlDownloader->isAuthenticatedRetryNeeded() at phar:///usr/local/bin/composer/src/Composer/Util/Http/CurlDownloader.php:420
 Composer\Util\Http\CurlDownloader->tick() at phar:///usr/local/bin/composer/src/Composer/Util/HttpDownloader.php:378
 Composer\Util\HttpDownloader->countActiveJobs() at phar:///usr/local/bin/composer/src/Composer/Util/Loop.php:96
 Composer\Util\Loop->wait() at phar:///usr/local/bin/composer/src/Composer/Installer/InstallationManager.php:506
 Composer\Installer\InstallationManager->waitOnPromises() at phar:///usr/local/bin/composer/src/Composer/Installer/InstallationManager.php:362
 Composer\Installer\InstallationManager->downloadAndExecuteBatch() at phar:///usr/local/bin/composer/src/Composer/Installer/InstallationManager.php:282
 Composer\Installer\InstallationManager->execute() at phar:///usr/local/bin/composer/src/Composer/Installer.php:763
 Composer\Installer->doInstall() at phar:///usr/local/bin/composer/src/Composer/Installer.php:281
 Composer\Installer->run() at phar:///usr/local/bin/composer/src/Composer/Command/InstallCommand.php:137
 Composer\Command\InstallCommand->execute() at phar:///usr/local/bin/composer/vendor/symfony/console/Command/Command.php:298
 Symfony\Component\Console\Command\Command->run() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:1024
 Symfony\Component\Console\Application->doRunCommand() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:299
 Symfony\Component\Console\Application->doRun() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:335
 Composer\Console\Application->doRun() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:171
 Symfony\Component\Console\Application->run() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:130
 Composer\Console\Application->run() at phar:///usr/local/bin/composer/bin/composer:88
 require() at /usr/local/bin/composer:29

install [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--dry-run] [--dev] [--no-suggest] [--no-dev] [--no-autoloader] [--no-progress] [--no-install] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--] [<packages>...]

Class ParsedownTest located in ./vendor/erusev/parsedown/test/ParsedownTest.php does not comply with psr-0 autoloading standard. Skipping.
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi
> @php artisan vendor:publish --force --tag=livewire:assets --ansi
Generating optimized autoload files
Discovered Package: arietimmerman/laravel-scim-server
Discovered Package: barryvdh/laravel-debugbar
Discovered Package: barryvdh/laravel-dompdf
Discovered Package: eduardokum/laravel-mail-auto-embed
Discovered Package: facade/ignition
Discovered Package: fideloper/proxy
Discovered Package: fruitcake/laravel-cors
Discovered Package: intervention/image
Discovered Package: laravel/passport
Discovered Package: laravel/slack-notification-channel
Discovered Package: laravel/tinker
Discovered Package: laravel/ui
Discovered Package: laravelcollective/html
Discovered Package: livewire/livewire
Discovered Package: maatwebsite/excel
Discovered Package: mediconesystems/livewire-datatables
Discovered Package: nesbot/carbon
Discovered Package: nunomaduro/collision
Discovered Package: pragmarx/google2fa-laravel
Discovered Package: spatie/laravel-backup
Discovered Package: unicodeveloper/laravel-password
Package manifest generated successfully.
Copied Directory [/vendor/livewire/livewire/dist] To [/public/vendor/livewire]
Publishing complete.
Generated optimized autoload files containing 8522 classes

--------------------------------------------------------

Additional context

No response

snipe commented 1 year ago

This is unfortunately a composer+GH issue, not a Snipe-IT issue. I assume you have done composer config -g github-oauth.github.com XXXXXXXXXXXXXXXXXXXXXXX (with XXXXX being your token?)

This resource may or may not be helpful: https://www.previousnext.com.au/blog/managing-composer-github-access-personal-access-tokens

Managing Composer Github access with Personal Access Tokens | PreviousNext
All PreviousNext Drupal 8 projects are now managed using Composer. This is a powerful tool, and allows our projects to define both public and private modules or libraries, and their dependencies, and bring them all together.   However, a if you require public or private modules which are hosted on GitHub you may run into the API Rate Limits. In order to overcome this, it is recommended to add a GitHub personal access token to your composer configuration.   In this blog post, I'll show how you can do this in a secure and manageable way.
snipe commented 1 year ago

(If you have composer installed globally, this process might be a little different versus using composer.phar though)

jarrodCoombes commented 1 year ago

How could I tell if it's installed globally?

This also all complicated by the fact that this upgrade needs to be run by the www-data user.

But also, when I manually enter a token that I generate into that prompt, it does not seem to accept it. So what are other people doing to upgrade when they run into this issue?

Oddly, if I paste the url it is trying to download into my browser, in an incognito window, the zip file is downloaded just fine.

jarrodCoombes commented 1 year ago

Ok, I had to:

  1. Restore from a snapshot.
  2. Go into the /var/www folder, create a .cache folder, then set the folder owner/group to www-data (sudo chown -R www-data:www-data .cache)
  3. Go to https://github.com/settings/tokens/new?scopes=repo&description=<description> and generate a token, I made mine never expire (probably not a good idea, but what the heck).
  4. Then run sudo -u www-data composer config -g github-oauth.github.com <token from #3> in order to store the token in the correct place.
  5. Then run the upgrade script sudo -u www-data php upgrade.php

That seems to have run all the way through with no errors. So I am reasonably sure I am completely upgraded now.