Composer install\update authentication fails

When I’m trying to install dependency from my private repository, I’m getting the following error:

> php.exe composer.phar update
Loading composer repositories with package information

  [RuntimeException]                                                           
  Failed to clone https://my.stash.repo/scm/lib/my-super-lib.git, could no  
  t read packages from it                                                      

  fatal: Authentication failed for 'https://my.stash.repo/scm/lib/my-super-lib.git/'                                                                   

update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-plugins] [--no-custom-installers] [--no-scripts] [--no-progress] [--with-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [packages1] ... [packagesN]

Process finished with exit code 1 at 10:57:04.
Execution time: 1 996 ms.

Relevant composer.json part looks as following:

  • Atlassian Stash says that the second pull request merged remotely
  • Promote all builds to master on Jenkins
  • git local patch (or branch) management
  • Importing from Bitbucket to Stash with history?
  • Jenkins CI Post-build Actions - How to push to Stash
  • git clone/ssh under jenkins
  •    "require": {
            "php": ">=5.3.0",
            "scaytrase/my-super-lib": "1.1"
        },
        "repositories": [
            {
                "type": "vcs",
                "url":  "https://my.stash.repo/scm/lib/my-super-lib.git"
            }
        ],
    

    If I set username and password directly like

    "url":  "https://username:password@my.stash.repo/scm/lib/my-super-lib.git"
    

    composer operations work just fine. But I dont’t want store plaintext credentials.

    Is there a way to make composer ask username and password each time?

    Repository is Atlassian Stash with https nginx in front of it (both https and http were tested)

    Composer version 70a20ebcc19f1ea8ab0954a4fbdce208b30085e7 2014-03-12 16:07:58

    EDIT:

    For now I perform git clone --mirror by myself to populate composer’s cache and then I just run composer install or composer update as usual (but It says it cannot update package info sometimes)

    code:

                $command = sprintf('git clone --mirror %s %s', escapeshellarg($this->url), escapeshellarg($this->repoDir));
                if (0 !== $this->process->execute($command, $output)) {
                    $output = $this->process->getErrorOutput();
    
                    if (0 !== $this->process->execute('git --version', $ignoredOutput)) {
                        throw new \RuntimeException('Failed to clone '.$this->url.', git was not found, check that it is installed and in your PATH env.' . "\n\n" . $this->process->getErrorOutput());
                    }
    
                    throw new \RuntimeException('Failed to clone '.$this->url.', could not read packages from it' . "\n\n" .$output);
                }
    

    manual git clone --mirror works just fine and asks for my credentials. But composer (which obviously executes the same command) – it does not.

    EDIT2

    It seems to be PHP Storm 8 EAP problem which i’m using. Latest stable version requires authentication correctly during composer install, but not during composer update.

  • Showing branch hierarchy at the command line?
  • How to invert `git log --grep=<pattern>` or How to show git logs that don't match a pattern
  • Git changes being lost - why?
  • Can you determine the git version of a file copied from a repo?
  • git: rebase (after merge) gives only conflicts
  • Undo git fast forward merge
  • 2 Solutions collect form web for “Composer install\update authentication fails”

    Seems to be a bug in latest PhpStorm 8 EAP 134.1456. PhpStorm 7.1.3 works with composer like command line (identical behavior) and performs composer install fine (but not composer update, but command line fails this too).

    I’have submitted a bugreport

    EDIT

    My bugreport to composer has been replaced by this

    UPD2

    For now question is totally not actual. Composer handles authentication correctly and also asks to store credentials in COMPOSER_HOME/auth.json

    You could setup an encrypted file with those http credential, in order for git to use them from that encrypted file.
    That supposes a running gpg agent able t provide the unique password needed to access that credentials gpg-encrypted file.

    The url you would use would then be:

    https://username@my.stash.repo/scm/lib/my-super-lib.git
    

    That allows git to ask to its credential helper for the right password (the one for ‘username‘).

    See “Is there a way to skip password typing when using https://github” for a concrete example.

    Git Baby is a git and github fan, let's start git clone.