Skip to main content

Composer, Bower and HTTP Basic Auth

This blog post might be outdated!
This blog post was published more than one year ago and might be outdated!
· 2 min read
Stephan Hochdörfer

A couple of months ago when we set-up our own internal Satis repository to host our custom Composer packages. We ran into an "unpleasant" issue with Composer that had this PR as an result. To sum things up: We are using HTTP Basic Auth to password-project our Satis repository. There was no way we could switch to an SSL client certificate to allow Composer to authenticate itself automatically without asking for a password. Asking for the password on a developer's machine is no big thing, but it since we need an automated Composer run in our Jenkins environment, there was no way to set things up. Unfortunately the PR is not yet merged in master so we were in need to find a different solution. Luckily my friend Joshua Thijssen pointed me to a tool named expect which could solve this issue easily. Expect is a tool that "talks to other interactive programs according to a script." which sounds pretty awesome and yes it is ;)

To run Composer with expect all you need is this sample shell script. Replace "myusername" and "mypassword" with your HTTP Basic Auth credentials and you are good to go:

#!/bin/sh
expect -c "
set timeout -1
spawn composer.phar update --dev --prefer-dist
expect {
-re { Username: } {
send \"myusername\r\"
exp_continue
}
-re { Password: } {
send \"mypassword\r\"
exp_continue
}
-re {^Generating autoload files }
}"

And this does not only work for Composer, you can use the same technique with Bower for your custom frontend packages:

#!/bin/sh
expect -c "
set timeout -1
spawn bower install
expect {
-re {Username for (.*)} {
send \"myusername\r\"
exp_continue
}
-re {Password for (.*)} {
send \"mypassword\r\"
exp_continue
}
}"

So for now this is the way we run Composer and Bower in our Jenkins setup as well as in our local Vagrant boxes. I will cover our Vagrant / Puppet set-up with Composer in an other blog post soon ;)