Support for Yith plugins

[Evaske]

Hi,

I am trying to install some Yith theme plugins and running in to an issue with auth. I can see from logging in to their site that a cookie is required for the auth and so I have tried setting that as per the composer manual but I still keep getting asked for auth details. I have confirmed the cookie works by using Postman to make a test request so I can only assume the custom header isn't getting set?

{
    "type": "package",
    "options":  {
        "http": {
            "header": [
            "Cookie: login_header_here"
            ]
        }
    },
    "package": {
        "name": "yith/yith-woocommerce-ajax-product-filter",
        "version": "4.4.0",
        "type": "wordpress-plugin",
        "dist": {
            "type": "zip",
            "url": "https://yithemes.com/?wc-api=download-api&request=get_file&licence_key=licence_key&product_id=52749"
        },
        "require": {
            "ffraenz/private-composer-installer": "^5.0"
        }
    }
}

I have tried moving that options block in to various places in case I had it in the wrong one but that hasn't made any difference. Any ideas how to get that Cookie to send with the request?

[szepeviktor]

Hello @Evaske! AFAIK private-composer-installer does not support sending cookies.
BTW How would you get a cookie in an automated manner?

[szepeviktor]

It seems Composer supports extra HTTP headers for repositories only.
https://getcomposer.org/doc/articles/authentication-for-private-packages.md#manual-custom-token-authentication

[szepeviktor]

Take a peak into Yithemes' own updater. Maybe your URL is in there!
https://github.com/wp-plugins/yith-woocommerce-wishlist/blob/master/plugin-fw/lib/yit-upgrade.php#L209-L232

You can read those keys from WP with WP-CLI and export them as shell variables.

[Evaske]

I didn't even think of looking in their upgrade script! I'll have a play and see if I can get hold of a working URL.

[szepeviktor]

You can do these before running composer.

export PLUGIN_YITH_SECRET_KEY="$(wp eval 'echo get_option("yit_products_licence_activation")["secret_key"];')"
export PLUGIN_YITH...

...it turns out this 👆 is technically incorrect but shows how to proceed.

[ffraenz]

As @szepeviktor already mentioned, this package does currently not support

• custom request headers (like a cookie or authorization) and
• dynamic acquisition of environment variables (e.g. logging in to acquire a temporary session token to be used in the file download).

Things along these lines are already being discussed in #22.