KoolReport's Forum

Official Support Area, Q&As, Discussions, Suggestions and Bug reports.

Composer token duration #911

Open Andrea Puggioni opened this topic on on Jun 7 - 25 comments

Andrea Puggioni commented on Jun 7

Hi, We use jenkins as continuous integration system that (at every commit) checkout the project source from git, launch composer update, execute unit tests and deploy to staging server.

Yesterday we removed koolreport pro from our repositories and start to require it with coposer but after 1 hour the builds started to fail because of token expiration.

We need a permanent token.

KoolReport commented on Jun 10

Understood the issue, we are working on the solution.

KoolReport commented on Jun 10

Dear Andrea,

You may try again now. Although the token still expired in 1 hour, it supposed not to cause error for composer.

Let me know if it works.

Toby Beresford commented on Jul 4

So are you saying that the token doesn't expire anymore? We use GitLab for CI and are concerned we'll hit the same problem

KoolReport commented on Jul 5

No the token is still expired in 1hour, just that it will not cause error and stop your building process. Please try to fix the version of KoolReport in your composer.json, it will be fine.

Toby Beresford commented on Jul 6


Hmm. It doesn't seem to work (I just bought the Excel package FYI). I had no problem downloading locally with auth.json etc. I've added auth.json into my repo so that the unit test runner has the ability to download using the same code.

This is what I'm seeing on the Pipeline when we try to run unit tests from within a Docker container:

Thanks for any help you can give.

  - Installing koolreport/core (4.0.0): Downloading (connecting...)Downloading (100%)         
  - Installing markbaker/matrix (1.1.4): Downloading (connecting...)Downloading (0%)           Downloading (5%)Downloading (10%)Downloading (15%)Downloading (20%)Downloading (25%)Downloading (30%)Downloading (35%)Downloading (40%)Downloading (45%)Downloading (50%)Downloading (55%)Downloading (60%)Downloading (65%)Downloading (70%)Downloading (75%)Downloading (80%)Downloading (85%)Downloading (90%)Downloading (95%)Downloading (100%)
  - Installing markbaker/complex (1.4.7): Downloading (connecting...)Downloading (0%)           Downloading (25%)Downloading (35%)Downloading (60%)Downloading (70%)Downloading (95%)Downloading (100%)
  - Installing phpoffice/phpspreadsheet (1.8.1): Downloading (connecting...)Downloading (0%)           Downloading (5%)Downloading (10%)Downloading (15%)Downloading (20%)Downloading (25%)Downloading (30%)Downloading (35%)Downloading (40%)Downloading (45%)Downloading (50%)Downloading (55%)Downloading (60%)Downloading (65%)Downloading (70%)Downloading (75%)Downloading (80%)Downloading (85%)Downloading (90%)Downloading (95%)Downloading (100%)
  - Installing koolreport/excel (6.0.0): Downloading (connecting...)Downloading (100%)             Failed to download koolreport/excel from dist: The checksum verification of the file failed (downloaded from https://repo.koolreport.com//dist/koolreport/excel/koolreport-excel-a5d55b459ab0a8daba9722688ceab73b64af78da-zip-c30ad3.zip)
    Now trying to download from source
  - Installing koolreport/excel (6.0.0): Cloning a5d55b459a

  Failed to execute git clone --no-checkout 'git@github.com:koolreport/excel.git' '/builds/abc/vendor/koolreport/excel' && cd '/builds/abc/vendor/koolreport/excel' && git remote add composer 'git@github.com:koolreport/excel.git' && git fetch composer `
KoolReport commented on Jul 7

That's strange that it works from your local but not from your server. Let me inform the dev.team if they knows what might happens from the error.

David Winterburn commented on Jul 8

Hi Toby,

Would you please try to run "composer clear-cache" and "composer update" one time on your server? Thanks!

Toby Beresford commented on Jul 8

Hi David

It's a docker container so it's an entirely fresh install during the unit test process.

I've added the composer clear-cache to the install script.

See results:

I also just double checked - I removed the library from my local and then required it again. It all downloaded fine using that password.

Any other suggestions?



David Winterburn commented on Jul 8

Hi Toby,

Is your token in auth.json newly active or expired? Please make sure the token is new for first time composer install.

In case the token is new and the error still happens, please change the install script to:

composer install --ignore-platform-reqs -vvv

and let us know the detail error message. Thanks!

Toby Beresford commented on Jul 8

Hi David

It's an expired token but when using Docker on GitLab surely it's always going to be a first time install? Every time it spins up a entirely fresh docker instance of the server to run the unit tests.

Does your authentication technology work with Docker instances?

I don't understand why you don't just stop the token expiring?

I will send the full job script to your email address.


Toby Beresford commented on Jul 8

It works fine on the unit test Docker instance if I use a new token however that doesn't solve my issue. I will see if it still works if I try the unit test pipeline again in one hour and report back.

Toby Beresford commented on Jul 8

Ok so that worked! Don't fully understand why, but it worked. Will now try in production. Thanks for your help.

KoolReport commented on Jul 8

Great that it works! Anything please let us know.

Toby Beresford commented on Jul 9

So the unit test with docker on gitlab worked in production yesterday but no longer works today. Are there any other solutions you can suggest? Is there a different auth method to the package we can use please? A permanent token would be ideal.

KoolReport commented on Jul 11

We will mark your idea as our suggestion. The expired token seems safer, may be we can increase the token validity time.

Toby Beresford commented on Jul 11

Safer for you but of no use to your customers!

You really need to say this when selling that it won't work in dockerised environments. Otherwise people are paying for something they can't use.

KoolReport commented on Jul 12

Understand. By the way, there is a quick solution that you move "koolreport" folder to outside of vendor folder. You can remove koolreport and excel package in composer.json. Of course, in somewhere, you need to include the koolreport manually with require_one "/path/to/koolreport/core/autoload.php"; By this way, you can avoid this token issue for now.

Toby Beresford commented on Jul 12

Aha ok will try that and report back.

Toby Beresford commented on Jul 17

Hi that avoids the issue for now but is obviously only a temporary solution so please let us know when you have a longer term fix.

KoolReport commented on Jul 17

Yeah, we will find a better solution

Michael Menefee commented on Aug 22

We are also being heavily impacted by this. Automated build systems, our developer local workstations, and our production environment is all broken right now due to this change. We must have a better solution - this is not workable in the long term. Permanent tokens, or even just the ability to manually load files into the vendor folder. The "old way" was working just fine and quite stable. As all of our systems are automated via chef and other tools, having this require manual interaction to deploy code is not a workable solution.

KoolReport commented on Aug 22

Hi Michael,

What do you mean by the "old way"? Do you mean just by downloading the library and put to project?

Michael Menefee commented on Aug 28

Correct - just putting the files. The file method allowed me to check the latest version into our get repo, and then the composer process would just "overlay" on the folder. This way, no one ever had an issue, and they could just clone, run composer install, and start coding.

As it stands, I have now spent many hours preparing a development VM that I will now have to distribute to many developers around the world, simply because we do not have a way of creating a repository that can both a) be automatically deployed to the cloud and b) be deployed to a local development machine without involving logging in and pushing the "button". I.e. our devs can't just clone from our main git repo anymore and expect to be able to set up the application with "composer install", even though I have the koolreport files in the vendor directory checked into the repo explicitly. This has created a significant headache for us, right as I'm trying to spin up 5 new devs onto our project.

KoolReport commented on Aug 28

We bring you a good news that the old way still works. We just add the new way in addition to the old way. You do not need to use composer to install our packages. Instead just hit the download button at the clients section, unzip the file and put the koolreport folder somewhere in your project. Just requiring the file /path/to/koolreport/autoload.php and then everything will works.

Cord commented on Oct 8

Great composer is supported now, not so great the token expires. All workarounds are annoying... looking at e.g. nova.laravel.com there is a private non expiring token, so composer is fully supported even for this commercial package. Wonder if you could implement this as well?

KoolReport Is Free and Open-Source!

KoolReport is a professional php reporting framework which saves you tons of time to construct dynamic data report & dashboard.

  • Connect to various datasources such as MySQL, SQL Server, MongoDB or even from CSV or Excel file.
  • Contain series of powerful built-in data processes for your data manipulation.
  • Generate stunning charts and graphs to help you communicate data insights to your audiences effectively.
  • Integrate seamlessly with any php frameworks such as Laravel, CodeIgniter, Symfony.
Download Now and register our tutorials to get started!

Download KoolReport