Merge pull request #128 from TheDragonCode/1.x

Fixed token path resolution and validation logic

Author: andrey-helldar

app/Services/Token.php

@@ -19,10 +19,19 @@ protected static function fromServer(): ?string
     protected static function fromComposer(): ?string
     {
         foreach (static::composerPath() as $path) {
-            if (! $data = Process::run('cat ' . $path)) {
+            $resolved = static::resolvePath($path);
+
+            if (! $resolved || ! is_file($resolved) || ! is_readable($resolved)) {
+                continue;
+            }
+
+            $contents = @file_get_contents($resolved);
+            if ($contents === false) {
                 continue;
             }
 
+            $data = json_decode($contents, true, 512, JSON_THROW_ON_ERROR);
+
             if ($token = $data['github-oauth']['github.com'] ?? null) {
                 return $token;
             }
@@ -42,4 +51,25 @@ protected static function composerPath(): array
             '%USERPROFILE%/AppData/Roaming/Composer/auth.json',
         ];
     }
+
+    protected static function resolvePath(string $path): ?string
+    {
+        if (str_contains($path, '%USERPROFILE%')) {
+            $userProfile = getenv('USERPROFILE') ?: ($_SERVER['USERPROFILE'] ?? null);
+
+            if ($userProfile) {
+                $path = str_replace('%USERPROFILE%', rtrim($userProfile, '\\/'), $path);
+            }
+        }
+
+        if (str_starts_with($path, '~')) {
+            $home = getenv('HOME') ?: ($_SERVER['HOME'] ?? null);
+
+            if ($home) {
+                $path = rtrim($home, '\\/') . substr($path, 1);
+            }
+        }
+
+        return str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $path);
+    }
 }