Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/9.0.0-WIP' into wip/private-cl…
Browse files Browse the repository at this point in the history
…aims
  • Loading branch information
JRogaishio committed Aug 8, 2023
2 parents 0302141 + de61d4e commit dc2f7ac
Show file tree
Hide file tree
Showing 37 changed files with 1,263 additions and 287 deletions.
1 change: 0 additions & 1 deletion .gitattributes
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
/.gitignore export-ignore
/.scrutinizer.yml export-ignore
/.styleci.yml export-ignore
/.travis.yml export-ignore
/phpstan.neon export-ignore
/phpunit.xml.dist export-ignore
/CHANGELOG.md export-ignore
Expand Down
12 changes: 12 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: composer
directory: "/"
schedule:
interval: daily
time: "11:00"
open-pull-requests-limit: 10
ignore:
- dependency-name: league/event
versions:
- 3.0.0
21 changes: 21 additions & 0 deletions .github/workflows/backwards-compatibility.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: "Backwards compatibility check"

on:
pull_request:

jobs:
bc-check:
name: "Backwards compatibility check"

runs-on: "ubuntu-latest"

steps:
- name: "Checkout"
uses: "actions/checkout@v2"
with:
fetch-depth: 0

- name: "Backwards Compatibility Check"
uses: docker://nyholm/roave-bc-check-ga
with:
args: --from=${{ github.event.pull_request.base.sha }}
42 changes: 42 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: tests

on:
push:
pull_request:
schedule:
- cron: '0 0 * * *'

jobs:
tests:
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
php: [7.2, 7.3, 7.4, 8.0]
stability: [prefer-lowest, prefer-stable]

name: PHP ${{ matrix.php }} - ${{ matrix.stability }}

steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
extensions: dom, curl, libxml, mbstring, zip
coverage: pcov

- name: Install dependencies
run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress

- name: Execute tests
run: vendor/bin/phpunit --verbose --coverage-clover=coverage.clover

- name: Code coverage
if: ${{ github.ref == 'refs/heads/master' && matrix.php != 8.0 && github.repository == 'thephpleague/oauth2-server' }}
run: |
wget https://scrutinizer-ci.com/ocular.phar
php ocular.phar code-coverage:upload --format=php-clover coverage.clover
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
/vendor
/composer.lock
phpunit.xml
.phpunit.result.cache
.idea
/examples/vendor
examples/public.key
Expand Down
33 changes: 0 additions & 33 deletions .travis.yml

This file was deleted.

76 changes: 67 additions & 9 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,27 +5,76 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Added (v9)
### Added
- A CryptKeyInterface to allow developers to change the CryptKey implementation with greater ease (PR #1044)
- The authorization server can now finalize scopes when a client uses a refresh token (PR #1094)
- An AuthorizationRequestInterface to make it easier to extend the AuthorizationRequest (PR #1110)
- Ability to set custom claims on a JWT (PR #1122)

### Fixed
- If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042) (PR #1082)

### Changed
- Authorization Request objects are now created through the factory method, `createAuthorizationRequest()` (PR #1111)
- Changed parameters for `finalizeScopes()` to allow a reference to an auth code ID (PR #1112)

## [8.3.3] - released 2021-10-11
### Security
- Removed the use of `LocalFileReference()` in lcobucci/jwt. Function deprecated as per [GHSA-7322-jrq4-x5hf](https://github.com/lcobucci/jwt/security/advisories/GHSA-7322-jrq4-x5hf) (PR #1249)

## [8.3.2] - released 2021-07-27
### Changed
- Conditionally support the `StrictValidAt()` method in lcobucci/jwt so we can use version 4.1.x or greater of the library (PR #1236)
- When providing invalid credentials, the library now responds with the error message _The user credentials were incorrect_ (PR #1230)
- Keys are always stored in memory now and are not written to a file in the /tmp directory (PR #1180)
- The regex for matching the bearer token has been simplified (PR #1238)

## [8.3.1] - released 2021-06-04
### Fixed
- Revert check on clientID. We will no longer require this to be a string (PR #1233)

## [8.3.0] - released 2021-06-03
### Added
- The server will now validate redirect uris according to rfc8252 (PR #1203)
- Events emitted now include the refresh token and access token payloads (PR #1211)
- Use the `revokeRefreshTokens()` function to decide whether refresh tokens are revoked or not upon use (PR #1189)

### Changed
- Keys are now validated using `openssl_pkey_get_private()` and `openssl_pkey_get_public()` instead of regex matching (PR #1215)

### Fixed
- The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
- Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
- Allow scope "0" to be used. Previously this was removed from a request because it failed an `empty()` check (PR #1181)

## [8.2.4] - released 2020-12-10
### Fixed
- Reverted the enforcement of at least one redirect_uri for a client. This change has instead been moved to version 9 (PR #1169)

## [8.2.3] - released 2020-12-02
### Added
- Re-added support for PHP 7.2 (PR #1165, #1167)

## [8.2.2] - released 2020-11-30
### Fixed
- Fix issue where the private key passphrase isn't correctly passed to JWT library (PR #1164)

## [8.2.1] - released 2020-11-26
### Fixed
- If you have a password on your private key, it is now passed correctly to the JWT configuration object. (PR #1159)

## [8.2.0] - released 2020-11-25
### Added
- Add a `getRedirectUri` function to the `OAuthServerException` class (PR #1123)
- Support for PHP 8.0 (PR #1146)

### Fixed (v9)
- If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042) (PR #1082)
### Removed
- Removed support for PHP 7.2 (PR #1146)

### Fixed
- Fix typo in parameter hint. `code_challenged` changed to `code_challenge`. Thrown by Auth Code Grant when the code challenge does not match the regex. (PR #1130)
- Undefined offset was returned when no client redirect URI was set. Now throw an invalidClient exception if no redirect URI is set against a client (PR #1140)

### Changed (v9)
- Authorization Request objects are now created through the factory method, `createAuthorizationRequest()` (PR #1111)
- Changed parameters for `finalizeScopes()` to allow a reference to an auth code ID (PR #1112)

## [8.1.1] - released 2020-07-01

### Fixed
Expand Down Expand Up @@ -518,7 +567,16 @@ Version 5 is a complete code rewrite.

- First major release

[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/8.1.1...HEAD
[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/8.3.3...HEAD
[8.3.3]: https://github.com/thephpleague/oauth2-server/compare/8.3.2...8.3.3
[8.3.2]: https://github.com/thephpleague/oauth2-server/compare/8.3.1...8.3.2
[8.3.1]: https://github.com/thephpleague/oauth2-server/compare/8.3.0...8.3.1
[8.3.0]: https://github.com/thephpleague/oauth2-server/compare/8.2.4...8.3.0
[8.2.4]: https://github.com/thephpleague/oauth2-server/compare/8.2.3...8.2.4
[8.2.3]: https://github.com/thephpleague/oauth2-server/compare/8.2.2...8.2.3
[8.2.2]: https://github.com/thephpleague/oauth2-server/compare/8.2.1...8.2.2
[8.2.1]: https://github.com/thephpleague/oauth2-server/compare/8.2.0...8.2.1
[8.2.0]: https://github.com/thephpleague/oauth2-server/compare/8.1.1...8.2.0
[8.1.1]: https://github.com/thephpleague/oauth2-server/compare/8.1.0...8.1.1
[8.1.0]: https://github.com/thephpleague/oauth2-server/compare/8.0.0...8.1.0
[8.0.0]: https://github.com/thephpleague/oauth2-server/compare/7.4.0...8.0.0
Expand Down
15 changes: 7 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,10 @@

[![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases)
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
[![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
[![Build Status](https://github.com/thephpleague/oauth2-server/workflows/tests/badge.svg)](https://github.com/thephpleague/oauth2-server/actions)
[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
[![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
[![PHPStan](https://img.shields.io/badge/PHPStan-enabled-brightgreen.svg?style=flat-square)](https://github.com/phpstan/phpstan)

`league/oauth2-server` is a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.

Expand All @@ -29,11 +28,12 @@ This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](ht

## Requirements

The following versions of PHP are supported:
The latest version of this package supports the following versions of PHP:

* PHP 7.2
* PHP 7.3
* PHP 7.4
* PHP 8.0

The `openssl` and `json` extensions are also required.

Expand All @@ -52,24 +52,23 @@ You can contribute to the documentation in the [gh-pages branch](https://github.

## Testing

The library uses [PHPUnit](https://phpunit.de/) for unit tests and [PHPStan](https://github.com/phpstan/phpstan) for static analysis of the code.
The library uses [PHPUnit](https://phpunit.de/) for unit tests.

```
vendor/bin/phpunit
vendor/bin/phpstan analyse -l 7 -c phpstan.neon src tests
```

## Continous Integration
## Continuous Integration

We use [Travis CI](https://travis-ci.org/), [Scrutinizer](https://scrutinizer-ci.com/), and [StyleCI](https://styleci.io/) for continuous integration. Check out [our](https://github.com/thephpleague/oauth2-server/blob/master/.travis.yml) [configuration](https://github.com/thephpleague/oauth2-server/blob/master/.scrutinizer.yml) [files](https://github.com/thephpleague/oauth2-server/blob/master/.styleci.yml) if you'd like to know more.
We use [Github Actions](https://github.com/features/actions), [Scrutinizer](https://scrutinizer-ci.com/), and [StyleCI](https://styleci.io/) for continuous integration. Check out [our](https://github.com/thephpleague/oauth2-server/blob/master/.github/workflows/tests.yml) [configuration](https://github.com/thephpleague/oauth2-server/blob/master/.scrutinizer.yml) [files](https://github.com/thephpleague/oauth2-server/blob/master/.styleci.yml) if you'd like to know more.

## Community Integrations

* [Drupal](https://www.drupal.org/project/simple_oauth)
* [Laravel Passport](https://github.com/laravel/passport)
* [OAuth 2 Server for CakePHP 3](https://github.com/uafrica/oauth-server)
* [OAuth 2 Server for Mezzio](https://github.com/mezzio/mezzio-authentication-oauth2)
* [Trikoder OAuth 2 Bundle (Symfony)](https://github.com/trikoder/oauth2-bundle)
* [OAuth 2 Server Bundle (Symfony)](https://github.com/thephpleague/oauth2-server-bundle)
* [Heimdall for CodeIgniter 4](https://github.com/ezralazuardy/heimdall)

## Changelog
Expand Down
12 changes: 6 additions & 6 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,19 @@
"homepage": "https://oauth2.thephpleague.com/",
"license": "MIT",
"require": {
"php": ">=7.2.0",
"php": "^7.2 || ^8.0",
"ext-openssl": "*",
"league/event": "^2.2",
"lcobucci/jwt": "^3.3.1",
"lcobucci/jwt": "^3.4.6 || ^4.0.4",
"psr/http-message": "^1.0.1",
"defuse/php-encryption": "^2.2.1",
"ext-json": "*"
},
"require-dev": {
"phpunit/phpunit": "^8.5.4 || ^9.1.3",
"laminas/laminas-diactoros": "^2.3.0",
"phpstan/phpstan": "^0.11.19",
"phpstan/phpstan-phpunit": "^0.11.2",
"phpunit/phpunit": "^8.5.13",
"laminas/laminas-diactoros": "^2.4.1",
"phpstan/phpstan": "^0.12.57",
"phpstan/phpstan-phpunit": "^0.12.16",
"roave/security-advisories": "dev-master"
},
"repositories": [
Expand Down
10 changes: 5 additions & 5 deletions examples/composer.json
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"require": {
"slim/slim": "^3.0.0"
"slim/slim": "^3.12.3"
},
"require-dev": {
"league/event": "^2.2",
"lcobucci/jwt": "^3.3",
"psr/http-message": "^1.0",
"defuse/php-encryption": "^2.2",
"laminas/laminas-diactoros": "^2.1.2"
"lcobucci/jwt": "^3.4.6 || ^4.0.4",
"psr/http-message": "^1.0.1",
"defuse/php-encryption": "^2.2.1",
"laminas/laminas-diactoros": "^2.5.0"
},
"autoload": {
"psr-4": {
Expand Down
Loading

0 comments on commit dc2f7ac

Please sign in to comment.