From ff5e9f57a59d3865a93df227759b366cd1e4239f Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 10 May 2018 22:07:03 +0100 Subject: [PATCH 01/18] Only add authenticate header if present in original request thephpleague/oauth2-server#745 --- src/Exception/OAuthServerException.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 65fe861e..a62d961d 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -294,13 +294,9 @@ class OAuthServerException extends \Exception // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($this->errorType === 'invalid_client') { - $authScheme = 'Basic'; - if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false - && strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 - ) { - $authScheme = 'Bearer'; - } + if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd From 33ce8496175955ac5503b95f3704fce59fdf350d Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Sun, 13 May 2018 17:29:07 +0100 Subject: [PATCH 02/18] Add tests for invalid client exception --- src/Exception/OAuthServerException.php | 30 +++++++-- src/Grant/AbstractGrant.php | 6 +- src/Grant/AuthCodeGrant.php | 8 +-- src/Grant/ImplicitGrant.php | 8 +-- tests/Exception/OAuthServerExceptionTest.php | 66 ++++++++++++++++++++ tests/Grant/AbstractGrantTest.php | 2 +- 6 files changed, 104 insertions(+), 16 deletions(-) create mode 100644 tests/Exception/OAuthServerExceptionTest.php diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index a62d961d..8b296164 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -9,6 +9,7 @@ namespace League\OAuth2\Server\Exception; +use Psr\Http\Message\ServerRequest; use Psr\Http\Message\ResponseInterface; class OAuthServerException extends \Exception @@ -38,6 +39,11 @@ class OAuthServerException extends \Exception */ private $payload; + /** + * @var ServerRequest + */ + private $serverRequest; + /** * Throw a new exception. * @@ -84,6 +90,16 @@ class OAuthServerException extends \Exception $this->payload = $payload; } + /** + * Set the server request that is responsible for generating the exception + * + * @return void + */ + public function setServerRequest($serverRequest) + { + $this->ServerRequest = $serverRequest; + } + /** * Unsupported grant type error. * @@ -117,13 +133,19 @@ class OAuthServerException extends \Exception /** * Invalid client error. * + * @param ServerRequest $serverRequest + * * @return static */ - public static function invalidClient() + public static function invalidClient($serverRequest) { $errorMessage = 'Client authentication failed'; - return new static($errorMessage, 4, 'invalid_client', 401); + $exception = new static('Client authentication failed', 4, 'invalid_client', 401); + + $exception->setServerRequest($serverRequest); + + return $exception; } /** @@ -294,8 +316,8 @@ class OAuthServerException extends \Exception // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + if ($this->errorType === 'invalid_client' && $this->ServerRequest->hasHeader('Authorization') === true) { + $authScheme = strpos($this->ServerRequest->getHeader('Authorization')[0], 'Bearer') === 0 ? 'Bearer' : 'Basic'; $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php index 79a1ac47..05b73faa 100644 --- a/src/Grant/AbstractGrant.php +++ b/src/Grant/AbstractGrant.php @@ -190,7 +190,7 @@ abstract class AbstractGrant implements GrantTypeInterface if ($client instanceof ClientEntityInterface === false) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } // If a redirect URI is provided ensure it matches what is pre-registered @@ -201,13 +201,13 @@ abstract class AbstractGrant implements GrantTypeInterface && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } elseif ( is_array($client->getRedirectUri()) && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } } diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php index 80e1cd0f..084e21d4 100644 --- a/src/Grant/AuthCodeGrant.php +++ b/src/Grant/AuthCodeGrant.php @@ -236,7 +236,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant if ($client instanceof ClientEntityInterface === false) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } $redirectUri = $this->getQueryStringParameter('redirect_uri', $request); @@ -247,18 +247,18 @@ class AuthCodeGrant extends AbstractAuthorizeGrant && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } elseif ( is_array($client->getRedirectUri()) && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } else { $redirectUri = is_array($client->getRedirectUri()) ? $client->getRedirectUri()[0] diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php index b4157883..c740f75c 100644 --- a/src/Grant/ImplicitGrant.php +++ b/src/Grant/ImplicitGrant.php @@ -131,7 +131,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant if ($client instanceof ClientEntityInterface === false) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } $redirectUri = $this->getQueryStringParameter('redirect_uri', $request); @@ -141,18 +141,18 @@ class ImplicitGrant extends AbstractAuthorizeGrant && (strcmp($client->getRedirectUri(), $redirectUri) !== 0) ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } elseif ( is_array($client->getRedirectUri()) && in_array($redirectUri, $client->getRedirectUri(), true) === false ) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1 || empty($client->getRedirectUri())) { $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); - throw OAuthServerException::invalidClient(); + throw OAuthServerException::invalidClient($request); } else { $redirectUri = is_array($client->getRedirectUri()) ? $client->getRedirectUri()[0] diff --git a/tests/Exception/OAuthServerExceptionTest.php b/tests/Exception/OAuthServerExceptionTest.php new file mode 100644 index 00000000..11704ade --- /dev/null +++ b/tests/Exception/OAuthServerExceptionTest.php @@ -0,0 +1,66 @@ +withParsedBody([ + 'client_id' => 'foo', + ]) + ->withAddedHeader('Authorization', 'Basic fakeauthdetails'); + + try { + $this->issueInvalidClientException($serverRequest); + } catch (OAuthServerException $e) { + $response = $e->generateHttpResponse(new Response()); + + $this->assertTrue($response->hasHeader('WWW-Authenticate')); + } + } + + public function testInvalidClientExceptionOmitsAuthenticateHeader() + { + $serverRequest = (new ServerRequest()) + ->withParsedBody([ + 'client_id' => 'foo', + ]); + + try { + $this->issueInvalidClientException($serverRequest); + } catch (OAuthServerException $e) { + $response = $e->generateHttpResponse(new Response()); + + $this->assertFalse($response->hasHeader('WWW-Authenticate')); + } + } + + /** + * Issue an invalid client exception + * + * @return void + * @throws OAuthServerException + */ + private function issueInvalidClientException($serverRequest) + { + $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock(); + $clientRepositoryMock->method('getClientEntity')->willReturn(false); + + $grantMock = $this->getMockForAbstractClass(AbstractGrant::class); + $grantMock->setClientRepository($clientRepositoryMock); + + $abstractGrantReflection = new ReflectionClass($grantMock); + + $validateClientMethod = $abstractGrantReflection->getMethod('validateClient'); + $validateClientMethod->setAccessible(true); + + $validateClientMethod->invoke($grantMock, $serverRequest); + } +} diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php index 6266df0a..5da2776e 100644 --- a/tests/Grant/AbstractGrantTest.php +++ b/tests/Grant/AbstractGrantTest.php @@ -122,7 +122,7 @@ class AbstractGrantTest extends TestCase $validateClientMethod = $abstractGrantReflection->getMethod('validateClient'); $validateClientMethod->setAccessible(true); - $result = $validateClientMethod->invoke($grantMock, $serverRequest, true, true); + $result = $validateClientMethod->invoke($grantMock, $serverRequest); $this->assertEquals($client, $result); } From c2dcdee26667704843a6b297e7e469926372d4bc Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Sun, 13 May 2018 17:34:06 +0100 Subject: [PATCH 03/18] Change order of use statements --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 8b296164..72f23e6e 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -9,8 +9,8 @@ namespace League\OAuth2\Server\Exception; -use Psr\Http\Message\ServerRequest; use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequest; class OAuthServerException extends \Exception { From cbce5f45ba4f227e471f287c7a92de51df7c1528 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Sun, 13 May 2018 17:38:07 +0100 Subject: [PATCH 04/18] Fix case for serverRequest variable and remove unused variable --- src/Exception/OAuthServerException.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 72f23e6e..4713eba5 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -97,7 +97,7 @@ class OAuthServerException extends \Exception */ public function setServerRequest($serverRequest) { - $this->ServerRequest = $serverRequest; + $this->serverRequest = $serverRequest; } /** @@ -139,8 +139,6 @@ class OAuthServerException extends \Exception */ public static function invalidClient($serverRequest) { - $errorMessage = 'Client authentication failed'; - $exception = new static('Client authentication failed', 4, 'invalid_client', 401); $exception->setServerRequest($serverRequest); @@ -316,8 +314,8 @@ class OAuthServerException extends \Exception // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($this->errorType === 'invalid_client' && $this->ServerRequest->hasHeader('Authorization') === true) { - $authScheme = strpos($this->ServerRequest->getHeader('Authorization')[0], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + if ($this->errorType === 'invalid_client' && $this->serverRequest->hasHeader('Authorization') === true) { + $authScheme = strpos($this->serverRequest->getHeader('Authorization')[0], 'Bearer') === 0 ? 'Bearer' : 'Basic'; $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } From f8c2e721a05c18917bce16e696df4dc659ab3ddb Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Sun, 13 May 2018 17:41:21 +0100 Subject: [PATCH 05/18] Remove return voids and fix docblock and use orders --- src/Exception/OAuthServerException.php | 2 +- tests/Exception/OAuthServerExceptionTest.php | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 4713eba5..ddd4c534 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -93,7 +93,7 @@ class OAuthServerException extends \Exception /** * Set the server request that is responsible for generating the exception * - * @return void + * @param ServerRequest $serverRequest */ public function setServerRequest($serverRequest) { diff --git a/tests/Exception/OAuthServerExceptionTest.php b/tests/Exception/OAuthServerExceptionTest.php index 11704ade..b86f33a1 100644 --- a/tests/Exception/OAuthServerExceptionTest.php +++ b/tests/Exception/OAuthServerExceptionTest.php @@ -1,9 +1,9 @@ Date: Sun, 13 May 2018 17:52:45 +0100 Subject: [PATCH 06/18] Fix ServerRequestInterface docblock type --- src/Exception/OAuthServerException.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index ddd4c534..345b99a0 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -10,7 +10,7 @@ namespace League\OAuth2\Server\Exception; use Psr\Http\Message\ResponseInterface; -use Psr\Http\Message\ServerRequest; +use Psr\Http\Message\ServerRequestInterface; class OAuthServerException extends \Exception { @@ -40,7 +40,7 @@ class OAuthServerException extends \Exception private $payload; /** - * @var ServerRequest + * @var ServerRequestInterface */ private $serverRequest; @@ -93,7 +93,7 @@ class OAuthServerException extends \Exception /** * Set the server request that is responsible for generating the exception * - * @param ServerRequest $serverRequest + * @param ServerRequestInterface $serverRequest */ public function setServerRequest($serverRequest) { @@ -133,7 +133,7 @@ class OAuthServerException extends \Exception /** * Invalid client error. * - * @param ServerRequest $serverRequest + * @param ServerRequestInterface $serverRequest * * @return static */ From b1b33207ab4f3164f497accdd9dbefadb0189343 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Sun, 13 May 2018 18:02:23 +0100 Subject: [PATCH 07/18] Fix namespacing for Exception test --- tests/Exception/OAuthServerExceptionTest.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/Exception/OAuthServerExceptionTest.php b/tests/Exception/OAuthServerExceptionTest.php index b86f33a1..bac914e4 100644 --- a/tests/Exception/OAuthServerExceptionTest.php +++ b/tests/Exception/OAuthServerExceptionTest.php @@ -1,5 +1,7 @@ getMockForAbstractClass(AbstractGrant::class); $grantMock->setClientRepository($clientRepositoryMock); - $abstractGrantReflection = new ReflectionClass($grantMock); + $abstractGrantReflection = new \ReflectionClass($grantMock); $validateClientMethod = $abstractGrantReflection->getMethod('validateClient'); $validateClientMethod->setAccessible(true); From 28276cb6884868de518e7c12feae7f0e28b57e6d Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Wed, 16 May 2018 13:36:29 +0100 Subject: [PATCH 08/18] Add PSR-7 to the requirements in the readme This fixes issue #640 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 30db07a6..e4d90f46 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,8 @@ The following versions of PHP are supported: The `openssl` extension is also required. +All HTTP messages passed to the server should be [PSR-7 compliant](https://www.php-fig.org/psr/psr-7/). This ensures interoperability between other packages and frameworks. + ## Installation ``` From a3d4f583eda467012ac928056d2a84d05bbe520d Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:06:03 +0100 Subject: [PATCH 09/18] Fix #745 --- src/Exception/OAuthServerException.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 65fe861e..24179ce5 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -294,14 +294,8 @@ class OAuthServerException extends \Exception // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($this->errorType === 'invalid_client') { - $authScheme = 'Basic'; - if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false - && strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 - ) { - $authScheme = 'Bearer'; - } - $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; + if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd return $headers; From 8a25e0a01b1367c748d024019ddd34d48861171e Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:12:32 +0100 Subject: [PATCH 10/18] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bece8e44..dcac3bfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +### Fixed +- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request + ## [7.1.0] - released 2018-04-22 ### Changed From 19d782d223710e604e3650666412b8b8be2cc2ba Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:13:30 +0100 Subject: [PATCH 11/18] Fix alignment --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 24179ce5..9b798f76 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,7 +295,7 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd return $headers; From 3ea0cdc9365d427fe863c94939a2dba952c9f158 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:19:32 +0100 Subject: [PATCH 12/18] Set authScheme --- src/Exception/OAuthServerException.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 9b798f76..fe615262 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,6 +295,8 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } // @codeCoverageIgnoreEnd From 0242d0c9968e55cb8737470f55882a13f7f8c895 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:21:39 +0100 Subject: [PATCH 13/18] Remove spaces at end of line --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index fe615262..14297e75 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,7 +295,7 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } From 2e3ee60a2ac5ba0a7eb5673884f1e156438ce6a1 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Thu, 17 May 2018 13:27:30 +0100 Subject: [PATCH 14/18] Remove additional whitespace --- src/Exception/OAuthServerException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 14297e75..a62d961d 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -295,7 +295,7 @@ class OAuthServerException extends \Exception // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) { - $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; + $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic'; $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"'; } From 98812e6fabe5f82917d0a5d8ae143260e83c1bce Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Mon, 21 May 2018 11:21:44 +0100 Subject: [PATCH 15/18] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dcac3bfd..1e27f9ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +### Changed +- The `invalidClient()` function accepts a PSR-7 compliant `$serverRequest` argument to avoid accessing the `$_SERVER` global variable and improve testing (PR #899) + ### Fixed - No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request From beec37d95ffd3890fc72ad3dce728c4d31641877 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Mon, 21 May 2018 14:58:56 +0100 Subject: [PATCH 16/18] Modify changelog for 7.1.1 release --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dcac3bfd..6b2cadef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +## [7.1.1] - released 2018-05-21 + ### Fixed - No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request From fc55621f2017c039ce03dbad815901c8723cf3cb Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Mon, 21 May 2018 15:00:06 +0100 Subject: [PATCH 17/18] Add link to 7.1.1 release in changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b2cadef..37474b66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -390,6 +390,7 @@ Version 5 is a complete code rewrite. - First major release [Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.0.0...HEAD +[7.1.1]: https://github.com/thephpleague/oauth2-server/compare/7.1.0...7.1.1 [7.1.0]: https://github.com/thephpleague/oauth2-server/compare/7.0.0...7.1.0 [7.0.0]: https://github.com/thephpleague/oauth2-server/compare/6.1.1...7.0.0 [6.1.1]: https://github.com/thephpleague/oauth2-server/compare/6.0.0...6.1.1 From 2e47fa7fcad3b207cfbefa0a0e26af00445f3906 Mon Sep 17 00:00:00 2001 From: Andrew Millington Date: Mon, 21 May 2018 15:01:37 +0100 Subject: [PATCH 18/18] Add PR reference --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37474b66..b3f974a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [7.1.1] - released 2018-05-21 ### Fixed -- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request +- No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request (PR #902) ## [7.1.0] - released 2018-04-22