ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-02 00:43:11 +05:30
Code Issues Packages Projects Releases Wiki Activity
1,336 Commits 11 Branches 86 Tags 15 MiB
03e4ac7ea6
Commit Graph

718 Commits

Author SHA1 Message Date
Scott Arciszewski
612775466c Remove side-effects in hash_equals() 
This is functionally identical, but without the side-effect of defining a function in the current namespace.

Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first.

Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
 2015-01-01 01:34:22 -05:00
Alex Bilbie
282bb20cc8 Fix docblocks + method name 2014-12-27 23:00:11 +00:00
Alex Bilbie
b727be55a2 Merge branch 'master' of https://github.com/Symplicity/oauth2-server into Symplicity-master 2014-12-27 22:57:08 +00:00
Alex Bilbie
72a5c1794a Remove unused namespace 2014-12-27 22:50:13 +00:00
Alex Bilbie
707c85b0d6 Fixes and tests 2014-12-27 22:26:31 +00:00
Alex Bilbie
c56562b0b8 PSR fixes 2014-12-27 21:38:01 +00:00
Alex Bilbie
17be6f4549 Added MacTokenInterface 2014-12-27 21:35:45 +00:00
Alex Bilbie
b50fbff1e3 Update docblock 2014-12-27 21:35:45 +00:00
Alex Bilbie
7375a348c6 PHP code fix 2014-12-27 21:35:45 +00:00
Alex Bilbie
ae5dd9ce65 Added MAC TokenType 2014-12-27 21:35:45 +00:00
Alex Bilbie
f9e56ff62a Added MAC storage getter and setter 2014-12-27 21:35:45 +00:00
Dave Walker
851c7c0eb1 Per the spec: 
The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)
 2014-12-21 18:51:52 -05:00
mortenhauberg
60bd334b46 Changed "paremter" to "parameter" 2014-12-16 19:04:03 +01:00
Regan
d32bfaa757 Prevent duplicate session in auth code grant 
The session already exists in the database, so we don't need to save it again. Doing so results in the session used for the auth code hanging around in the database with nothing associated to it, while the access token is associated to a new session caused by the `save()` method creating a duplicate. Fixes #266.
 2014-12-15 15:09:36 +13:00
Graham Campbell
a12786cbd5 Removed an extra new line 2014-12-10 15:18:49 +00:00
Graham Campbell
a1726903b5 CS fixes 2014-12-10 13:10:35 +00:00
Ivan Enderlin
3b176fe220 Fix API CS. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
986dc59627 The create method returns void. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
0878897969 Fix API CS. 2014-12-09 14:15:36 +01:00
Scott Arciszewski
7a63f42462 Update DefaultAlgorithm.php 
Prevent edge-case whereby, if the majority of `base64_encode($bytes)` consists of `/` or `+` characters, the resulting key will be shorter and less unpredictable (due to a smaller keyspace) than anticipated.

As a result, the `$len * 2` hack has been removed. Although it is highly probable that `$len * 2` will stop most edge cases from occurring, it does not actually guarantee the end result will be at least 40 characters long.
 2014-12-08 18:40:31 -05:00
Alex Bilbie
f8b61b47b9 Ensure Refresh Token Entity hasn't expired 2014-12-03 23:22:14 +00:00
Alex Bilbie
b8331d12e4 Syntax improvements 2014-12-03 23:21:54 +00:00
Alex Bilbie
e1c0ff2685 Code coverage improvements in grant classes 2014-11-23 23:32:50 +00:00
Alex Bilbie
76de634f2b Added setSession on TokenTypeInterface as per #255 2014-11-21 00:06:17 +00:00
Alex Bilbie
cfada388db Declared methods from AbstractGrant on GrantTypeInterface as per #255 2014-11-21 00:06:01 +00:00
Alex Bilbie
2f971dc77f Declared all of the methods in AbstractTokenType in TokenTypeInterface as per #255 2014-11-20 23:54:52 +00:00
Alex Bilbie
ae7b7e9aa9 Fixed namespace includes 2014-11-20 23:54:14 +00:00
Alex Bilbie
bed6c3287e Spelling fixes 2014-11-20 23:53:14 +00:00
Alex Bilbie
f83e5a8731 Learnt how to spell delimiter 2014-11-20 23:52:29 +00:00
Brooke Bryan
6a1f927a6c Check refreshToken isset before attempting to call methods on it 2014-11-13 12:20:59 +00:00
Brooke Bryan
b2c0933ee6 Docbloc improvements 2014-11-12 18:10:29 +00:00
Luca Degasperi
001c15bfad Update ResourceServer.php 2014-11-09 09:45:20 +01:00
Graham Campbell
4c1cd04a24 CS fixes 2014-11-08 18:26:12 +00:00
Alex Bilbie
6b29b7450e If the client should redirect during AuthCodeGrant authorisation then provide a redirect uri 2014-11-08 17:03:15 +00:00
Alex Bilbie
b9debaab26 Fix #231 2014-11-08 16:44:39 +00:00
Alex Bilbie
856051bfb3 Fix #232 2014-11-08 16:20:13 +00:00
Alex Bilbie
a2a768b6e6 All interfaces extend StorageInterface 2014-11-07 02:31:37 +00:00
Alex Bilbie
4bbbc72035 Added StorageInterface 2014-11-07 02:29:04 +00:00
Alex Bilbie
3815355489 Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 02:20:06 +00:00
Alex Bilbie
9bb7af6f83 More docblock fixes 2014-11-07 01:48:23 +00:00
Alex Bilbie
d16b1b72ba Docblock fix 2014-11-07 01:36:17 +00:00
Alex Bilbie
e37289231d Removed dead code 2014-11-07 01:36:12 +00:00
Alex Bilbie
1c2ec943e9 Missing parameter 2014-11-07 01:35:59 +00:00
Alex Bilbie
17dfc897b4 Docfix 2014-11-07 01:30:54 +00:00
Alex Bilbie
7586e62da1 Dead code 2014-11-07 01:30:50 +00:00
Alex Bilbie
a1c3746a5a Another docblock fix 2014-11-07 01:26:42 +00:00
Alex Bilbie
d23dc4d247 Docblock fixes 2014-11-07 01:25:13 +00:00
Alex Bilbie
293bc52972 Code declared in interface, not needed 2014-11-07 01:25:04 +00:00
Alex Bilbie
11ab167376 Docblock fix 2014-11-07 01:20:05 +00:00
Alex Bilbie
f290de6dfc Docblock fixes 2014-11-07 01:17:04 +00:00
Alex Bilbie
d260167155 Docblock fixes 2014-11-07 01:13:21 +00:00
Alex Bilbie
fedd10b5ed Docblock fix 2014-11-07 01:07:55 +00:00
Alex Bilbie
746cd4ab7d Namespace fix 2014-11-07 01:07:47 +00:00
Alex Bilbie
f01cf7ef2f Merge branch 'develop' of github.com:thephpleague/oauth2-server into develop 2014-11-07 00:46:09 +00:00
Alex Bilbie
61f8195edd Docblock fixes 2014-11-07 00:46:02 +00:00
Alex Bilbie
fbf1535db1 Renamed Adapter to AbstractStorage because it isn't actually an adapter 2014-11-07 00:45:25 +00:00
Leevi Graham
b60693c5d6 Associate the $client with $session. 2014-11-07 07:50:22 +11:00
Alex Bilbie
bfcccb2671 Merge pull request #215 from sumeko/patch-1 
Update AbstractServer.php
 2014-10-01 22:26:57 +01:00
Alex Bilbie
0f13ff188a Renamed method to getRequest 2014-10-01 00:14:16 +01:00
Alex Bilbie
136edf16c5 Fix #213 2014-09-30 23:55:21 +01:00
Alex Bilbie
536ef3244d Inject the session into the token type 2014-09-30 22:28:49 +01:00
Alex Bilbie
a3f5d20592 Changed method names to be clearer that we're setting params 2014-09-30 22:28:38 +01:00
Alex Bilbie
1e3a192920 Inject server into tokentype 2014-09-30 22:26:34 +01:00
Alex Bilbie
b68a5c2abb Added authentication failure events 2014-09-30 22:16:34 +01:00
Sum
64ca2a4b49 Update AbstractServer.php 2014-09-22 12:56:15 +07:00
pulkit
1ff3d1adda support grant specific access token ttl 2014-09-11 13:58:01 +01:00
Alex Bilbie
9e2a6ed238 If there are no scopes to format then just return an empty array 2014-09-10 17:22:01 +01:00
Alex Bilbie
be51cdf9b1 Fixed spelling mistake 2014-09-09 13:36:20 +01:00
Alex Bilbie
7d8989a8cd Fix #202 2014-08-18 16:47:36 +01:00
Alex Bilbie
b9e12a7fec Removed length 2014-08-16 10:57:08 +02:00
Alex Bilbie
522c7478c7 Fix #169 2014-08-06 09:53:47 +01:00
Alex Bilbie
130d42c85e Removed some files which shouldn't be there 2014-08-06 09:37:19 +01:00
Alex Bilbie
0433791bc6 Accidentally merged wrong version of file 2014-08-06 09:29:32 +01:00
Alex Bilbie
79f15f3855 Merge branch 'v4.0.0-WIP' into develop 
Conflicts:
	.gitignore
	.travis.yml
	README.md
	composer.json
	phpunit.xml
	sql/mysql.sql
	src/League/OAuth2/Server/Grant/RefreshToken.php
	src/League/OAuth2/Server/Resource.php
	src/League/OAuth2/Server/Storage/SessionInterface.php
	src/League/OAuth2/Server/Util/Request.php
	src/Util/KeyAlgorithm/DefaultAlgorithm.php
	tests/resource/ResourceServerTest.php
	tests/util/RedirectUriTest.php
	tests/util/RequestTest.php
	tests/util/SecureKeyTest.php
 2014-08-06 09:21:56 +01:00
Alex Bilbie
0754b9ec75 Merge branch 'v4.0.0-relational-example' into v4.0.0-WIP 2014-08-06 09:02:54 +01:00
Alex Bilbie
06d5b343d6 Fixed incorrect exception status code and error type 2014-08-06 08:42:58 +01:00
Alex Bilbie
07a42f6f43 Added setAccessTokenId method 2014-08-06 08:42:42 +01:00
Alex Bilbie
71ac21b70e Removed unnecessary methods 2014-08-06 08:41:50 +01:00
Alex Bilbie
7b9899c46b Removed line break in error messages 2014-08-04 09:11:53 +01:00
Alex Bilbie
f3fc921212 Added redirect URI property 2014-07-27 17:16:46 +01:00
Alex Bilbie
54e6bbd4a6 expires isn't part of the spec 2014-07-27 17:15:55 +01:00
Alex Bilbie
0d6c4f65b9 Store the redirect URI too 2014-07-27 17:14:50 +01:00
Robbie Mackay
49b776c495 In Resource::getExceptionHttpHeaders() use Request::BuildFromGlobals 2014-07-23 07:48:05 -07:00
Woody Gilk
31e03c2d36 Fix broken http header extraction in Util\Request 2014-07-23 07:47:29 -07:00
Alex Bilbie
20032f33a2 More tests 2014-07-12 12:07:46 +01:00
Alex Bilbie
b694cca743 Fix broken test 2014-07-12 08:58:18 +01:00
Alex Bilbie
1e78f62823 Lotsa bug fixes and updates 2014-07-11 18:27:03 +01:00
Alex Bilbie
48dea185d8 Added getEventEmitter method to abstractserver 2014-07-11 18:18:41 +01:00
Woody Gilk
f34dd4a0cb 401 status is for invalid_token, not insufficient_scope 2014-07-11 11:59:18 -05:00
Alex Bilbie
0a3215be8e Added entity trate 2014-07-11 15:18:47 +01:00
Alex Bilbie
954f29f879 Added league/event and implemented SessionOwnerEvent 2014-07-11 15:13:28 +01:00
Woody Gilk
33f4f5b7ab Add $required parameter to hasScope(), triggers InsufficientScopeException 2014-07-10 17:02:16 -05:00
Woody Gilk
e61782975a Copy getExceptionType(), getExceptionMessage(), and getExceptionHttpHeaders() to Resource server 2014-07-10 17:02:16 -05:00
Woody Gilk
d7c1c50269 Throw MissingAccessTokenException in the Resource server when no token exists 2014-07-10 16:59:25 -05:00
Fahmi Ardi
92779ad078 missing clientSecret variable 2014-07-03 15:03:58 +07:00
Fahmi Ardi
83c7dea1cc allowing client crendentials to be sent as Basic authentication 2014-07-03 14:58:13 +07:00
Alex Bilbie
33c68a2103 More updates to relational example 2014-06-23 08:20:34 +01:00
Alex Bilbie
9af1d2a201 100% test coverage 2014-06-20 14:29:47 +01:00
Alex Bilbie
f24d1be3e9 Merge branch 'refs/heads/v4.0.0-WIP' into v4.0.0-relational-example 2014-06-20 14:16:40 +01:00
Alex Bilbie
80802e5df4 Merge branch 'v4.0.0-WIP' of github.com:php-loep/oauth2-server into v4.0.0-WIP 2014-06-20 14:16:09 +01:00