Alex Bilbie
e184691ded
Merge pull request #776 from yannickl88/fix/perm-key-check
...
Removed chmod from CryptKey and add toggle to disable checking
2017-08-03 16:04:08 +01:00
Alex Bilbie
b2648218f1
Merge pull request #777 from hhamon/hhamon-patch-1
...
[BC Break] Fixes invalid code challenge method payload key name
2017-08-03 16:03:48 +01:00
Yannick de Lange
2aca909d20
Removed chmod from CryptKey and add toggle to disable checking
2017-08-03 15:57:39 +02:00
Hugo Hamon
79038ced78
[BC Break] Fixes invalid code challenge method payload key name
...
I guess this change might be a BC break for existing and active authorization tokens when they're validated by the server. The good thing is that an authorization token has a very short expiration time and is used once to request an access token.
2017-08-02 17:55:11 +02:00
Alex Bilbie
7c2218fdcc
Merge pull request #773 from kumy/issue-772
...
Fix #772 - PR should be based on master branch
2017-07-30 08:32:30 +01:00
Alex Bilbie
935fff8308
Merge pull request #770 from benito103e/master
...
Updated PHPDoc about the unicity violation exception throwing
2017-07-30 08:31:50 +01:00
Mathieu Alorent
0f1ddaaacf
Fix #772 - PR should be based on master branch
2017-07-29 17:41:44 +02:00
Benjamin Dieleman
ecc07abb33
Updated PHPDoc about the unicity violation exception throwing
...
UniqueTokenIdentifierConstraintViolationException can be thrown when persisting tokens
2017-07-27 17:31:01 +02:00
Alex Bilbie
a1b8d87b47
Updated changelog
2017-07-19 07:58:56 +01:00
Alex Bilbie
80fc8e654b
Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600
2017-07-19 07:57:47 +01:00
Alex Bilbie
317f46b7ae
Merge pull request #754 from Lctrs/fix/missing-sprintf
...
Fix missing sprintf() calls
2017-07-07 16:50:08 +01:00
Jérôme Parmentier
88bf8b2367
Fix missing sprintf
2017-07-03 20:28:28 +02:00
Alex Bilbie
315d079033
Added link to security release information page
2017-07-02 18:44:55 +01:00
Alex Bilbie
2824f7d27e
Fixed examples
2017-07-01 18:46:48 +01:00
Alex Bilbie
0a6a4deca6
5.1.4 not 5.1.14
2017-07-01 18:38:35 +01:00
Alex Bilbie
00c645545a
Updated changelog
2017-07-01 18:33:17 +01:00
Alex Bilbie
417a64ad43
Added security notice
2017-07-01 18:33:03 +01:00
Alex Bilbie
f5c3ba0b24
Removed dead code
2017-07-01 18:22:51 +01:00
Alex Bilbie
e1ef133067
Dropped PHP 5.5 compatability
2017-07-01 18:22:44 +01:00
Alex Bilbie
523434902c
Removed dead code
2017-07-01 18:15:41 +01:00
Alex Bilbie
aac467e616
Fixed broken tests
2017-07-01 18:11:19 +01:00
Alex Bilbie
76c2b6f88c
AuthorizationServer no longer needs to know about the public key
2017-07-01 18:11:10 +01:00
Alex Bilbie
72349ef22f
Encryption key is now always required so remove redundent code
2017-07-01 18:10:53 +01:00
Alex Bilbie
850793ab88
Added missing methods
2017-07-01 18:08:49 +01:00
Alex Bilbie
0f73bf0054
Encryption key just uses Defuse\Crypto now, no key based crypto
2017-07-01 18:07:51 +01:00
Alex Bilbie
7953f27b38
Stop testing HHVM
2017-07-01 18:07:09 +01:00
Alex Bilbie
cc2c3a7044
Removed unnecessary stuff from composer.json
2017-07-01 18:07:01 +01:00
Alex Bilbie
06424fdbe2
Use Trusty for TravisCI
2017-07-01 17:24:11 +01:00
Alex Bilbie
55f93f9400
Merge pull request #752 from thephpleague/analysis-qBDGNm
...
Apply fixes from StyleCI
2017-07-01 17:20:19 +01:00
Alex Bilbie
aee1779432
Apply fixes from StyleCI
2017-07-01 16:19:23 +00:00
Alex Bilbie
09c167ac43
Updated changelog and readme
2017-07-01 17:17:55 +01:00
Alex Bilbie
765a01021b
Updated error message
2017-07-01 16:45:29 +01:00
Alex Bilbie
0706d66c76
Don’t pad and shuffle the payload if an encryption key has been set
2017-07-01 16:45:29 +01:00
Alex Bilbie
e123fe82d0
Ignore error_log messages in code coverage
2017-07-01 16:45:29 +01:00
Alex Bilbie
107cfc3678
Updated examples
2017-07-01 16:45:29 +01:00
Alex Bilbie
1954120c3d
Use catch all exception
2017-07-01 16:45:29 +01:00
Alex Bilbie
dd5eee150d
Ensure response type also has access to the encryption key
2017-07-01 16:45:29 +01:00
Alex Bilbie
76c1349181
Updated random_compat version
2017-07-01 16:45:29 +01:00
Alex Bilbie
1af4012df4
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption
2017-07-01 16:45:29 +01:00
Alex Bilbie
4a717104fa
Shuffle the contents of the authorization code payload
2017-07-01 16:45:29 +01:00
Alex Bilbie
63530443fe
Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode
2017-07-01 16:44:57 +01:00
Alex Bilbie
2f8de3d230
Ensure the server is the exclusive owner of the key
2017-07-01 16:44:51 +01:00
Alex Bilbie
57d199b889
Stricter validation of code challenge value to match RFC 7636 requirements
2017-07-01 16:44:43 +01:00
Alex Bilbie
6bdd108145
Escape scope parameter to reduce pontential XSS vector
2017-07-01 16:43:31 +01:00
Diogo Oliveira de Melo
170ce2fd2d
Replaces array_key_exists by isset, which is faster, on ImplicitGrant.
2017-06-30 15:42:23 -03:00
Dave Marshall
83228bdcd5
Change case for implict grant token_type
2017-03-27 12:11:25 +01:00
Alex Bilbie
bf7084a147
Merge pull request #709 from toby-griffiths/fix-refresh-token-ttl
...
Corrected DateInterval from 1 min to 1 month
2017-03-02 14:06:27 +00:00
Toby Griffiths
13c608b849
Corrected DateInterval from 1 min to 1 month
2017-03-01 13:08:42 +00:00
Alex Bilbie
ded7c1ed47
Mentioned PHP 7.1 support
2017-02-02 17:29:06 +00:00
François Kooman
6426e597a3
Fix PKCE code verifier encoding to match specification
...
The current implementation of PKCE does not follow the specification
correctly regarding the encoding of the code verifier. This patch
correctly encodes the hash of the code verifier according to
Appenix A of RFC 7636.
2017-01-24 11:36:34 +01:00