1061 Commits

Author	SHA1	Message	Date
Alex Bilbie	850793ab88	Added missing methods	2017-07-01 18:08:49 +01:00
Alex Bilbie	0f73bf0054	Encryption key just uses Defuse\Crypto now, no key based crypto	2017-07-01 18:07:51 +01:00
Alex Bilbie	aee1779432	Apply fixes from StyleCI	2017-07-01 16:19:23 +00:00
Alex Bilbie	765a01021b	Updated error message	2017-07-01 16:45:29 +01:00
Alex Bilbie	0706d66c76	Don’t pad and shuffle the payload if an encryption key has been set	2017-07-01 16:45:29 +01:00
Alex Bilbie	e123fe82d0	Ignore error_log messages in code coverage	2017-07-01 16:45:29 +01:00
Alex Bilbie	1954120c3d	Use catch all exception	2017-07-01 16:45:29 +01:00
Alex Bilbie	dd5eee150d	Ensure response type also has access to the encryption key	2017-07-01 16:45:29 +01:00
Alex Bilbie	1af4012df4	New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption	2017-07-01 16:45:29 +01:00
Alex Bilbie	4a717104fa	Shuffle the contents of the authorization code payload	2017-07-01 16:45:29 +01:00
Alex Bilbie	63530443fe	Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode	2017-07-01 16:44:57 +01:00
Alex Bilbie	2f8de3d230	Ensure the server is the exclusive owner of the key	2017-07-01 16:44:51 +01:00
Alex Bilbie	57d199b889	Stricter validation of code challenge value to match RFC 7636 requirements	2017-07-01 16:44:43 +01:00
Alex Bilbie	6bdd108145	Escape scope parameter to reduce pontential XSS vector	2017-07-01 16:43:31 +01:00
jeremykendall	01677a564e	Fix WWW-Authenticate entry in $headers array ... In this context the header name should be the array key and the header value the array value.	2016-10-11 22:27:24 -05:00
Alex Bilbie	b1bfff7325	Don't pass in user because we don't know who user is	2016-09-19 10:05:55 +01:00
Alex Bilbie	11ccc305d0	Applied fixes from StyleCI	2016-09-13 14:17:09 +00:00
Alex Bilbie	d7df2f7e24	Fix for #650	2016-09-13 15:16:58 +01:00
Julián Gutiérrez	065ef5db99	CryptKey tests	2016-07-19 17:15:36 +02:00
Julián Gutiérrez	039537ebe2	touch!	2016-07-19 15:06:32 +02:00
Julián Gutiérrez	d8930af5ee	key file auto-generation from string	2016-07-19 15:01:31 +02:00
Ian Littman	090c01d3d1	Allow easy addition of custom fields to Bearer token response	2016-07-16 10:27:33 -05:00
Pierre Rineau	57323f38f7	while(array_shift()) makes the AuthorizationServer class configuration mutable	2016-07-13 12:03:05 +02:00
Lukáš Unger	c874c59b9c	Explicitly compare to false when checking not instanceof	2016-07-09 12:09:21 +02:00
Lukáš Unger	c3a4670c11	Updated PHPDoc	2016-07-09 02:01:53 +02:00
Alex Bilbie	5ee1583c5b	Ensure state is in access denied redirect. Fixes #597	2016-06-28 09:03:01 +01:00
Alex Bilbie	66de05a395	Merge pull request #605 from jfilla/master ... Added catch Runtime exception when parsing JWT string	2016-06-28 08:49:29 +01:00
Alex Bilbie	df20da1235	Merge pull request #601 from zerkms/ISSUE-596_UNIQUE_ACCESS_TOKEN ... Added a check for unique access token constraint violation	2016-06-28 08:48:38 +01:00
Jakub Filla	9eccc40eb6	Added catch Runtime exception when parsing JWT string	2016-06-22 12:38:03 +02:00
Ian Littman	9775c0076b	Look at Authorization header directly for HTTP Basic auth check ... Should allow for better compatibility with server implementations that aren't sitting on top of a standard SAPI (e.g. persistent web servers building a PSR-7 compatible request from a socket-received message). One catch here is that I've seen Apache hijack the HTTP Authorization header in the past, though that would probably impact the other aspects of the server just as much as it would this, so I think that risk is manageable. Added tests to cover all paths through the new code, so the AbstractGrant type still has 100% coverage :) Did notice that, as of the latest versions of PHPUnit, the mock creation method is deprecated. Maybe that needs to be updated? Haven't checked to see whether the replacements are PHPUnit 4.8 compatible though, so maybe they need to stay in order to test on older PHP versions?	2016-06-21 21:08:38 -05:00
Ivan Kurnosov	b68ef973df	Added a check for unique access token constraint violation	2016-06-20 20:19:03 +12:00
Ivan Kurnosov	6b88cbeb13	Removed isExpired() from interfaces and traits	2016-06-17 19:50:04 +12:00
Julián Gutiérrez	22e6a350dd	unify middleware exception responses	2016-05-11 14:13:58 +02:00
Alex Bilbie	8e8aed1a50	Implemented RFC7636. Fixes #574	2016-05-06 15:23:16 +01:00
Alex Bilbie	db055f790d	Revert "Remove redundant parameters in example" #553 ... This reverts commit 9a93dca05c.	2016-05-04 09:10:05 +01:00
Alex Bilbie	cf63403585	Merge branch 'master' of github.com:thephpleague/oauth2-server	2016-05-04 08:56:04 +01:00
Alex Bilbie	cdf43e498e	Use constant for event name instead of explicit string. Fixes #563	2016-05-04 08:55:57 +01:00
Alex Bilbie	a12fc98b0d	Merge pull request #569 from ismailbaskin/patch-2 ... Correct wrong phpdoc	2016-05-04 08:45:58 +01:00
Lee	0bb968f413	Fixed typo in exception string	2016-05-04 15:13:48 +08:00
ismail BASKIN	88b19ad2d0	Correct wrong phpdoc	2016-05-04 00:54:36 +03:00
ismail BASKIN	72cd9a62e1	Remove unused request property	2016-04-30 05:08:28 +03:00
Alex Bilbie	acf262f879	Merge pull request #553 from markinjapan/patch-1 ... Remove redundant parameters in getNewToken()	2016-04-27 20:58:29 +01:00
Alex Bilbie	5241309bdb	Fixes #560	2016-04-27 20:53:12 +01:00
Mark	a6b7a5cedc	Remove use of redundant parameters	2016-04-20 16:52:36 +09:00
Mark	78b6bddc4d	Remove redundant parameters	2016-04-20 16:29:37 +09:00
Alex Bilbie	7bfd5b7d0d	Added abstract methods for required methods	2016-04-18 12:22:15 +01:00
Alex Bilbie	143a2e32f7	Client may return an array of redirect URIs	2016-04-18 12:21:42 +01:00
Alex Bilbie	8f418cff08	Added missing state parameter in redirect response	2016-04-18 12:19:54 +01:00
Alex Bilbie	fcec1f3442	Cody tidy	2016-04-18 12:19:36 +01:00
Alex Bilbie	46e7eef14e	Client could potentially return an array of redirect URIs	2016-04-18 12:12:36 +01:00