Yannick de Lange
2aca909d20
Removed chmod from CryptKey and add toggle to disable checking
2017-08-03 15:57:39 +02:00
Hugo Hamon
79038ced78
[BC Break] Fixes invalid code challenge method payload key name
...
I guess this change might be a BC break for existing and active authorization tokens when they're validated by the server. The good thing is that an authorization token has a very short expiration time and is used once to request an access token.
2017-08-02 17:55:11 +02:00
Alex Bilbie
7c2218fdcc
Merge pull request #773 from kumy/issue-772
...
Fix #772 - PR should be based on master branch
2017-07-30 08:32:30 +01:00
Alex Bilbie
935fff8308
Merge pull request #770 from benito103e/master
...
Updated PHPDoc about the unicity violation exception throwing
2017-07-30 08:31:50 +01:00
Mathieu Alorent
0f1ddaaacf
Fix #772 - PR should be based on master branch
2017-07-29 17:41:44 +02:00
Benjamin Dieleman
ecc07abb33
Updated PHPDoc about the unicity violation exception throwing
...
UniqueTokenIdentifierConstraintViolationException can be thrown when persisting tokens
2017-07-27 17:31:01 +02:00
Alex Bilbie
a1b8d87b47
Updated changelog
2017-07-19 07:58:56 +01:00
Alex Bilbie
80fc8e654b
Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600
2017-07-19 07:57:47 +01:00
Erick Torres
88ccb6ff13
Fix codeVerifier check. Keep code style.
2017-07-07 12:35:42 -05:00
Erick Torres
e2f9b73df3
Fix broken tests
2017-07-07 12:19:11 -05:00
Erick Torres
fbb3586cae
Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation
...
# Conflicts:
# src/Grant/AuthCodeGrant.php
# tests/Grant/AuthCodeGrantTest.php
2017-07-07 12:06:32 -05:00
Alex Bilbie
317f46b7ae
Merge pull request #754 from Lctrs/fix/missing-sprintf
...
Fix missing sprintf() calls
2017-07-07 16:50:08 +01:00
Jérôme Parmentier
88bf8b2367
Fix missing sprintf
2017-07-03 20:28:28 +02:00
Alex Bilbie
315d079033
Added link to security release information page
2017-07-02 18:44:55 +01:00
Alex Bilbie
2824f7d27e
Fixed examples
2017-07-01 18:46:48 +01:00
Alex Bilbie
0a6a4deca6
5.1.4 not 5.1.14
2017-07-01 18:38:35 +01:00
Alex Bilbie
00c645545a
Updated changelog
2017-07-01 18:33:17 +01:00
Alex Bilbie
417a64ad43
Added security notice
2017-07-01 18:33:03 +01:00
Alex Bilbie
f5c3ba0b24
Removed dead code
2017-07-01 18:22:51 +01:00
Alex Bilbie
e1ef133067
Dropped PHP 5.5 compatability
2017-07-01 18:22:44 +01:00
Alex Bilbie
523434902c
Removed dead code
2017-07-01 18:15:41 +01:00
Alex Bilbie
aac467e616
Fixed broken tests
2017-07-01 18:11:19 +01:00
Alex Bilbie
76c2b6f88c
AuthorizationServer no longer needs to know about the public key
2017-07-01 18:11:10 +01:00
Alex Bilbie
72349ef22f
Encryption key is now always required so remove redundent code
2017-07-01 18:10:53 +01:00
Alex Bilbie
850793ab88
Added missing methods
2017-07-01 18:08:49 +01:00
Alex Bilbie
0f73bf0054
Encryption key just uses Defuse\Crypto now, no key based crypto
2017-07-01 18:07:51 +01:00
Alex Bilbie
7953f27b38
Stop testing HHVM
2017-07-01 18:07:09 +01:00
Alex Bilbie
cc2c3a7044
Removed unnecessary stuff from composer.json
2017-07-01 18:07:01 +01:00
Alex Bilbie
06424fdbe2
Use Trusty for TravisCI
2017-07-01 17:24:11 +01:00
Alex Bilbie
55f93f9400
Merge pull request #752 from thephpleague/analysis-qBDGNm
...
Apply fixes from StyleCI
2017-07-01 17:20:19 +01:00
Alex Bilbie
aee1779432
Apply fixes from StyleCI
2017-07-01 16:19:23 +00:00
Alex Bilbie
09c167ac43
Updated changelog and readme
2017-07-01 17:17:55 +01:00
Alex Bilbie
765a01021b
Updated error message
2017-07-01 16:45:29 +01:00
Alex Bilbie
0706d66c76
Don’t pad and shuffle the payload if an encryption key has been set
2017-07-01 16:45:29 +01:00
Alex Bilbie
e123fe82d0
Ignore error_log messages in code coverage
2017-07-01 16:45:29 +01:00
Alex Bilbie
107cfc3678
Updated examples
2017-07-01 16:45:29 +01:00
Alex Bilbie
1954120c3d
Use catch all exception
2017-07-01 16:45:29 +01:00
Alex Bilbie
dd5eee150d
Ensure response type also has access to the encryption key
2017-07-01 16:45:29 +01:00
Alex Bilbie
76c1349181
Updated random_compat version
2017-07-01 16:45:29 +01:00
Alex Bilbie
1af4012df4
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption
2017-07-01 16:45:29 +01:00
Alex Bilbie
4a717104fa
Shuffle the contents of the authorization code payload
2017-07-01 16:45:29 +01:00
Alex Bilbie
63530443fe
Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode
2017-07-01 16:44:57 +01:00
Alex Bilbie
2f8de3d230
Ensure the server is the exclusive owner of the key
2017-07-01 16:44:51 +01:00
Alex Bilbie
57d199b889
Stricter validation of code challenge value to match RFC 7636 requirements
2017-07-01 16:44:43 +01:00
Alex Bilbie
6bdd108145
Escape scope parameter to reduce pontential XSS vector
2017-07-01 16:43:31 +01:00
Diogo Oliveira de Melo
170ce2fd2d
Replaces array_key_exists by isset, which is faster, on ImplicitGrant.
2017-06-30 15:42:23 -03:00
Erick Torres
4710743b87
Add "dist: trusty" into travis setting file
2017-06-16 17:09:13 -05:00
Erick Torres
11ad87b5f5
Update tests / Add missing.
2017-06-16 12:03:14 -05:00
Erick Torres
880e3b4590
Fix invalid code_challenge_method key.
2017-06-16 12:03:04 -05:00
Erick Torres
2167edf1d9
Validate codeVerifier and codeChallenge correctly.
2017-06-16 12:02:48 -05:00