Commit Graph

1566 Commits

Author SHA1 Message Date
Alex Bilbie
cc7596f3b3 Renamed storage to repository 2015-02-22 19:44:26 +00:00
Alex Bilbie
7da7484008 Added security section 2015-02-05 16:14:59 +00:00
Alex Bilbie
b42ba4af17 Merge pull request #303 from hannesvdvreken/fix/consistent-use-and-fqcn
Boyscouting the php docs to always use FQCNs
2015-01-23 10:47:26 +00:00
Hannes Van De Vreken
dd795a82f4 Changed the order and added missing throws 2015-01-23 11:21:12 +01:00
Hannes Van De Vreken
166362d3cd Boyscouting the php docs to always use FQCNs 2015-01-23 11:17:19 +01:00
Alex Bilbie
ea6edf572a Changelog update 2015-01-01 12:56:20 +00:00
Alex Bilbie
19b64c2e65 Merge pull request #290 from sarciszewski/patch-1
Remove side-effects in hash_equals()
2015-01-01 12:52:03 +00:00
Scott Arciszewski
612775466c Remove side-effects in hash_equals()
This is functionally identical, but without the side-effect of defining a function in the current namespace.

Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first.

Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
2015-01-01 01:34:22 -05:00
Alex Bilbie
740ea24e08 Changelog update 2014-12-31 16:03:26 +00:00
Alex Bilbie
e1c14abf6c Lowered symfony/http-foundation to ~2.4 so Laravel can use it 2014-12-31 15:51:52 +00:00
Alex Bilbie
d1aae27359 Version bump 2014-12-27 23:01:11 +00:00
Alex Bilbie
80aeaf9200 Merge branch 'Symplicity-master' into release/4.1.0 2014-12-27 23:00:17 +00:00
Alex Bilbie
282bb20cc8 Fix docblocks + method name 2014-12-27 23:00:11 +00:00
Alex Bilbie
b727be55a2 Merge branch 'master' of https://github.com/Symplicity/oauth2-server into Symplicity-master 2014-12-27 22:57:08 +00:00
Alex Bilbie
cf80a2d6ce README update 2014-12-27 22:55:30 +00:00
Alex Bilbie
72a5c1794a Remove unused namespace 2014-12-27 22:50:13 +00:00
Alex Bilbie
707c85b0d6 Fixes and tests 2014-12-27 22:26:31 +00:00
Alex Bilbie
c56562b0b8 PSR fixes 2014-12-27 21:38:01 +00:00
Alex Bilbie
d0b2498b43 Ignore PHPStorm 2014-12-27 21:35:45 +00:00
Alex Bilbie
17be6f4549 Added MacTokenInterface 2014-12-27 21:35:45 +00:00
Alex Bilbie
b50fbff1e3 Update docblock 2014-12-27 21:35:45 +00:00
Alex Bilbie
7375a348c6 PHP code fix 2014-12-27 21:35:45 +00:00
Alex Bilbie
ae5dd9ce65 Added MAC TokenType 2014-12-27 21:35:45 +00:00
Alex Bilbie
f9e56ff62a Added MAC storage getter and setter 2014-12-27 21:35:45 +00:00
Alex Bilbie
1bcf7ee20f Update .travis.yml 2014-12-26 17:03:35 +00:00
Alex Bilbie
bee9c6a51d Added Gitter.im 2014-12-26 16:59:09 +00:00
Dave Walker
851c7c0eb1 Per the spec:
The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)
2014-12-21 18:51:52 -05:00
Alex Bilbie
7fff4a8fe8 Merge pull request #280 from danprime/master
Fix Example Init Code
2014-12-17 10:10:50 +00:00
Alex Bilbie
44ac01ee0e Merge pull request #284 from mortenhauberg/fix-misspelling
Changed "paremter" to "parameter"
2014-12-16 19:48:40 +00:00
mortenhauberg
60bd334b46 Changed "paremter" to "parameter" 2014-12-16 19:04:03 +01:00
Alex Bilbie
7398bee59e Version bump 2014-12-15 17:34:38 +00:00
Alex Bilbie
40420f27ed Merge pull request #282 from maknz/master
Prevent duplicate session in auth code grant
2014-12-15 16:27:02 +00:00
Regan
d32bfaa757 Prevent duplicate session in auth code grant
The session already exists in the database, so we don't need to save it again. Doing so results in the session used for the auth code hanging around in the database with nothing associated to it, while the access token is associated to a new session caused by the `save()` method creating a duplicate. Fixes #266.
2014-12-15 15:09:36 +13:00
Daniel Tse
2653a174bb Update init.php 2014-12-12 10:25:52 -07:00
Daniel Tse
676fb4c06a Fix column declarations and references so that foreign keys and references work. 2014-12-11 15:50:42 -07:00
Alex Bilbie
7f815275d6 Fixes for .travis.yml 2014-12-11 14:25:35 +00:00
Alex Bilbie
a056e2fe03 Adding coverage to ghpages 2014-12-11 14:20:53 +00:00
Alex Bilbie
48d9fde133 Merge pull request #277 from GrahamCampbell/patch-1
Removed an extra new line
2014-12-10 15:19:50 +00:00
Graham Campbell
a12786cbd5 Removed an extra new line 2014-12-10 15:18:49 +00:00
Alex Bilbie
164cc6ddb9 Merge pull request #269 from Hywan/fix_example_api
Fix bad accesses and bad arguments
2014-12-10 15:13:10 +00:00
Alex Bilbie
27f51d33e1 Merge pull request #271 from inverse/example-fix
Example fix
2014-12-10 15:12:40 +00:00
Alex Bilbie
2108c88dfb Merge pull request #276 from GrahamCampbell/cs
CS Fixes
2014-12-10 15:12:16 +00:00
Graham Campbell
a1726903b5 CS fixes 2014-12-10 13:10:35 +00:00
Alex Bilbie
8075190e0c Merge pull request #275 from Hywan/cs
Fix API CS.
2014-12-10 09:58:06 +00:00
Ivan Enderlin
3b176fe220 Fix API CS. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
986dc59627 The create method returns void. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
0878897969 Fix API CS. 2014-12-09 14:15:36 +01:00
Alex Bilbie
0ce7ecb45a Merge pull request #273 from sarciszewski/patch-1
Make Util/KeyAlgorithm/DefaultAlgorithm guarantee $len bytes of output even in edge cases.
2014-12-09 12:53:04 +00:00
Scott Arciszewski
7a63f42462 Update DefaultAlgorithm.php
Prevent edge-case whereby, if the majority of `base64_encode($bytes)` consists of `/` or `+` characters, the resulting key will be shorter and less unpredictable (due to a smaller keyspace) than anticipated.

As a result, the `$len * 2` hack has been removed. Although it is highly probable that `$len * 2` will stop most edge cases from occurring, it does not actually guarantee the end result will be at least 40 characters long.
2014-12-08 18:40:31 -05:00
Malachi Soord
774341c346 Fixed tokeninfo 2014-12-05 18:24:24 +01:00