ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-30 07:19:42 +05:30
Code Issues Packages Projects Releases Wiki Activity
2,078 Commits 11 Branches 86 Tags
Commit Graph

97 Commits

Author SHA1 Message Date
Andrew Millington
9273936009 Fix bug where not specifying the bad scope 2017-11-18 18:46:03 +00:00
Sephster
c895885700 Modify grants so only auth requests use default scopes 2017-11-13 22:19:44 +00:00
Andrew Millington
0f08063864 Fixed use of default scope so it is only for authorization requests 2017-11-06 22:33:28 +00:00
Andrew Millington
ab760a805c Remove default scope from abstract grant 
This should be added to the AbstractAuthorizeGrant instead as it is 
only used for an authorization request
 2017-11-06 21:19:07 +00:00
Andrew Millington
4806eda45a Change to throw invalid scope instead of missing scope exception 2017-10-31 22:59:01 +00:00
Andrew Millington
c996b66528 Add means to set default scopes for grants 2017-10-18 22:08:41 +01:00
Alex Bilbie
850793ab88 Added missing methods 2017-07-01 18:08:49 +01:00
Alex Bilbie
11ccc305d0 Applied fixes from StyleCI 2016-09-13 14:17:09 +00:00
Lukáš Unger
c874c59b9c Explicitly compare to false when checking not instanceof 2016-07-09 12:09:21 +02:00
Lukáš Unger
c3a4670c11 Updated PHPDoc 2016-07-09 02:01:53 +02:00
Alex Bilbie
df20da1235 Merge pull request #601 from zerkms/ISSUE-596_UNIQUE_ACCESS_TOKEN 
Added a check for unique access token constraint violation
 2016-06-28 08:48:38 +01:00
Ian Littman
9775c0076b Look at Authorization header directly for HTTP Basic auth check 
Should allow for better compatibility with server implementations that aren't sitting on top of a standard SAPI (e.g. persistent web servers building a PSR-7 compatible request from a socket-received message).

One catch here is that I've seen Apache hijack the HTTP Authorization header in the past, though that would probably impact the other aspects of the server just as much as it would this, so I think that risk is manageable.

Added tests to cover all paths through the new code, so the AbstractGrant type still has 100% coverage :)

Did notice that, as of the latest versions of PHPUnit, the mock creation method is deprecated. Maybe that needs to be updated? Haven't checked to see whether the replacements are PHPUnit 4.8 compatible though, so maybe they need to stay in order to test on older PHP versions?
 2016-06-21 21:08:38 -05:00
Ivan Kurnosov
b68ef973df Added a check for unique access token constraint violation 2016-06-20 20:19:03 +12:00
Alex Bilbie
db055f790d Revert "Remove redundant parameters in example" #553 
This reverts commit 9a93dca05c4240ccc6a9bb99151b702ae5872263.
 2016-05-04 09:10:05 +01:00
Alex Bilbie
cdf43e498e Use constant for event name instead of explicit string. Fixes #563 2016-05-04 08:55:57 +01:00
Mark
a6b7a5cedc Remove use of redundant parameters 2016-04-20 16:52:36 +09:00
Alex Bilbie
fb8f47e868 Added $mustValidateSecret parameter to ClientRepositoryInterface:: getClientEntity(). Fixes #550 2016-04-18 08:32:49 +01:00
Lukáš Unger
3904767873 Fix scope loading in grants 2016-04-17 13:50:56 +02:00
Luca Degasperi
de635f826f Update AbstractGrant.php 
The hint is not necessary since it gets created by the exception with the parameter.
 2016-04-11 15:59:47 +02:00
Alex Bilbie
a68f07f734 Applied fixes from StyleCI 2016-04-10 08:53:54 -04:00
Alex Bilbie
a0c4900ee7 Client is not required here because of finalizeScopes method 2016-04-10 13:53:16 +01:00
Alex Bilbie
5d3516c7b4 Applied fixes from StyleCI 2016-04-10 06:48:46 -04:00
Alex Bilbie
b7064befe4 Checkin 2016-04-10 10:07:08 +01:00
Alex Bilbie
76ea6b5a6c Renamed grant type canRespondToRequest to canRespondToAccessTokenRequest 2016-04-09 16:22:00 +01:00
Alex Bilbie
2c2ef800d4 Applied fixes from StyleCI 2016-04-09 10:46:40 -04:00
Alex Bilbie
c6faa228fe Updated references to interfaces 2016-04-09 15:25:45 +01:00
Alex Bilbie
198f4c4b6f Merge branch 'token_from_repo' of https://github.com/frederikbosch/oauth2-server into frederikbosch-token_from_repo 
# Conflicts:
#	tests/Grant/AuthCodeGrantTest.php
#	tests/Grant/ImplicitGrantTest.php
#	tests/Grant/RefreshTokenGrantTest.php
 2016-04-09 14:12:06 +01:00
Alex Bilbie
8274c56fc2 Allow multiple client redirect URIs. Fixes #511 2016-04-09 13:36:08 +01:00
Frederik Bosch
de8f6ff539 add getNewAccessToken getNewRefreshToken and getNewAuthCode to repositories 2016-04-04 10:37:06 +02:00
Alex Bilbie
6383a58755 Updated scope validation 2016-03-24 10:04:15 +00:00
Alex Bilbie
a698a4da7e Added RequestEvent 2016-03-23 12:54:17 +00:00
Alex Bilbie
878afeb9f9 ClientRepository implementations are now responsible for dealing with client secret 2016-03-22 16:29:04 +00:00
Alex Bilbie
251190d828 Fix #468 and #473 2016-03-17 14:37:21 +00:00
Alex Bilbie
2f459b6470 Merge pull request #470 from juliangut/clarify 
V5 - Clarify names and return types
 2016-03-16 17:35:39 +01:00
Alex Bilbie
3365f3d733 Moved client secret validation to abstract grant. Fixes #460 2016-03-15 21:30:13 +00:00
Julián Gutiérrez
ae0edc40aa clarify names and return types 2016-03-15 22:25:28 +01:00
Julián Gutiérrez
66e473b1f0 clean use statment 2016-03-15 20:57:32 +01:00
Julián Gutiérrez
91c8daeb99 normalize repositories visibility 2016-03-15 20:54:59 +01:00
Julián Gutiérrez
592f60de70 allways extract scopes from repository 2016-03-15 01:10:47 +01:00
Julián Gutiérrez
ced63e2051 allow scopes extraction on GET requests for auth_code and implicit grants 2016-03-14 00:12:14 +01:00
Julián Gutiérrez
1bdeb71efb make StyleCI happy 2016-03-08 21:59:10 +01:00
Julián Gutiérrez
1632b80631 Merge branch 'V5-WIP' into secure_body_params_access 2016-03-08 21:57:43 +01:00
Alex Bilbie
997d390f3d Applied fixes from StyleCI 2016-02-22 03:00:50 -05:00
Alex Bilbie
d02437dd73 Improved testing 2016-02-21 18:13:39 +00:00
Alex Bilbie
7f539f8736 Removed unused exception parameters 2016-02-21 16:40:01 +00:00
Alex Bilbie
a2460886f6 Applied fixes from StyleCI 2016-02-19 18:09:39 -05:00
Julián Gutiérrez
a644eacea7 Merge branch 'V5-WIP' into move_identifier_generation 2016-02-18 18:14:59 +01:00
Alex Bilbie
064eb85f4e AbstractGrant now handles persisting tokens 2016-02-18 12:07:23 +00:00
Alex Bilbie
3b36ae9000 Rewrote validateClient method to progressively test client secret and redirect URI 2016-02-18 10:49:05 +00:00
Julián Gutiérrez
5d6634aa9f Merge branch 'V5-WIP' into move_identifier_generation 2016-02-13 14:11:38 +01:00