2b7923c593
Fix inheritdoc case
2019-07-13 17:49:26 +01:00
3f95c0d11e
Update validateClient arguments list
2019-07-13 17:40:38 +01:00
4be97e6fd0
Update composer dependencies and remove mustValidateSecret
2019-07-13 17:37:45 +01:00
aba5353257
Add validateClient() function to ClientRepository
2019-07-13 17:31:09 +01:00
7f0879b8b4
Change header type
2019-07-02 22:52:13 +01:00
cb9aa25c89
Re-add removed changelog instances
2019-07-02 22:51:12 +01:00
a6a499f8fb
Remove Simon Hamp from README
2019-07-02 22:20:37 +01:00
ccf36588ee
Merge pull request #1024 from Sephster/update-dependencies
...
Update Dependencies
2019-07-02 22:15:29 +01:00
6b2a3db185
Removing php stan strict rules
2019-07-02 22:10:17 +01:00
1a6ebdf81c
Fix order of imports
2019-07-02 19:24:19 +01:00
46c86ed5b1
Apply style fix
2019-07-02 19:21:13 +01:00
a92a274d15
Use reflection instead of extension in test
2019-07-02 19:09:47 +01:00
c4c354e2df
Fix phpstan issues
2019-07-01 19:17:43 +01:00
7bc1ec643e
Remove unused import
2019-06-27 13:24:58 +01:00
51b97f87c1
Fix issues setting attributes on requests
2019-06-27 13:15:37 +01:00
e3b23fa826
Update dependencies and fix PHPUnit tests
2019-06-27 12:54:22 +01:00
bac79a26a8
Merge pull request #1010 from iansltx/protect-client-entity-gets
...
Ensure unvalidated ClientEntity gets throw/emit if they return null
2019-06-23 13:54:14 -04:00
012808f094
Update changelog
2019-06-23 17:56:32 +01:00
0db54cf1e5
Reinstate use for ClientEntityInterface
2019-06-23 17:40:39 +01:00
c7d047f7f5
Remove extra line spaces
2019-06-23 17:35:24 +01:00
e1324b88b2
Merge remote-tracking branch 'upstream/8.0.0' into protect-client-entity-gets
2019-06-23 17:23:40 +01:00
c60e8e3581
Merge pull request #1011 from iansltx/readme-release-notes-73-cleanup
...
Update release notes, clean up readme, add PHP 7.3 test for v8
2019-06-18 17:41:52 -04:00
e0ee244506
Remove duplicate entries from changelog
2019-06-18 22:30:17 +01:00
8b5841870f
Add more detail/precision to 8.0.0 changelog around breaking changes
2019-05-19 21:01:46 -05:00
048e45d8cd
Add more recent 7.x releases to changelog
2019-05-19 21:01:46 -05:00
bf75596989
Update security contact email to current maintainer
2019-05-19 21:01:41 -05:00
c5cfc0a371
Remove dead Commercial Support link
2019-05-19 20:52:28 -05:00
5ab4323856
Merge pull request #1014 from Sephster/drop-php-70-support
...
Drop php 7.0 support
2019-05-14 21:42:12 +01:00
28709f300f
Add pull request number to changelog
2019-05-14 21:30:30 +01:00
bd483d701b
Remove support for PHP 7.0
2019-05-14 21:26:17 +01:00
3dc324af6e
Merge pull request #1013 from Sephster/8.0.0
...
Add The Latest Changes from Master into 8.0.0 Branch
2019-05-14 21:09:46 +01:00
17923634bf
Set private keys in tests
2019-05-14 20:56:54 +01:00
a1cf22a3a9
Remove duplicate setting of expirydatetime
2019-05-14 16:11:34 +01:00
86d1581cd9
Remove unused imports
2019-05-14 15:57:13 +01:00
521ed9a8cb
Merge master into 8.0.0 branch
2019-05-14 15:46:01 +01:00
1bbcb57d63
Merge pull request #1009 from iansltx/skip-s256-if-not-installed
...
Skip SHA256 verifier if system doesn't support sha256
2019-05-14 14:55:39 +01:00
93d4b947d8
Merge pull request #1008 from iansltx/typehints-and-exts
...
Typehint ServerRequestInterface on OAuthServerException, explicitly require ext-json
2019-05-13 10:25:32 +01:00
27d5c5ed8d
Ensure unvalidated ClientEntity gets throw/emit if they return null
...
In many cases, we validate client info before pulling from client itself
from the repository, in which case it's safe to assume that you can grab
the client once validation passes. However on implicit/auth code grants
we don't have this guarantee due to non-confidential clients that just
reference the client ID. In those cases the client may supply a client
ID that doesn't exist, and we don't do a validation step before pulling
it from the repo.
The issue with that is that ClientRepository doesn't actually enforce
returning a ClientInterface via typehint, nor does it even suggest an
exception to throw if the client doesn't exist. So in most places we
do an instanceof check after the repository returns and throw/emit an
error event if the client doesn't exist.
This approach ends up being a bit error-prone; we missed one case where
we should've been doing this check: in the access token request on an
auth code grant. We don't do enough validation beforehand to assume that
the incoming request has an accurate client ID, so L96 could absolutely
be a method call on a non-object.
This commit centralizes the return-check-emit-throw logic so it's a
one-liner for wherever we need it, including the access token request
processor for auth code grants.
2019-05-11 14:35:59 -05:00
4ecd3131c1
Skip SHA256 verifier if system doesn't support sha256
2019-05-11 14:23:56 -05:00
3fdfbe11f6
Explicitly require ext-json
...
Makes phpstorm happier; take or leave
2019-05-11 13:37:22 -05:00
42df2d9c47
Add typehints to OAuthServerException calls
2019-05-11 13:35:24 -05:00
2eb1cf79e5
Update changelog for version 7.4.0
2019-05-05 10:22:01 +01:00
382b6f5fbf
Merge pull request #1000 from filecage/master
...
Optional Refresh Tokens
2019-05-05 09:48:53 +01:00
86869eafbb
Add whitespace around control blocks
2019-05-05 09:03:13 +01:00
9236e842d9
Clarify changelog message
2019-05-05 08:58:34 +01:00
9bc7f6c8c5
removing simplified_null_return
2019-04-29 19:13:26 +02:00
1e9a468e66
Merge branch 'master' into master
2019-04-12 11:17:37 +02:00
c7f4998497
Update links
2019-03-29 18:19:35 +00:00
0a78236f17
Update changelog for version 7.3.3
2019-03-29 18:18:35 +00:00
a68f8001a4
Merge pull request #1006 from marc-mabe/fix-958-error_description
...
spec compliant 'error_description' but keep 'message' for BC
2019-03-29 16:28:33 +00:00
Andrew Millington
Ian Littman
filecage
David