Commit Graph

2220 Commits

Author SHA1 Message Date
Erick Torres
ce2662ece7 Merge branch 'master' of github.com:thephpleague/oauth2-server into fix-pkce-implementation
# Conflicts:
#	tests/Grant/AuthCodeGrantTest.php
2018-02-05 15:32:15 -05:00
Karim PINCHON
d2641b560d Do not create key file if it already exists and it is the same 2018-01-29 11:05:10 +01:00
Andrew Millington
8bbd218856
Merge pull request #842 from sgomez/fix-challenge-pkce
Fix S256 code challenge method
2018-01-25 23:16:15 +00:00
Andrew Millington
eb9cde5ab7
Merge pull request #805 from raarts/Accept-RSA-key-with-crlf-v2
Also accept an RSA key with crlf
2018-01-23 22:24:52 +00:00
Sergio Gómez
1b692e2298 Fix S256 code challenge method
According to [RFC7636#section-4.3](https://tools.ietf.org/html/rfc7636#section-4.3):

    If the "code_challenge_method" from Section 4.3 was "S256", the
    received "code_verifier" is hashed by SHA-256, base64url-encoded, and
    then compared to the "code_challenge", i.e.:

    BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge

So, the hash must be done before the base64_encode.

The tests are modified to use example data from the
[RFC7636#appendix-B](https://tools.ietf.org/html/rfc7636#appendix-B).
2018-01-18 05:31:44 +01:00
liverbool
d22f222e65 BUGFIX: Wrong redirect uri.
This's bugfix when redirect on error.
2018-01-13 11:52:31 +07:00
Simon Hobbs
cf9acb32b8
Allow some more secure options without tsk-tsk. 2018-01-13 15:29:42 +11:00
Alex Bilbie
92d8052a5b
Merge pull request #836 from knewzen/master
remove codesponsor
2018-01-04 20:09:23 +00:00
knewzen
a3289c6ecb remove codesponsor 2018-01-05 01:08:14 +08:00
SunMar
292272d128 Allow CryptTrait to accept a \Defuse\Crypto\Key as encryption key #812 2018-01-04 15:14:03 +01:00
Ron Arts
ef8a741527 In public/private keys, force the header to be on its own line, allow missing \n after the footer 2018-01-04 12:17:31 +01:00
Ron Arts
91d9c11fb4 Fixed tests, allow whitespace at the end of a key 2018-01-03 10:18:32 +01:00
Ron Arts
2ec8d148b0 fix .gitattributes 2018-01-03 09:41:39 +01:00
Erick Torres
01d21b2533 Update statement to generate codeChallenge in AuthCodeGrantTest 2017-12-29 12:32:12 -05:00
Andrew Millington
ff29721ca9
Removing call to setEncryptionKey as no such function on the authorization server 2017-12-29 12:29:47 +00:00
Andrew Millington
5b79b40df9
Fixed count placement to make code more efficient as per scrutinizer feedback 2017-12-29 12:25:39 +00:00
Andrew Millington
b6d9835281
Merge branch 'master' into fix-pkce-implementation 2017-12-28 16:37:37 +00:00
Andrew Millington
57ca83a8ba
Removing missing scope tests as temporarily reverted this functionality 2017-12-24 00:18:20 +00:00
Andrew Millington
41bba7f58c
Removing missing scope test
Temporarily removing missing scope test as have reverted this functionality for version 6.1.1
2017-12-24 00:07:22 +00:00
Andrew Millington
dcae4af6ce
Remove missing scope test
Temporarily removing missing scope test for the AuthGrant
2017-12-24 00:06:18 +00:00
Andrew Millington
a0cabb573c
Update AbstractGrant.php
Temporarily removing check on empty scopes as causing issues for Passport users
2017-12-23 23:33:42 +00:00
Andrew Millington
276d5b655b
Update README.md
Updating readme to refer to the latest 5.1.* branch
2017-12-23 13:20:52 +00:00
Andrew Millington
00138446b6
Merge pull request #828 from Sephster/master
Fixed ordering so we only hash after base64 encoding
2017-12-23 02:14:34 +00:00
Andrew Millington
1c36b70dab
Fixed ordering so we only hash after base64 encoding 2017-12-23 02:06:18 +00:00
Andrew Millington
f11e4c81cd
Merge pull request #697 from fkooman/fix-s256
Fix PKCE code verifier encoding to match specification
2017-12-23 01:52:33 +00:00
Andrew Millington
f5a1feb67d
Added PHP 7.2 to the supported versions 2017-12-13 21:05:36 +00:00
Andrew Millington
1ad4d2121f
Merge pull request #822 from carusogabriel/patch-1
Test against PHP 7.2
2017-12-13 21:04:25 +00:00
Andrew Millington
1660dd0559
Merge pull request #824 from carusogabriel/refactoring-tests
Refactoring tests
2017-12-13 21:02:09 +00:00
Gabriel Caruso
9ceafe5dd3 Refactoring tests 2017-12-06 18:24:42 -02:00
Gabriel Caruso
d1d68242ea
Test against PHP 7.2 2017-11-30 23:52:50 -02:00
Andrew Millington
a53e753b1a
Merge pull request #818 from imanghafoori1/master
flatten code
2017-11-23 22:42:26 +00:00
Iman
f88961eddd
flatten code 2017-11-23 21:26:39 +03:30
Andrew Millington
8c93fd74c9
Merge pull request #573 from ismailbaskin/master
Include redirect_uri check on authorization endpoint
2017-11-19 20:57:27 +00:00
Andrew Millington
2765481b9f
Handle no scope hint 2017-11-18 18:47:38 +00:00
Andrew Millington
9273936009 Fix bug where not specifying the bad scope 2017-11-18 18:46:03 +00:00
Andrew Millington
5f4ec6a154
Merge pull request #811 from Sephster/master
Add default scopes to authentication server
2017-11-16 19:27:41 +00:00
Sephster
b50c7622db Add in validation for authorization requests.
Fixes thephpleague/oauth2-server#677
2017-11-14 00:12:04 +00:00
Sephster
dc9c1a1023 Remove blank line to keep code consistent 2017-11-13 23:59:55 +00:00
Sephster
6e6baf5b75 Remove abstract authorize grant use 2017-11-13 23:57:24 +00:00
Sephster
7878cf9c13
Merge remote-tracking branch 'upstream/master' 2017-11-13 23:52:36 +00:00
Sephster
1bcee9aaba Add a test for a missing scope for the password grant 2017-11-13 23:16:30 +00:00
Sephster
1e3a84fc85 Add a test to ensure response requests fail without a scope specified 2017-11-13 23:00:27 +00:00
Sephster
a5c5929dc9 Change default scope to be basic 2017-11-13 22:34:12 +00:00
Sephster
c6bf2e1df0 Remove unnecessary white spaces 2017-11-13 22:31:50 +00:00
Sephster
eb645063c7 Reverted the abstract authorise grant to its previous state 2017-11-13 22:25:31 +00:00
Sephster
65789e0f39 Fix tests to support default scopes for authorization requests 2017-11-13 22:20:42 +00:00
Sephster
512d4898e2 Revert previous change 2017-11-13 22:20:16 +00:00
Sephster
c895885700 Modify grants so only auth requests use default scopes 2017-11-13 22:19:44 +00:00
Andrew Millington
661a0994c6
Merge pull request #810 from gabriel-caruso/phpunit
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
2017-11-08 20:03:08 +00:00
Gabriel Caruso
3871aee48c Bump PHPUnit version for compatibility 2017-11-08 16:20:31 -02:00