More .travis.yml updates

Added fast_finish: true to .travis.yml
Merge pull request #323 from rdohms/interface-docs
2025-05-31 14:12:07 +05:30 · 2015-03-22 23:19:36 +00:00 · 2015-03-22 23:13:41 +00:00 · 2015-03-20 11:43:47 +00:00 · 2015-03-20 11:33:03 +01:00 · 2015-03-13 11:03:05 +00:00
14 changed files with 56 additions and 32 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,10 +1,22 @@
 language: php

+sudo: false
+
+cache:
+  directories:
+  - vendor
+
 php:
  - 5.4
  - 5.5
  - 5.6
+  - 7.0
  - hhvm
+  
+matrix:
+  allow_failures:
+    - php: 7.0
+  fast_finish: true

 install:
  - travis_retry composer install --no-interaction --prefer-source
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog

+## 4.1.2 (released 2015-01-01)
+
+* Remove side-effects in hash_equals() implementation (Issue #290)
+
 ## 4.1.1 (released 2014-12-31)

 * Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
--- a/README.md
+++ b/README.md
@@ -55,6 +55,10 @@ Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/mas

 Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)

+## Security
+
+If you discover any security related issues, please email hello@alexbilbie.com instead of using the issue tracker.
+
 ## License

 This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.
--- a/composer.json
+++ b/composer.json
@@ -6,7 +6,7 @@
 	"require": {
 		"php": ">=5.4.0",
 		"symfony/http-foundation": "~2.4",
-		"league/event": "1.0.*"
+		"league/event": "~2.1"
 	},
 	"require-dev": {
 		"phpunit/phpunit": "4.3.*",
--- a/examples/relational/Storage/AccessTokenStorage.php
+++ b/examples/relational/Storage/AccessTokenStorage.php
@@ -86,7 +86,7 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
     */
    public function delete(AccessTokenEntity $token)
    {
-        Capsule::table('oauth_access_token_scopes')
+        Capsule::table('oauth_access_tokens')
                    ->where('access_token', $token->getId())
                    ->delete();
    }
--- a/src/Entity/AuthCodeEntity.php
+++ b/src/Entity/AuthCodeEntity.php
@@ -12,7 +12,7 @@
 namespace League\OAuth2\Server\Entity;

 /**
- * Access token entity class
+ * Auth Code entity class
 */
 class AuthCodeEntity extends AbstractTokenEntity
 {
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -148,7 +148,6 @@ class AuthCodeGrant extends AbstractGrant
        $session = new SessionEntity($this->server);
        $session->setOwner($type, $typeId);
        $session->associateClient($authParams['client']);
-        $session->save();

        // Create a new auth code
        $authCode = new AuthCodeEntity($this->server);
@@ -158,8 +157,10 @@ class AuthCodeGrant extends AbstractGrant

        foreach ($authParams['scopes'] as $scope) {
            $authCode->associateScope($scope);
+            $session->associateScope($scope);
        }

+        $session->save();
        $authCode->setSession($session);
        $authCode->save();

--- a/src/ResourceServer.php
+++ b/src/ResourceServer.php
@@ -12,6 +12,8 @@
 namespace League\OAuth2\Server;

 use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Exception\AccessDeniedException;
+use League\OAuth2\Server\Exception\InvalidRequestException;
 use League\OAuth2\Server\Storage\AccessTokenInterface;
 use League\OAuth2\Server\Storage\ClientInterface;
 use League\OAuth2\Server\Storage\ScopeInterface;
@@ -40,10 +42,10 @@ class ResourceServer extends AbstractServer
    /**
     * Initialise the resource server
     *
-     * @param SessionInterface     $sessionStorage
-     * @param AccessTokenInterface $accessTokenStorage
-     * @param ClientInterface      $clientStorage
-     * @param ScopeInterface       $scopeStorage
+     * @param \League\OAuth2\Server\Storage\SessionInterface     $sessionStorage
+     * @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage
+     * @param \League\OAuth2\Server\Storage\ClientInterface      $clientStorage
+     * @param \League\OAuth2\Server\Storage\ScopeInterface       $scopeStorage
     *
     * @return self
     */
@@ -93,31 +95,32 @@ class ResourceServer extends AbstractServer
    /**
     * Checks if the access token is valid or not
     *
-     * @param bool                   $headersOnly Limit Access Token to Authorization header only
-     * @param AccessTokenEntity|null $accessToken Access Token
+     * @param bool                                                $headerOnly Limit Access Token to Authorization header
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token
+     *
+     * @throws \League\OAuth2\Server\Exception\AccessDeniedException
+     * @throws \League\OAuth2\Server\Exception\InvalidRequestException
     *
     * @return bool
-     *
-     * @throws
     */
-    public function isValidRequest($headersOnly = true, $accessToken = null)
+    public function isValidRequest($headerOnly = true, $accessToken = null)
    {
        $accessTokenString = ($accessToken !== null)
                                ? $accessToken
-                                : $this->determineAccessToken($headersOnly);
+                                : $this->determineAccessToken($headerOnly);

        // Set the access token
        $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);

        // Ensure the access token exists
        if (!$this->accessToken instanceof AccessTokenEntity) {
-            throw new Exception\AccessDeniedException();
+            throw new AccessDeniedException();
        }

        // Check the access token hasn't expired
        // Ensure the auth code hasn't expired
        if ($this->accessToken->isExpired() === true) {
-            throw new Exception\AccessDeniedException();
+            throw new AccessDeniedException();
        }

        return true;
@@ -126,24 +129,24 @@ class ResourceServer extends AbstractServer
    /**
     * Reads in the access token from the headers
     *
-     * @param bool $headersOnly Limit Access Token to Authorization header only
+     * @param bool $headerOnly Limit Access Token to Authorization header
     *
-     * @throws Exception\InvalidRequestException Thrown if there is no access token presented
+     * @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented
     *
     * @return string
     */
-    public function determineAccessToken($headersOnly = false)
+    public function determineAccessToken($headerOnly = false)
    {
        if ($this->getRequest()->headers->get('Authorization') !== null) {
            $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
-        } elseif ($headersOnly === false) {
+        } elseif ($headerOnly === false) {
            $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
                                ? $this->getRequest()->query->get($this->tokenKey)
                                : $this->getRequest()->request->get($this->tokenKey);
        }

        if (empty($accessToken)) {
-            throw new Exception\InvalidRequestException('access token');
+            throw new InvalidRequestException('access token');
        }

        return $accessToken;
--- a/src/Storage/AccessTokenInterface.php
+++ b/src/Storage/AccessTokenInterface.php
@@ -24,7 +24,7 @@ interface AccessTokenInterface extends StorageInterface
     *
     * @param string $token The access token
     *
-     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
+     * @return \League\OAuth2\Server\Entity\AccessTokenEntity | null
     */
    public function get($token);

@@ -33,7 +33,7 @@ interface AccessTokenInterface extends StorageInterface
     *
     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
     *
-     * @return array Array of \League\OAuth2\Server\Entity\ScopeEntity
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
     */
    public function getScopes(AccessTokenEntity $token);

--- a/src/Storage/AuthCodeInterface.php
+++ b/src/Storage/AuthCodeInterface.php
@@ -24,7 +24,7 @@ interface AuthCodeInterface extends StorageInterface
     *
     * @param string $code
     *
-     * @return \League\OAuth2\Server\Entity\AuthCodeEntity
+     * @return \League\OAuth2\Server\Entity\AuthCodeEntity | null
     */
    public function get($code);

@@ -45,7 +45,7 @@ interface AuthCodeInterface extends StorageInterface
     *
     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
     *
-     * @return array Array of \League\OAuth2\Server\Entity\ScopeEntity
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
     */
    public function getScopes(AuthCodeEntity $token);

--- a/src/Storage/ClientInterface.php
+++ b/src/Storage/ClientInterface.php
@@ -26,7 +26,7 @@ interface ClientInterface extends StorageInterface
     * @param string $redirectUri  The client's redirect URI (default = "null")
     * @param string $grantType    The grant type used (default = "null")
     *
-     * @return \League\OAuth2\Server\Entity\ClientEntity
+     * @return \League\OAuth2\Server\Entity\ClientEntity | null
     */
    public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);

@@ -35,7 +35,7 @@ interface ClientInterface extends StorageInterface
     *
     * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
     *
-     * @return \League\OAuth2\Server\Entity\ClientEntity
+     * @return \League\OAuth2\Server\Entity\ClientEntity | null
     */
    public function getBySession(SessionEntity $session);
 }
--- a/src/Storage/RefreshTokenInterface.php
+++ b/src/Storage/RefreshTokenInterface.php
@@ -23,7 +23,7 @@ interface RefreshTokenInterface extends StorageInterface
     *
     * @param string $token
     *
-     * @return \League\OAuth2\Server\Entity\RefreshTokenEntity
+     * @return \League\OAuth2\Server\Entity\RefreshTokenEntity | null
     */
    public function get($token);

--- a/src/Storage/ScopeInterface.php
+++ b/src/Storage/ScopeInterface.php
@@ -23,7 +23,7 @@ interface ScopeInterface extends StorageInterface
     * @param string $grantType The grant type used in the request (default = "null")
     * @param string $clientId  The client sending the request (default = "null")
     *
-     * @return \League\OAuth2\Server\Entity\ScopeEntity
+     * @return \League\OAuth2\Server\Entity\ScopeEntity | null
     */
    public function get($scope, $grantType = null, $clientId = null);
 }
--- a/src/Storage/SessionInterface.php
+++ b/src/Storage/SessionInterface.php
@@ -26,7 +26,7 @@ interface SessionInterface extends StorageInterface
     *
     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
     *
-     * @return \League\OAuth2\Server\Entity\SessionEntity
+     * @return \League\OAuth2\Server\Entity\SessionEntity | null
     */
    public function getByAccessToken(AccessTokenEntity $accessToken);

@@ -35,7 +35,7 @@ interface SessionInterface extends StorageInterface
     *
     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $authCode The auth code
     *
-     * @return \League\OAuth2\Server\Entity\SessionEntity
+     * @return \League\OAuth2\Server\Entity\SessionEntity | null
     */
    public function getByAuthCode(AuthCodeEntity $authCode);

@@ -44,7 +44,7 @@ interface SessionInterface extends StorageInterface
     *
     * @param  \League\OAuth2\Server\Entity\SessionEntity
     *
-     * @return array Array of \League\OAuth2\Server\Entity\ScopeEntity
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
     */
    public function getScopes(SessionEntity $session);
Author	SHA1	Message	Date
Alex Bilbie	34a6b66b8c	More .travis.yml updates	2015-03-22 23:19:36 +00:00
Alex Bilbie	61738a7fe2	Added `fast_finish: true` to .travis.yml	2015-03-22 23:13:41 +00:00
Alex Bilbie	51184259d1	Merge pull request #323 from rdohms/interface-docs Updated Interface Docs	2015-03-20 11:43:47 +00:00
rdohms	b21de11429	Updated Interface Docs Made phpdocs match expectations like null when not found and using array notation for indicating array of <object>	2015-03-20 11:33:03 +01:00
Alex Bilbie	cf6e86c9d4	Merge pull request #319 from Fuxy22/patch-1 Fixed missing session scope	2015-03-13 11:03:05 +00:00
Alex Bilbie	f6fdbc7142	Added PHP 7.0 testing	2015-03-03 22:00:47 +00:00
Norbert Fuksz	7f7f45662a	Fixed missing session scope Close #297	2015-03-02 17:47:48 +00:00
Alex Bilbie	f92a68cc72	Merge branch 'master' of github.com:thephpleague/oauth2-server	2015-02-22 19:47:44 +00:00
Alex Bilbie	295d8ffa24	Updated league/event to ~2.1. Fixes #311	2015-02-22 19:47:27 +00:00
Alex Bilbie	3d08140651	Merge pull request #300 from vvllaadd/patch-2 Probable bug	2015-02-22 19:45:14 +00:00
Alex Bilbie	ec8a8393ee	Merge pull request #310 from ismailbaskin/master typo	2015-02-10 10:03:53 +00:00
Ismail BASKIN	3869b8f406	typo	2015-02-10 10:28:57 +02:00
Alex Bilbie	7da7484008	Added security section	2015-02-05 16:14:59 +00:00
Alex Bilbie	b42ba4af17	Merge pull request #303 from hannesvdvreken/fix/consistent-use-and-fqcn Boyscouting the php docs to always use FQCNs	2015-01-23 10:47:26 +00:00
Hannes Van De Vreken	dd795a82f4	Changed the order and added missing throws	2015-01-23 11:21:12 +01:00
Hannes Van De Vreken	166362d3cd	Boyscouting the php docs to always use FQCNs	2015-01-23 11:17:19 +01:00
Vlad	d43391564c	Probable bug AccessTokenStorage::delete should delete the token, not the scope associated with the token	2015-01-15 14:20:54 +01:00
Alex Bilbie	ea6edf572a	Changelog update	2015-01-01 12:56:20 +00:00