Update changelog

Fix bc breaking change

CHANGELOG.md

@@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [7.3.2] - released 2018-11-21
+
+### Fixed
+- Revert setting keys on response type to be inside `getResponseType()` function instead of AuthorizationServer constructor (PR #969)
+
+## [7.3.1] - released 2018-11-15
+
+### Fixed
+- Fix issue with previous release where interface had changed for the AuthorizationServer. Reverted to the previous interface while maintaining functionality changes (PR #970)
+
 ## [7.3.0] - released 2018-11-13
 
 ### Changed
@@ -422,7 +432,9 @@ Version 5 is a complete code rewrite.
 
 - First major release
 
-[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.3.0...HEAD
+[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.3.2...HEAD
+[7.3.2]: https://github.com/thephpleague/oauth2-server/compare/7.3.1...7.3.2
+[7.3.1]: https://github.com/thephpleague/oauth2-server/compare/7.3.0...7.3.1
 [7.3.0]: https://github.com/thephpleague/oauth2-server/compare/7.2.0...7.3.0
 [7.2.0]: https://github.com/thephpleague/oauth2-server/compare/7.1.1...7.2.0
 [7.1.1]: https://github.com/thephpleague/oauth2-server/compare/7.1.0...7.1.1

src/AuthorizationServer.php

@@ -52,7 +52,7 @@ class AuthorizationServer implements EmitterAwareInterface
     /**
      * @var ResponseTypeInterface
      */
-    protected $responseTypePrototype;
+    protected $responseType;
 
     /**
      * @var ClientRepositoryInterface
@@ -87,7 +87,7 @@ class AuthorizationServer implements EmitterAwareInterface
      * @param ScopeRepositoryInterface       $scopeRepository
      * @param CryptKey|string                $privateKey
      * @param string|Key                     $encryptionKey
-     * @param null|ResponseTypeInterface     $responseTypePrototype
+     * @param null|ResponseTypeInterface     $responseType
      */
     public function __construct(
         ClientRepositoryInterface $clientRepository,
@@ -95,7 +95,7 @@ class AuthorizationServer implements EmitterAwareInterface
         ScopeRepositoryInterface $scopeRepository,
         $privateKey,
         $encryptionKey,
-        ResponseTypeInterface $responseTypePrototype = null
+        ResponseTypeInterface $responseType = null
     ) {
         $this->clientRepository = $clientRepository;
         $this->accessTokenRepository = $accessTokenRepository;
@@ -108,19 +108,13 @@ class AuthorizationServer implements EmitterAwareInterface
         $this->privateKey = $privateKey;
         $this->encryptionKey = $encryptionKey;
 
-        if ($responseTypePrototype === null) {
-            $responseTypePrototype = new BearerTokenResponse();
+        if ($responseType === null) {
+            $responseType = new BearerTokenResponse();
         } else {
-            $responseTypePrototype = clone $responseTypePrototype;
+            $responseType = clone $responseType;
         }
 
-        if ($responseTypePrototype instanceof AbstractResponseType) {
-            $responseTypePrototype->setPrivateKey($this->privateKey);
-        }
-
-        $responseTypePrototype->setEncryptionKey($this->encryptionKey);
-
-        $this->responseTypePrototype = $responseTypePrototype;
+        $this->responseType = $responseType;
     }
 
     /**
@@ -200,7 +194,7 @@ class AuthorizationServer implements EmitterAwareInterface
             }
             $tokenResponse = $grantType->respondToAccessTokenRequest(
                 $request,
-                $this->newResponseType(),
+                $this->getResponseType(),
                 $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
             );
 
@@ -217,9 +211,17 @@ class AuthorizationServer implements EmitterAwareInterface
      *
      * @return ResponseTypeInterface
      */
-    protected function newResponseType()
+    protected function getResponseType()
     {
-        return clone $this->responseTypePrototype;
+        $responseType = clone $this->responseType;
+
+        if ($responseType instanceof AbstractResponseType) {
+            $responseType->setPrivateKey($this->privateKey);
+        }
+
+        $responseType->setEncryptionKey($this->encryptionKey);
+
+        return $responseType;
     }
 
     /**

tests/AuthorizationServerTest.php

@@ -91,7 +91,7 @@ class AuthorizationServerTest extends TestCase
         $this->assertEquals(200, $response->getStatusCode());
     }
 
-    public function testNewDefaultResponseType()
+    public function testGetResponseType()
     {
         $clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
 
@@ -104,17 +104,50 @@ class AuthorizationServerTest extends TestCase
         );
 
         $abstractGrantReflection = new \ReflectionClass($server);
-        $method = $abstractGrantReflection->getMethod('newResponseType');
+        $method = $abstractGrantReflection->getMethod('getResponseType');
         $method->setAccessible(true);
 
-        $responseTypeA = $method->invoke($server);
-        $responseTypeB = $method->invoke($server);
-        $this->assertInstanceOf(BearerTokenResponse::class, $responseTypeA);
-        $this->assertInstanceOf(BearerTokenResponse::class, $responseTypeB);
-        $this->assertNotSame($responseTypeA, $responseTypeB);
+        $this->assertInstanceOf(BearerTokenResponse::class, $method->invoke($server));
     }
 
-    public function testNewResponseTypeFromPrototype()
+    public function testGetResponseTypeExtended()
+    {
+        $clientRepository = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
+        $privateKey = 'file://' . __DIR__ . '/Stubs/private.key';
+        $encryptionKey = 'file://' . __DIR__ . '/Stubs/public.key';
+
+        $server = new class($clientRepository, $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock(), $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock(), $privateKey, $encryptionKey) extends AuthorizationServer {
+            protected function getResponseType()
+            {
+                $this->responseType = new class extends BearerTokenResponse {
+                    /* @return null|CryptKey */
+                    public function getPrivateKey()
+                    {
+                        return $this->privateKey;
+                    }
+
+                    public function getEncryptionKey()
+                    {
+                        return $this->encryptionKey;
+                    }
+                };
+
+                return parent::getResponseType();
+            }
+        };
+
+        $abstractGrantReflection = new \ReflectionClass($server);
+        $method = $abstractGrantReflection->getMethod('getResponseType');
+        $method->setAccessible(true);
+        $responseType = $method->invoke($server);
+
+        $this->assertInstanceOf(BearerTokenResponse::class, $responseType);
+        // generated instances should have keys setup
+        $this->assertSame($privateKey, $responseType->getPrivateKey()->getKeyPath());
+        $this->assertSame($encryptionKey, $responseType->getEncryptionKey());
+    }
+
+    public function testMultipleRequestsGetDifferentResponseTypeInstances()
     {
         $privateKey = 'file://' . __DIR__ . '/Stubs/private.key';
         $encryptionKey = 'file://' . __DIR__ . '/Stubs/public.key';
@@ -144,7 +177,7 @@ class AuthorizationServerTest extends TestCase
         );
 
         $abstractGrantReflection = new \ReflectionClass($server);
-        $method = $abstractGrantReflection->getMethod('newResponseType');
+        $method = $abstractGrantReflection->getMethod('getResponseType');
         $method->setAccessible(true);
 
         $responseTypeA = $method->invoke($server);