Merge pull request #1 from thephpleague/master

Merging changes into my fork

.travis.yml

@@ -11,6 +11,7 @@ php:
   - 5.5
   - 5.6
   - 7.0
+  - 7.1
   - hhvm
 
 install:
@@ -21,4 +22,4 @@ script:
 
 branches:
   only:
-    - master
+    - master

CHANGELOG.md

@@ -1,5 +1,35 @@
 # Changelog
 
+## 5.1.3 (released 2016-10-12)
+
+* Fixed WWW-Authenticate header (Issue #669)
+* Increase the recommended RSA key length from 1024 to 2048 bits (Issue #668)
+
+## 5.1.2 (released 2016-09-19)
+
+* Fixed `finalizeScopes` call (Issue #650)
+
+## 5.1.1 (released 2016-07-26)
+
+* Improved test suite (Issue #614)
+* Updated docblocks (Issue #616)
+* Replace `array_shift` with `foreach` loop (Issue #621)
+* Allow easy addition of custom fields to Bearer token response (Issue #624)
+* Key file auto-generation from string (Issue #625)
+
+## 5.1.0 (released 2016-06-28)
+
+* Implemented RFC7636 (Issue #574)
+* Unify middleware exception responses (Issue #578)
+* Updated examples (Issue #589)
+* Ensure state is in access denied redirect (Issue #597)
+* Remove redundant `isExpired()` method from entity interfaces and traits (Issue #600)
+* Added a check for unique access token constraint violation (Issue #601)
+* Look at Authorization header directly for HTTP Basic auth checks (Issue #604)
+* Added catch Runtime exception when parsing JWT string (Issue #605)
+* Allow `paragonie/random_compat` 2.x (Issue #606)
+* Added `indigophp/hash-compat` to Composer suggestions and `require-dev` for PHP 5.5 support
+
 ## 5.0.3 (released 2016-05-04)
 
 * Fix hints in PasswordGrant (Issue #560)

README.md

@@ -7,7 +7,7 @@
 [![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
 [![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
 
-`league/oauth2-server` is a a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
+`league/oauth2-server` is a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
 
 It supports out of the box the following grants:
 
@@ -33,6 +33,7 @@ The following versions of PHP are supported:
 * PHP 5.5 (>=5.5.9)
 * PHP 5.6
 * PHP 7.0
+* PHP 7.1
 * HHVM
 
 The `openssl` extension is also required.
@@ -58,8 +59,7 @@ If you have any questions about OAuth _please_ open a ticket here; please **don'
 
 ## Commercial Support
 
-If you would like help implementing this library into your existing platform, or would like to 
- some advice or training for you and your team please email Alex Bilbie at `[email protected]`.
+If you would like help implementing this library into your existing platform, or would be interested in OAuth advice or training for you and your team please get in touch with [Glynde Labs](https://glyndelabs.com).
 
 ## Security
 

composer.json

@@ -8,7 +8,7 @@
         "ext-openssl": "*",
         "league/event": "^2.1",
         "lcobucci/jwt": "^3.1",
-        "paragonie/random_compat": "^1.1",
+        "paragonie/random_compat": "^1.1 || ^2.0",
         "psr/http-message": "^1.0"
     },
     "require-dev": {

examples/README.md

@@ -3,7 +3,7 @@
 ## Installation
 
 0. Run `composer install` in this directory to install dependencies
-0. Create a private key `openssl genrsa -out private.key 1024`
+0. Create a private key `openssl genrsa -out private.key 2048`
 0. Create a public key `openssl rsa -in private.key -pubout > public.key`
 0. `cd` into the public directory
 0. Start a PHP server `php -S localhost:4444`

examples/public/api.php

@@ -31,7 +31,6 @@
 $app->get(
     '/users',
     function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-
         $users = [
             [
                 'id'    => 123,
@@ -70,4 +69,4 @@ function (ServerRequestInterface $request, ResponseInterface $response) use ($ap
     }
 );
 
-$app->run();
+$app->run();

examples/public/client_credentials.php

@@ -30,9 +30,9 @@
         $accessTokenRepository = new AccessTokenRepository(); // instance of AccessTokenRepositoryInterface
 
         // Path to public and private keys
-        $privateKey = 'file://'.__DIR__.'/../private.key';
+        $privateKey = 'file://' . __DIR__ . '/../private.key';
         //$privateKey = new CryptKey('file://path/to/private.key', 'passphrase'); // if private key has a pass phrase
-        $publicKey = 'file://'.__DIR__.'/../public.key';
+        $publicKey = 'file://' . __DIR__ . '/../public.key';
 
         // Setup the authorization server
         $server = new AuthorizationServer(

examples/public/middleware_use.php

@@ -8,6 +8,7 @@
  */
 
 use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\ResourceServer;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
 use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware;
@@ -61,11 +62,20 @@
         // Enable the refresh token grant on the server with a token TTL of 1 month
         $server->enableGrantType(
             new RefreshTokenGrant($refreshTokenRepository),
-            new \DateInterval('PT1M')
+            new \DateInterval('P1M')
         );
 
         return $server;
     },
+    ResourceServer::class => function () {
+        $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
+
+        $server = new ResourceServer(
+            new AccessTokenRepository(),
+            $publicKeyPath
+        );
+        return $server;
+    },
 ]);
 
 // Access token issuer
@@ -94,6 +104,6 @@
 
         return $response->withBody($body);
     });
-})->add(new ResourceServerMiddleware($app->getContainer()->get(AuthorizationServer::class)));
+})->add(new ResourceServerMiddleware($app->getContainer()->get(ResourceServer::class)));
 
 $app->run();

examples/public/password.php

@@ -23,8 +23,8 @@
             new ClientRepository(),                 // instance of ClientRepositoryInterface
             new AccessTokenRepository(),            // instance of AccessTokenRepositoryInterface
             new ScopeRepository(),                  // instance of ScopeRepositoryInterface
-            'file://'.__DIR__.'/../private.key',    // path to private key
-            'file://'.__DIR__.'/../public.key'      // path to public key
+            'file://' . __DIR__ . '/../private.key',    // path to private key
+            'file://' . __DIR__ . '/../public.key'      // path to public key
         );
 
         $grant = new PasswordGrant(
@@ -54,19 +54,17 @@ function (ServerRequestInterface $request, ResponseInterface $response) use ($ap
 
             // Try to respond to the access token request
             return $server->respondToAccessTokenRequest($request, $response);
-
         } catch (OAuthServerException $exception) {
 
             // All instances of OAuthServerException can be converted to a PSR-7 response
             return $exception->generateHttpResponse($response);
-
         } catch (\Exception $exception) {
 
             // Catch unexpected exceptions
             $body = $response->getBody();
             $body->write($exception->getMessage());
-            return $response->withStatus(500)->withBody($body);
 
+            return $response->withStatus(500)->withBody($body);
         }
     }
 );

examples/src/Repositories/ScopeRepository.php

@@ -48,6 +48,13 @@ public function finalizeScopes(
         ClientEntityInterface $clientEntity,
         $userIdentifier = null
     ) {
+        // Example of programatically modifying the final scope of the access token
+        if ((int) $userIdentifier === 1) {
+            $scope = new ScopeEntity();
+            $scope->setIdentifier('email');
+            $scopes[] = $scope;
+        }
+
         return $scopes;
     }
 }

examples/src/Repositories/UserRepository.php

@@ -11,7 +11,6 @@
 
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
-use OAuth2ServerExamples\Entities\ScopeEntity;
 use OAuth2ServerExamples\Entities\UserEntity;
 
 class UserRepository implements UserRepositoryInterface
@@ -26,10 +25,6 @@ public function getUserEntityByUserCredentials(
         ClientEntityInterface $clientEntity
     ) {
         if ($username === 'alex' && $password === 'whisky') {
-            $scope = new ScopeEntity();
-            $scope->setIdentifier('email');
-            $scopes[] = $scope;
-
             return new UserEntity();
         }