v1.10.0 (#889)

.travis.yml

@@ -5,12 +5,12 @@ cache:
     - $HOME/.composer/cache
     - vendor
 php:
-- 5.3
 - 5.4
 - 5.5
 - 5.6
 - 7.0
 - 7.1
+- 7.2
 env:
   global:
   - secure: Bc5ZqvZ1YYpoPZNNuU2eCB8DS6vBYrAdfBtTenBs5NSxzb+Vjven4kWakbzaMvZjb/Ib7Uph7DGuOtJXpmxnvBXPLd707LZ89oFWN/yqQlZKCcm8iErvJCB5XL+/ONHj2iPdR242HJweMcat6bMCwbVWoNDidjtWMH0U2mYFy3M=
@@ -29,3 +29,5 @@ before_script:
 - psql -c 'create database oauth2_server_php;' -U postgres
 after_script:
 - php test/cleanup.php
+script:
+- vendor/bin/phpunit

CHANGELOG.md

@@ -8,6 +8,24 @@ To see the files changed for a given bug, go to https://github.com/bshaffer/oaut
 To get the diff between two versions, go to https://github.com/bshaffer/oauth2-server-php/compare/v1.0...v1.1
 To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-server-php/commit/XXX where XXX is the change hash
 
+* 1.10.0 (2017-12-14)
+
+  PR: https://github.com/bshaffer/oauth2-server-php/pull/889
+
+  * #795 - [feature] added protected createPayload method to allow easier customization of JWT payload
+  * #807 - [refactor] simplifies UserInfoController constructor
+  * #814 - [docs] Adds https to README link
+  * #827 - [testing] Explicitly pulls in phpunit 4
+  * #828 - [docs] PHPDoc improvements and type hinting of variables.
+  * #829 - [bug] Fix CORS issue for revoking and requesting an access token
+  * #869 - [testing] Remove php 5.3 from travis and use vendored phpunit
+  * #834 - [feature] use random_bytes if available
+  * #851 - [docs] Fix PHPDoc
+  * #872 - [bug] Fix count() error on PHP 7.2
+  * #873 - [testing] adds php 7.2 to travis
+  * #794 - [docs] Fix typo in composer.json
+  * #885 - [testing] Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
+
 * 1.9.0 (2016-01-06)
 
   PR: https://github.com/bshaffer/oauth2-server-php/pull/788
@@ -87,7 +105,7 @@ To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-
   * bug #346 Fixes open_basedir warning
   * bug #351 Adds OpenID Connect support
   * bug #355 Adds php 5.6 and HHVM to travis.ci testing
-  * [BC] bug #358 Adds `getQuerystringIdentifier()` to the GrantType interface
+  * [BC] bug #358 Adds `getQueryStringIdentifier()` to the GrantType interface
   * bug #363 Encryption\JWT - Allows for subclassing JWT Headers
   * bug #349 Bearer Tokens - adds requestHasToken method for when access tokens are optional
   * bug #301 Encryption\JWT - fixes urlSafeB64Encode(): ensures newlines are replaced as expected

README.md

@@ -5,4 +5,4 @@ oauth2-server-php
 
 [![Total Downloads](https://poser.pugx.org/bshaffer/oauth2-server-php/downloads.png)](https://packagist.org/packages/bshaffer/oauth2-server-php)
 
-View the [complete documentation](http://bshaffer.github.io/oauth2-server-php-docs/)
+View the [complete documentation](https://bshaffer.github.io/oauth2-server-php-docs/)

composer.json

@@ -19,6 +19,7 @@
         "php":">=5.3.9"
     },
     "require-dev": {
+        "phpunit/phpunit": "^4.0",
         "aws/aws-sdk-php": "~2.8",
         "firebase/php-jwt": "~2.2",
         "predis/predis": "dev-master",
@@ -29,6 +30,7 @@
         "predis/predis": "Required to use Redis storage",
         "thobbs/phpcassa": "Required to use Cassandra storage",
         "aws/aws-sdk-php": "~2.8 is required to use DynamoDB storage",
-        "firebase/php-jwt": "~1.1 is required to use MondoDB storage"
+        "firebase/php-jwt": "~2.2 is required to use JWT features",
+        "mongodb/mongodb": "^1.1 is required to use MongoDB storage"
     }
 }

src/OAuth2/Autoloader.php

@@ -10,15 +10,22 @@
  */
 class Autoloader
 {
+    /**
+     * @var string
+     */
     private $dir;
 
+    /**
+     * @param string $dir
+     */
     public function __construct($dir = null)
     {
         if (is_null($dir)) {
             $dir = dirname(__FILE__).'/..';
         }
         $this->dir = $dir;
     }
+
     /**
      * Registers OAuth2\Autoloader as an SPL autoloader.
      */
@@ -31,9 +38,8 @@ public static function register($dir = null)
     /**
      * Handles autoloading of classes.
      *
-     * @param string $class A class name.
-     *
-     * @return boolean Returns true if the class has been loaded
+     * @param string $class - A class name.
+     * @return boolean      - Returns true if the class has been loaded
      */
     public function autoload($class)
     {

src/OAuth2/ClientAssertionType/ClientAssertionTypeInterface.php

@@ -10,6 +10,19 @@
  */
 interface ClientAssertionTypeInterface
 {
+    /**
+     * Validate the OAuth request
+     *
+     * @param RequestInterface $request
+     * @param ResponseInterface $response
+     * @return mixed
+     */
     public function validateRequest(RequestInterface $request, ResponseInterface $response);
+
+    /**
+     * Get the client id
+     *
+     * @return mixed
+     */
     public function getClientId();
 }

src/OAuth2/ClientAssertionType/HttpBasic.php

@@ -5,6 +5,7 @@
 use OAuth2\Storage\ClientCredentialsInterface;
 use OAuth2\RequestInterface;
 use OAuth2\ResponseInterface;
+use LogicException;
 
 /**
  * Validate a client via Http Basic authentication
@@ -19,14 +20,16 @@ class HttpBasic implements ClientAssertionTypeInterface
     protected $config;
 
     /**
-     * @param OAuth2\Storage\ClientCredentialsInterface $clientStorage REQUIRED Storage class for retrieving client credentials information
-     * @param array                                     $config        OPTIONAL Configuration options for the server
-     *                                                                 <code>
-     *                                                                 $config = array(
-     *                                                                 'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
-     *                                                                 'allow_public_clients'  => true              // if true, "public clients" (clients without a secret) may be authenticated
-     *                                                                 );
-     *                                                                 </code>
+     * Config array $config should look as follows:
+     * @code
+     *     $config = array(
+     *         'allow_credentials_in_request_body' => true, // whether to look for credentials in the POST body in addition to the Authorize HTTP Header
+     *         'allow_public_clients'  => true              // if true, "public clients" (clients without a secret) may be authenticated
+     *     );
+     * @endcode
+     *
+     * @param ClientCredentialsInterface $storage Storage
+     * @param array                      $config  Configuration options for the server
      */
     public function __construct(ClientCredentialsInterface $storage, array $config = array())
     {
@@ -37,14 +40,22 @@ public function __construct(ClientCredentialsInterface $storage, array $config =
         ), $config);
     }
 
+    /**
+     * Validate the OAuth request
+     *
+     * @param RequestInterface $request
+     * @param ResponseInterface $response
+     * @return bool|mixed
+     * @throws LogicException
+     */
     public function validateRequest(RequestInterface $request, ResponseInterface $response)
     {
         if (!$clientData = $this->getClientCredentials($request, $response)) {
             return false;
         }
 
         if (!isset($clientData['client_id'])) {
-            throw new \LogicException('the clientData array must have "client_id" set');
+            throw new LogicException('the clientData array must have "client_id" set');
         }
 
         if (!isset($clientData['client_secret']) || $clientData['client_secret'] == '') {
@@ -70,6 +81,11 @@ public function validateRequest(RequestInterface $request, ResponseInterface $re
         return true;
     }
 
+    /**
+     * Get the client id
+     *
+     * @return mixed
+     */
     public function getClientId()
     {
         return $this->clientData['client_id'];
@@ -82,13 +98,14 @@ public function getClientId()
      * According to the spec (draft 20), the client_id can be provided in
      * the Basic Authorization header (recommended) or via GET/POST.
      *
-     * @return
-     * A list containing the client identifier and password, for example
+     * @param RequestInterface  $request
+     * @param ResponseInterface $response
+     * @return array|null A list containing the client identifier and password, for example:
      * @code
-     * return array(
-     *     "client_id"     => CLIENT_ID,        // REQUIRED the client id
-     *     "client_secret" => CLIENT_SECRET,    // OPTIONAL the client secret (may be omitted for public clients)
-     * );
+     *     return array(
+     *         "client_id"     => CLIENT_ID,        // REQUIRED the client id
+     *         "client_secret" => CLIENT_SECRET,    // OPTIONAL the client secret (may be omitted for public clients)
+     *     );
      * @endcode
      *
      * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
@@ -108,7 +125,6 @@ public function getClientCredentials(RequestInterface $request, ResponseInterfac
                  * client_secret can be null if the client's password is an empty string
                  * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
                  */
-
                 return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
             }
         }