Merge pull request thephpleague#1171 from Sephster/9.0.0-WIP

Merge Master Into v9-WIP

Author: Sephster

.gitattributes

@@ -7,7 +7,6 @@
 /.gitignore export-ignore
 /.scrutinizer.yml export-ignore
 /.styleci.yml export-ignore
-/.travis.yml export-ignore
 /phpstan.neon export-ignore
 /phpunit.xml.dist export-ignore
 /CHANGELOG.md export-ignore

.github/workflows/backwards-compatibility.yml

@@ -0,0 +1,21 @@
+name: "Backwards compatibility check"
+
+on:
+  pull_request:
+
+jobs:
+  bc-check:
+    name: "Backwards compatibility check"
+
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+        with:
+          fetch-depth: 0
+
+      - name: "Backwards Compatibility Check"
+        uses: docker://nyholm/roave-bc-check-ga
+        with:
+          args: --from=${{ github.event.pull_request.base.sha }}

.github/workflows/tests.yml

@@ -0,0 +1,42 @@
+name: tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php: [7.2, 7.3, 7.4, 8.0]
+        stability: [prefer-lowest, prefer-stable]
+
+    name: PHP ${{ matrix.php }} - ${{ matrix.stability }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: dom, curl, libxml, mbstring, zip
+          coverage: pcov
+
+      - name: Install dependencies
+        run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress
+
+      - name: Execute tests
+        run: vendor/bin/phpunit --verbose --coverage-clover=coverage.clover
+
+      - name: Code coverage
+        if: ${{ github.ref == 'refs/heads/master' && matrix.php != 8.0 }}
+        run: |
+          wget https://scrutinizer-ci.com/ocular.phar
+          php ocular.phar code-coverage:upload --format=php-clover coverage.clover

.travis.yml

@@ -5,26 +5,43 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-
 ### Added (v9)
 - A CryptKeyInterface to allow developers to change the CryptKey implementation with greater ease (PR #1044)
 - The authorization server can now finalize scopes when a client uses a refresh token (PR #1094)
 - An AuthorizationRequestInterface to make it easier to extend the AuthorizationRequest (PR #1110)
 
+### Fixed (v9)
+- If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042) (PR #1082)
+
+### Changed (v9)
+- Authorization Request objects are now created through the factory method, `createAuthorizationRequest()` (PR #1111)
+- Changed parameters for `finalizeScopes()` to allow a reference to an auth code ID (PR #1112)
+
+
+## [8.2.3] - released 2020-12-02
+### Added
+- Re-added support for PHP 7.2 (PR #1165, #1167)
+
+## [8.2.2] - released 2020-11-30
+### Fixed
+- Fix issue where the private key passphrase isn't correctly passed to JWT library (PR #1164)
+
+## [8.2.1] - released 2020-11-26
+### Fixed
+- If you have a password on your private key, it is now passed correctly to the JWT configuration object. (PR #1159)
+
+## [8.2.0] - released 2020-11-25
 ### Added
 - Add a `getRedirectUri` function to the `OAuthServerException` class (PR #1123)
+- Support for PHP 8.0 (PR #1146)
 
-### Fixed (v9)
-- If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042) (PR #1082)
+### Removed
+- Removed support for PHP 7.2 (PR #1146)
 
 ### Fixed
 - Fix typo in parameter hint. `code_challenged` changed to `code_challenge`. Thrown by Auth Code Grant when the code challenge does not match the regex. (PR #1130) 
 - Undefined offset was returned when no client redirect URI was set. Now throw an invalidClient exception if no redirect URI is set against a client (PR #1140)
 
-### Changed (v9)
-- Authorization Request objects are now created through the factory method, `createAuthorizationRequest()` (PR #1111)
-- Changed parameters for `finalizeScopes()` to allow a reference to an auth code ID (PR #1112)
-
 ## [8.1.1] - released 2020-07-01
 
 ### Fixed
@@ -517,7 +534,11 @@ Version 5 is a complete code rewrite.
 
 - First major release
 
-[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/8.1.1...HEAD
+[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/8.2.3...HEAD
+[8.2.3]: https://github.com/thephpleague/oauth2-server/compare/8.2.2...8.2.3
+[8.2.2]: https://github.com/thephpleague/oauth2-server/compare/8.2.1...8.2.2
+[8.2.1]: https://github.com/thephpleague/oauth2-server/compare/8.2.0...8.2.1
+[8.2.0]: https://github.com/thephpleague/oauth2-server/compare/8.1.1...8.2.0
 [8.1.1]: https://github.com/thephpleague/oauth2-server/compare/8.1.0...8.1.1
 [8.1.0]: https://github.com/thephpleague/oauth2-server/compare/8.0.0...8.1.0
 [8.0.0]: https://github.com/thephpleague/oauth2-server/compare/7.4.0...8.0.0

CHANGELOG.md

@@ -2,11 +2,10 @@
 
 [![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases)
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
-[![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
+[![Build Status](https://github.com/thephpleague/oauth2-server/workflows/tests/badge.svg)](https://github.com/thephpleague/oauth2-server/actions)
 [![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
 [![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
 [![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
-[![PHPStan](https://img.shields.io/badge/PHPStan-enabled-brightgreen.svg?style=flat-square)](https://github.com/phpstan/phpstan)
 
 `league/oauth2-server` is a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
 
@@ -29,11 +28,12 @@ This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](ht
 
 ## Requirements
 
-The following versions of PHP are supported:
+The latest version of this package supports the following versions of PHP:
 
 * PHP 7.2
 * PHP 7.3
 * PHP 7.4
+* PHP 8.0
 
 The `openssl` and `json` extensions are also required.
 
@@ -52,16 +52,15 @@ You can contribute to the documentation in the [gh-pages branch](https://github.
 
 ## Testing
 
-The library uses [PHPUnit](https://phpunit.de/) for unit tests and [PHPStan](https://github.com/phpstan/phpstan) for static analysis of the code.
+The library uses [PHPUnit](https://phpunit.de/) for unit tests.
 
 ```
 vendor/bin/phpunit
-vendor/bin/phpstan analyse -l 7 -c phpstan.neon src tests
 ```
 
-## Continous Integration
+## Continuous Integration
 
-We use [Travis CI](https://travis-ci.org/), [Scrutinizer](https://scrutinizer-ci.com/), and [StyleCI](https://styleci.io/) for continuous integration. Check out [our](https://github.com/thephpleague/oauth2-server/blob/master/.travis.yml) [configuration](https://github.com/thephpleague/oauth2-server/blob/master/.scrutinizer.yml) [files](https://github.com/thephpleague/oauth2-server/blob/master/.styleci.yml) if you'd like to know more.
+We use [Github Actions](https://github.com/features/actions), [Scrutinizer](https://scrutinizer-ci.com/), and [StyleCI](https://styleci.io/) for continuous integration. Check out [our](https://github.com/thephpleague/oauth2-server/blob/master/.github/workflows/tests.yml) [configuration](https://github.com/thephpleague/oauth2-server/blob/master/.scrutinizer.yml) [files](https://github.com/thephpleague/oauth2-server/blob/master/.styleci.yml) if you'd like to know more.
 
 ## Community Integrations
 

README.md

@@ -4,19 +4,19 @@
     "homepage": "https://oauth2.thephpleague.com/",
     "license": "MIT",
     "require": {
-        "php": ">=7.2.0",
+        "php": "^7.2 || ^8.0",
         "ext-openssl": "*",
         "league/event": "^2.2",
-        "lcobucci/jwt": "^3.3.1",
+        "lcobucci/jwt": "^3.4 || ^4.0",
         "psr/http-message": "^1.0.1",
         "defuse/php-encryption": "^2.2.1",
         "ext-json": "*"
     },
     "require-dev": {
-        "phpunit/phpunit": "^8.5.4 || ^9.1.3",
-        "laminas/laminas-diactoros": "^2.3.0",
-        "phpstan/phpstan": "^0.11.19",
-        "phpstan/phpstan-phpunit": "^0.11.2",
+        "phpunit/phpunit": "^8.5.13",
+        "laminas/laminas-diactoros": "^2.4.1",
+        "phpstan/phpstan": "^0.12.57",
+        "phpstan/phpstan-phpunit": "^0.12.16",
         "roave/security-advisories": "dev-master"
     },
     "repositories": [

composer.json

@@ -1,13 +1,13 @@
 {
     "require": {
-        "slim/slim": "^3.0.0"
+        "slim/slim": "^3.12.3"
     },
     "require-dev": {
         "league/event": "^2.2",
-        "lcobucci/jwt": "^3.3",
-        "psr/http-message": "^1.0",
-        "defuse/php-encryption": "^2.2",
-        "laminas/laminas-diactoros": "^2.1.2"
+        "lcobucci/jwt": "^3.4 || ^4.0",
+        "psr/http-message": "^1.0.1",
+        "defuse/php-encryption": "^2.2.1",
+        "laminas/laminas-diactoros": "^2.5.0"
     },
     "autoload": {
         "psr-4": {