Releases: hwi/HWIOAuthBundle
Releases · hwi/HWIOAuthBundle
2.3.0
- BC Break: Dropped support for Symfony:
6.3
and7.0
, - Added:
Amazon Cognito
resource owner, - Bugfix: Prevent overwriting
failure_path
inAuthenticationFailureHandler
when connect functionality is not enabled, - Bugfix: Prevent overwriting
failure_handler
in security configuration if set, - Bugfix: Type hint
AuthenticatorInterface
instead ofOAuthAuthenticator
inRefreshAccessTokenListener
, - Bugfix: Add missing parameters to
OdnoklassnikiResourceOwner
,
2.2.0
What's Changed
- Add Telegram resource owner by @zorn-v in #1966
- Drop not supported PHP 7.4 & 8.0 by @stloyd in #1969
- Allow "use_authorization_to_get_token" to be configured to false for generic OAuth2 by @ldaspt in #1974
- Update API version for Facebook to the latest available by @stloyd in #1975
- Replace custom authenticator passport with custom badge usage by @stloyd in #1976
- Replace custom authenticator passport with custom badge usage by @stloyd in #1978
- Fix registration of failure handler by @stloyd in #1979
- Don't miss the refresh token by @kurian86 in #1963
- Fix security setup docs by @stloyd in #1980
- Add GH action to close stale stuff by @stloyd in #1981
- Allow
null
as$registrationForm
inRegisterController
by @stloyd in #1983 - Make Twig & Symfony Routing hard requirement by @stloyd in #1984
- Document how to configure entity provider by @stloyd in #1985
- Remove Twig usage from
AuthenticationFailureHandler
by @stloyd in #1986 - Add connect functionality docs by @stloyd in #1987
- Adjust changelog for release 2.2 by @stloyd in #1988
New Contributors
- @zorn-v made their first contribution in #1966
- @ldaspt made their first contribution in #1974
- @kurian86 made their first contribution in #1963
Full Changelog: 2.1.0...2.2.0
2.1.0
What's Changed
- Add resource owner Passage by @malteschlueter in #1962
- Allow usage of Symfony 7 by @stloyd in #1968
- Fixed compatiblity with Symfony 6.4+
New Contributors
- @malteschlueter made their first contribution in #1962
For details go and read the CHANGELOG file.
2.0.0
Long awaited 2.0 release!
The main changes:
- completely reworked resource owners internals,
- official support for Symfony 6,
- official support for PHP 8,
- dropped support for Symfony <5.4,
- dropped support for PHP <7.4,
- removed support for
FOSUserBundle
,
For details go and read the CHANGELOG file.
What's Changed
- Remove direct deprecations reported on Symfony 6 by @stloyd in #1946
- Enable integration tests on Symfony 6 by @stloyd in #1947
- Prevent refreshing non-expired token by @stloyd in #1948
- Update GH actions by @stloyd in #1949
- Remove deprecations reported by Symfony 6.x by @stloyd in #1951
- Improve compatibility with Symfony 6.x by @stloyd in #1950
- Prevent fatal error when token doesn't have resource owner name set by @stloyd in #1952
- Run tests against PHP 8.3 by @stloyd in #1953
Full Changelog: 2.0.0-BETA3...2.0.0
2.0.0-BETA3
Changelog
- BC Break: Dropped support for Symfony: 4.4 & 6.0.*,
- BC Break: Class
Templating\Helper\OAuthHelper
was merged intoTwig\Extension\OAuthRuntime
, - BC Break: When resource owner class doesn't define
TYPE
constant or isnull
, then key will be calculated by converting its class name withoutResourceOwner
suffix tosnake_case
, if neither is felt, then\LogicException
will be thrown, - Deprecated: method
UserResponseInterface::getUsername()
was deprecated in favour ofUserResponseInterface::getUserIdentifier()
to match changes in Symfony Security component, - Enhancement:
@internal
resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended fromGenericOAuth[X]ResourceOwner
getoauth[X]
type. If class only implements ResourceOwnerInterface then its oauth type isunknown
. ResourceOwner key (parametertype
in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implementedResourceOwnerInterface
will be registered automatically. Ifautoconfigure
option is disabled user have to add the taghwi_oauth.resource_owner
to the service definition, - Enhancement: Class
ConnectController
was split into two smaller ones,Connect\ConnectController
&Connect\RegisterController
, - Bugfix: Added
OAuth1ResourceOwner
&OAuth2ResourceOwner
to cover case of implementing custom oauth resource owners, - Bugfix: Fixed Authorization Header in
CleverResourceOwner::doGetRequest
, - Bugfix: Catch also the
TransportExceptionInterface
inAbstractResourceOwner::getResponseContent()
method, - Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
- Bugfix: Prevent fatal error in
OAuthUserProvider::loadUserByOAuthUserResponse()
whennickname
is not available in OAuth response, - Bugfix: Use newer version of
firebase/php-jwt
library, - Chore: Removed not used Symfony Templating component
What's Changed
- Add Apple client_secret auto generation by @Seb33300 in #1884
- Update ConnectController.php by @stephanvierkant in #1886
- Merged
Templating\Helper\OAuthHelper
class directly intoTwig\Extension\OAuthRuntime
by @stloyd in #1888 - Added
OAuth1ResourceOwner
&OAuth2ResourceOwner
by @stloyd in #1889 - Refactor
ConnectController
& split it into smaller ones by @stloyd in #1887 - Improve
RefreshOAuthTokenCompilerPass
class quality by @stloyd in #1881 - Added
getIdentifier()
intoPathUserResponse
to match Symfony changes by @stloyd in #1883 - Improve Configuration.php readability by @gassan in #1891
- Fixed wrong class name in
SensioConnectUserResponse
by @stloyd in #1894 - Allow "symfony/flex" plugin by @stloyd in #1908
- Removed support for Symfony ~6.0 by @stloyd in #1907
- Fixed links to documentation by @stloyd in #1909
- Remove invalid CI job by @stloyd in #1910
- Fix typo by @dlondero in #1899
- Fix Authorization header for CleverResourceOwner.php by @gassan in #1868
- Catch also the
TransportExceptionInterface
inAbstractResourceOwner::getResponseContent()
method by @stloyd in #1911 - Current matched Firewall is respected during generation of check path links. by @gassan in #1890
- Added funding button by @stloyd in #1912
- All ResourceOwners are collected automatically. by @gassan in #1872
- Fixed configuration of custom resource owners by @stloyd in #1915
- Add custom resource owner to confirm it's working correctly by @stloyd in #1916
- Fix typo in configuration comment by @reyostallenberg in #1933
- Update apple connector doc link by @Nek- in #1929
- Fix PHP 8.2 compatibility by @IonBazan in #1926
- Avoid confusion about Symfony version support dropped by @lyrixx in #1936
- Added feature to auto hint towards specific idp by @pimjansen in #1931
- Prevent fatal error in
loadUserByOAuthUserResponse()
whennickname
is not available in OAuth response by @stloyd in #1913 - Fixed wrong PHP version used in CI by @stloyd in #1941
- Fix CS and PHPStan by @Seb33300 in #1938
- Remove
symfony/templating
by @GromNaN in #1940 - Temporary skip broken test on Symfony 6 by @stloyd in #1942
- Don't use native file session in tests by @stloyd in #1943
- Remove BC layer for Symfony 4.4 by @stloyd in #1945
New Contributors
- @Seb33300 made their first contribution in #1884
- @dlondero made their first contribution in #1899
- @reyostallenberg made their first contribution in #1933
- @lyrixx made their first contribution in #1936
- @pimjansen made their first contribution in #1931
- @GromNaN made their first contribution in #1940
Full Changelog: 2.0.0-BETA2...2.0.0-BETA3
2.0.0-BETA2
Changelog
- Deprecated: configuration parameter
firewall_names
, firewalls are now computed automatically - all firewalls that have definedoauth
authenticator/provider will be collected, - Added: Ability to automatically refresh expired access tokens (only for derived from
GenericOAuth2ResourceOwner
resource owners), if optionrefresh_on_expire
set totrue
, - Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option
refresh_on_expure
set totrue
, - Enhancement: (
@internal
) Removed/replaced redundant argument$firewallNames
from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use$resourceOwnerMapLocator->getFirewallNames()
, - Bugfix:
RefreshTokenListener
cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing onkernel.response
. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request, - Bugfix:
InteractiveLoginEvent
will be triggered also forOAuthAuthenticator
, - Maintain: Changed config files from
*.xml
to*.php
(services and routes). Xml routing configsconnect.xml
,login.xml
andredirect.xml
are steel present but deprecated. Please use*.php
variants in your includes instead.
Details What's Changed
- increase phpstan to level 2 by @dmaicher in #1754
- Define
hwi_oauth.connect.confirmation
parameter by @franmomu in #1756 - Maintain | Remove
Makefile
in favour of composer scripts by @stloyd in #1766 - make twig extension lazy by using a Runtime by @dmaicher in #1741
- Remove support for FOSUser bundle by @stloyd in #1732
- bump to phpstan level 3 by @dmaicher in #1770
- Bump minimal PHP version to 7.4 by @XWB in #1774
- Maintain | Adjust codebase to match PHPStan level 5 by @stloyd in #1771
- Use type hints and return types in ResourceOwnerMapInterface by @XWB in #1773
- Rework ResourceOwnerMap to use service locator instead of whole DI container by @stloyd in #1775
- Bugfix | Prevent issue with missing parameter when
connect
option is not enabled by @stloyd in #1782 - Maintain | Update min. Twig version to work with PHP 8 by @stloyd in #1789
- [BC Break] Rework resource owners to use Symfony Http Client internally by @stloyd in #1681
- BC Break | Make classes final where expected & adjust types to PHP 7.4 by @stloyd in #1778
- Maintain | Update tests to use type & return hints by @stloyd in #1791
- Update Yahoo resource owner to use OAuth2 by @stloyd in #1790
- [2.x] Fix HTTP client definition by @Jean85 in #1792
- Maintain | Fixed php-cs-fixer & phpstan reports by @stloyd in #1801
- Rework Github Actions to be more efficient by @stloyd in #1807
- Update link to LinkedIn by @alexislefebvre in #1811
- Fix EntityUserProviderTest by @sjerdo in #1822
- Fix parsing OAuth1.0a responses for Twitter by @sjerdo in #1821
- Spotify | Add path for profile picture by @sjerdo in #1819
- Pass content in HTTP POST request on OAuth server by @rmlev in #1826
- Fix code style issue by @sjerdo in #1827
- Maintain | Update compatibility with PHP 8.1 by @stloyd in #1828
- Maintain | Rework CI by @stloyd in #1829
- Maintain | Update PHPStan to version 1.0 by @stloyd in #1830
- Maintain | Add support for Symfony 6 by @stloyd in #1800
- Maintain | Merge branch 1.4 into master one by @stloyd in #1834
- Maintain | Run new security already on Symfony 5.4 by @stloyd in #1837
- Bugfix | Test BC layer for Symfony Security <5.4 by @stloyd in #1839
- Bugfix | Fixed issue when
connect
configuration is not set butConnectController
was used by @stloyd in #1844 - Reviewed authenticator and made refreshToken method public. by @gassan in #1831
- Maintain | Adjust docs to follow Symfony changes by @stloyd in #1845
- Bugfix | Added missing
RememberMeBadge
into OAuth passport by @stloyd in #1846 - Force particular methods on internal routes by @stloyd in #1847
- Maintain | Rework bundle structure to match Symfony best practices by @stloyd in #1799
- oauth token of the same class will be created. fix in tests by @gassan in #1849
- Track oauth requests by symfony-profiler by @gassan in #1852
- Allow null User for refreshing oauth token by @gassan in #1855
- Http client for symfony 4.4 by @gassan in #1856
- RFC | Lets switch configs from xml to php by @gassan in #1859
- Review: Removed/replaced redundant parameter $firewallNames in Controllers by @gassan in #1861
- auto refresh oauth2 token on expire by @gassan in #1850
- Maintain | Improved code quality by adding hint & return types by @stloyd in #1863
- Keycloak: default paths mapping for a new created keycloak realm by @gassan in #1858
- Removed option firewall_names by @gassan in #1864
- Maintain | Added new Composer 2.2 config for "allow-plugins" by @stloyd in #1865
- Bugfix: Refresh token listener should not be lazy. by @gassan in #1867
- set resourceOwner services directly without using tag by @dmaicher in #1874
- Bugfix: InteractiveLoginEvent Event will be triggered also for OAuthAuthenticator by @gassan in #1877
New Contributors
- @sjerdo made their first contribution in #1822
- @rmlev made their first contribution in #1826
- @gassan made their first contribution in #1831
Full Changelog: 1.4.5...2.0.0-BETA2
2.0.0-BETA1
Changelog
- BC Break: Dropped PHP 7.3 support,
- BC Break: Dropped support for Symfony:
>=5.1
&<5.4
(still with BC layer included), - BC Break:
OAuthExtension
is now a lazy Twig extension using a Runtime, - BC Break: removed support for
FOSUserBundle
, - BC Break: changed
process()
argument forForm/RegistrationFormHandlerInterface
, fromForm $form
toFormInterface $form
, - BC Break: changed form class name in template
Resources/views/Connect/connect_confirm.html.twig
fromfos_user_registration_register
toregistration_register
, - BC Break: removed configuration option
fosub
fromoauth_user_provider
, - BC Break: removed configuration options
hwi_oauth.fosub
, & all related DI parameters, - BC Break: removed DI parameter
hwi_oauth.registration.form.factory
in favour of declaring form class name as DI parameter:hwi_oauth.connect.registration_form
, - BC Break: changed
ResourceOwnerMapInterface::hasResourceOwnerByName
signature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerByName
signature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerByRequest
signature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerCheckPath
signature, update if you use a custom resource owner, - BC Break:
ResourceOwnerMap
uses service locator instead of DI container, - BC Break: Removed abstract services:
hwi_oauth.abstract_resource_owner.generic
,hwi_oauth.abstract_resource_owner.oauth1
&hwi_oauth.abstract_resource_owner.oauth2
, - BC Break: Removed
setName()
method fromOAuth/ResourceOwnerInterface
, - BC Break: changed
__construct()
argument forOAuth/ResourceOwner/AbstractResourceOwner
, fromHttpMethodsClient $httpClient
toHttpClientInterface $httpClient
, - BC Break: replaced
php-http/httplug-bundle
withsymfony/http-client
- BC Break: removed
hwi_oauth.http
configuration, - BC Break: reworked bundles structure to match Symfony best practices:
- bundle code moved to:
src/
, - tests moved to:
tests/
, - docs moved from
Resources/doc
into:docs/
,
- bundle code moved to:
- BC Break: routes provided by bundle now have
methods
requirements:hwi_oauth_connect_service
:GET
&POST
,hwi_oauth_connect_registration
:GET
&POST
,hwi_oauth_connect
:GET
,hwi_oauth_service_redirect
:GET
,
- Added support for PHP 8.1,
- Added support for Symfony
5.4
&6.0
,
Kudos to "Old" Contributors (random order)
New Contributors
- @sjerdo made their first contribution in #1822
- @rmlev made their first contribution in #1826
- @gassan made their first contribution in #1831
Full Changelog: 1.4.5...2.0.0-BETA1
1.4.5
1.4.3
Changelog:
- Bugfix: Fixed support for PHP 8.1,
- Bugfix: Fixed support for Symfony 5.4,
- Bugfix: Fixed
VkontakteResourceOwner
option:api_version
to not point to deprecated one, - Bugfix:
RequestStack::getMasterRequest()
is deprecated since Symfony 5.3, useRequestStack::getMainRequest()
if exists, - Maintain: Added
GenericOAuth1ResourceOwnerTestCase
,GenericOAuth2ResourceOwnerTestCase
&ResourceOwnerTestCase
test case classes for easier unit testing custom resource owners