Merging develop to master in preparation for 1.5.0 release.

.coveralls.yml

@@ -0,0 +1,2 @@
+coverage_clover: clover.xml
+json_path: coveralls-upload.json

.gitattributes

@@ -0,0 +1,9 @@
+/.coveralls.yml export-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore
+/.travis.yml export-ignore
+/composer.lock export-ignore
+/docs/ export-ignore
+/phpcs.xml export-ignore
+/phpunit.xml.dist export-ignore
+/test/ export-ignore

.gitignore

@@ -1,3 +1,4 @@
-.idea/
-vendor/
-phpunit.xml
+/clover.xml
+/coveralls-upload.json
+/phpunit.xml
+/vendor/

.travis.yml

@@ -5,74 +5,81 @@ language: php
 cache:
   directories:
     - $HOME/.composer/cache
-    - vendor
 
 services:
   - mongodb
 
 env:
   global:
-    - COMPOSER_ARGS="--no-interaction --ignore-platform-reqs"
+    - COMPOSER_ARGS="--no-interaction"
+    - COVERAGE_DEPS="php-coveralls/php-coveralls"
+    - MONGO_DRIVER=mongodb
 
 matrix:
-  fast_finish: true
   include:
     - php: 5.6
       env:
         - DEPS=lowest
+        - MONGO_DRIVER=mongo
     - php: 5.6
       env:
         - DEPS=locked
+        - MONGO_DRIVER=mongo
+        - LEGACY_DEPS="phpunit/phpunit"
     - php: 5.6
       env:
         - DEPS=latest
+        - MONGO_DRIVER=mongo
     - php: 7
       env:
         - DEPS=lowest
-        - EXT_MONGODB=true
     - php: 7
       env:
         - DEPS=locked
-        - EXT_MONGODB=true
-        - CS_CHECK=true
+        - LEGACY_DEPS="phpunit/phpunit"
     - php: 7
       env:
         - DEPS=latest
-        - EXT_MONGODB=true
-    - php: hhvm 
+    - php: 7.1
       env:
         - DEPS=lowest
-    - php: hhvm 
+    - php: 7.1
       env:
         - DEPS=locked
-    - php: hhvm 
+        - CS_CHECK=true
+        - TEST_COVERAGE=true
+    - php: 7.1
+      env:
+        - DEPS=latest
+    - php: 7.2
+      env:
+        - DEPS=lowest
+    - php: 7.2
+      env:
+        - DEPS=locked
+    - php: 7.2
       env:
-        - EXT_MONGODB=true
         - DEPS=latest
-  allow_failures:
-    - php: hhvm
-
-notifications:
-  irc: "irc.freenode.org#apigility-dev"
-  email: false
 
 before_install:
   - if [[ $TEST_COVERAGE != 'true' ]]; then phpenv config-rm xdebug.ini || return 0 ; fi
-  - if [[ $EXT_MONGODB == 'true' && $TRAVIS_PHP_VERSION == '7' ]]; then echo "extension = mongodb.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini ; fi
-  - if [[ $EXT_MONGODB == 'true' && $TRAVIS_PHP_VERSION == 'hhvm' ]]; then echo "extension = mongodb.so" >> /etc/hhvm/php.ini ; fi
-  - if [[ $EXT_MONGODB != 'true' && $TRAVIS_PHP_VERSION != 'hhvm' ]]; then echo "extension = mongo.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini ; fi
-  - if [[ $EXT_MONGODB != 'true' && $TRAVIS_PHP_VERSION == 'hhvm' ]]; then echo "extension = mongo.so" >> /etc/hhvm/php.ini ; fi
-  - travis_retry composer self-update
-  - chmod -R +rwX test/TestAsset
+  - pecl channel-update pecl.php.net
+  - yes '' | pecl -q install -f $MONGO_DRIVER
 
 install:
-  - if [[ $EXT_MONGODB == 'true' ]]; then composer require --dev $COMPOSER_ARGS alcaeus/mongo-php-adapter ; fi
+  - travis_retry composer install $COMPOSER_ARGS --ignore-platform-reqs
+  - if [[ $LEGACY_DEPS != '' ]]; then travis_retry composer update $COMPOSER_ARGS --with-dependencies $LEGACY_DEPS ; fi
   - if [[ $DEPS == 'latest' ]]; then travis_retry composer update $COMPOSER_ARGS ; fi
   - if [[ $DEPS == 'lowest' ]]; then travis_retry composer update --prefer-lowest --prefer-stable $COMPOSER_ARGS ; fi
-  - travis_retry composer install $COMPOSER_ARGS
-  - if [[ $TRAVIS_PHP_VERSION != 'hhvm' ]]; then php -m ; fi
-  - composer show
+  - if [[ $TEST_COVERAGE == 'true' ]]; then travis_retry composer require --dev $COMPOSER_ARGS $COVERAGE_DEPS ; fi
+  - stty cols 120 && composer show
 
 script:
-  - composer test
+  - if [[ $TEST_COVERAGE == 'true' ]]; then composer test-coverage ; else composer test ; fi
   - if [[ $CS_CHECK == 'true' ]]; then composer cs-check ; fi
+
+after_script:
+  - if [[ $TEST_COVERAGE == 'true' ]]; then travis_retry php vendor/bin/php-coveralls -v ; fi
+
+notifications:
+  email: false

CHANGELOG.md

@@ -2,19 +2,27 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
-## 1.4.1 - TBD
+## 1.5.0 - 2018-05-07
 
 ### Added
 
-- Nothing.
+- [#167](https://github.com/zfcampus/zf-oauth2/pull/167) adds support for PHP 7.1 and 7.2.
+
+### Changed
+
+- [#160](https://github.com/zfcampus/zf-oauth2/pull/160) alters `AuthController::tokenAction()` such that it uses the exception code from
+  a caught `ProblemExceptionInterface` instance as the ApiProblem status if it falls in the 400-600 range.
+
+- [#151](https://github.com/zfcampus/zf-oauth2/pull/151) updates `ZF\OAuth2\Provider\UserId\AuthenticationService` to allow injecting any
+  `Zend\Authentication\AuthenticationServiceInterface` implementation, not just `Zend\Authentication\AuthenticationService`.
 
 ### Deprecated
 
 - Nothing.
 
 ### Removed
 
-- Nothing.
+- [#167](https://github.com/zfcampus/zf-oauth2/pull/167) removes support for HHVM.
 
 ### Fixed
 
@@ -62,6 +70,10 @@ All notable changes to this project will be documented in this file, in reverse
 
 - Nothing.
 
+### Changed
+
+- Nothing.
+
 ### Deprecated
 
 - Nothing.

LICENSE.md

@@ -1,16 +1,15 @@
-Copyright (c) 2014-2016, Zend Technologies USA, Inc.
-
+Copyright (c) 2014-2018, Zend Technologies USA, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
 are permitted provided that the following conditions are met:
 
-- Redistributions of source code must retain the above copyright notice,
-  this list of conditions and the following disclaimer.
+- Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
 
-- Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
+- Redistributions in binary form must reproduce the above copyright notice, this
+  list of conditions and the following disclaimer in the documentation and/or
+  other materials provided with the distribution.
 
 - Neither the name of Zend Technologies USA, Inc. nor the names of its
   contributors may be used to endorse or promote products derived from this

README.md

@@ -1,20 +1,18 @@
-Zf-OAuth2
-=========
+# zf-oauth2
 
-[![Build Status](https://travis-ci.org/zfcampus/zf-oauth2.png)](https://travis-ci.org/zfcampus/zf-oauth2)
+[![Build Status](https://secure.travis-ci.org/zfcampus/zf-oauth2.svg?branch=master)](https://secure.travis-ci.org/zfcampus/zf-oauth2)
+[![Coverage Status](https://coveralls.io/repos/github/zfcampus/zf-oauth2/badge.svg?branch=master)](https://coveralls.io/github/zfcampus/zf-oauth2?branch=master)
 
-ZF2 module for [OAuth2](http://oauth.net/2/) authentication.
+ZF module for [OAuth2](http://oauth.net/2/) authentication.
 
 This module uses the [oauth2-server-php](https://github.com/bshaffer/oauth2-server-php)
 library by Brent Shaffer to provide OAuth2 support.
 
-Requirements
-------------
+## Requirements
 
 Please see the [composer.json](composer.json) file.
 
-Installation
-------------
+## Installation
 
 You can install using:
 
@@ -47,8 +45,7 @@ configuration:
 > that plugin will install zf-oauth2 and its other Apigility dependencies as
 > modules for you.
 
-Configuration
--------------
+## Configuration
 
 This module uses any PDO-suported database to manage the OAuth2 information
 (users, client, token, etc).  The database structure is stored in
@@ -141,8 +138,7 @@ return array(
 );
 ```
 
-Mongo Configuration
--------------------
+## Mongo Configuration
 
 The Mongo OAuth2 adapter wraps the bshaffer adapter by adding the same password encryption
 as the rest of apigility.  The collections needed are the same as above in the PDO
@@ -158,8 +154,7 @@ oauth_clients collection:
 }
 ```
 
-User ID Provider
-----------------
+## User ID Provider
 
 When a user requests an authorization code they may provide their user_id as a request parameter to
 the `/oauth/authorize` route.  This will store the `user_id` in the `access_token`, `refresh_token`,
@@ -188,8 +183,7 @@ return array(
 );
 ```
 
-How to test OAuth2
-------------------
+## How to test OAuth2
 
 To test the OAuth2 module, you have to add a `client_id` and a `client_secret`
 into the oauth2 database. If you are using the SQLite test database, you don't
@@ -232,8 +226,7 @@ To test the OAuth2 module, you can use an HTTP client like
 [HTTPie](https://github.com/jkbr/httpie) or [CURL](http://curl.haxx.se/).  The
 examples below use HTTPie and the test account "testclient"/"testpass".
 
-REQUEST TOKEN (client\_credentials)
------------------------------------
+## REQUEST TOKEN (client\_credentials)
 
 You can request an OAuth2 token using the following HTTPie command:
 
@@ -260,8 +253,7 @@ call, a [TLS/SSL](http://en.wikipedia.org/wiki/Transport_Layer_Security)
 connection is required.
 
 
-AUTHORIZE (code)
-----------------
+## AUTHORIZE (code)
 
 If you have to integrate an OAuth2 service with a web application, you need to
 use the Authorization Code grant type.  This grant requires an approval step to
@@ -346,8 +338,7 @@ var parseQueryString = function( queryString ) {
 var tokenParams = parseQueryString(window.location.hash.substr(1));
 ```
 
-REVOKE (code)
--------------
+## REVOKE (code)
 
 Starting with version 1.4.0, you can revoke access tokens. By default, revocation
 happens via a POST request to the path `/oauth/revoke`, which expects a payload
@@ -359,8 +350,7 @@ with:
 
 The payload may be delivered as `application/x-www-form-urlencoded` or as JSON.
 
-Access a test resource
-----------------------
+## Access a test resource
 
 When you obtain a valid token, you can access a restricted API resource. The
 OAuth2 module is shipped with a test resource that is accessible with the URL
@@ -378,8 +368,7 @@ As you can see, the OAuth2 module supports the data either via POST, using the
 `access_token` value, or using the [Bearer](http://tools.ietf.org/html/rfc6750)
 authorization header.
 
-How to protect your API using OAuth2
-------------------------------------
+## How to protect your API using OAuth2
 
 You can protect your API using the following code (for instance, at the top of a
 controller):