[13.x] Release Passport 13.x (#1797)

* fix some types

* switch to uuid v7

* fix types

* improve tests

* formatting

* add more tests

* add more tests

* formatting

* formatting

* fix some types

* require Laravel 11.7 for uuid v7

* add more tests

* enhance issuing PATs

* add support for PHP 8.4

* formatting

* remove unused trait

* formatting

* add guard name to authentication exception

* formatting

* add client grant_types attribute

* remove lcobucci/jwt

* fix cookie jwt

* fix tests with notices

* make tests more strict

* bump dependencies

* wip

* better naming

* formatting

* enable psr auto-discovery

* use uuid7 trait on client model

* better naming

* formatting

* formatting

* support Laravel 12.x

* formatting

* add more tests

* formatting

* formatting

* formatting

* formatting

* bump phpunit

* formatting

* formatting

* revert renaming csrf claim into jti

* add 2 interfaces

* fix HasUuid trait

* formatting

* fix tests

* revert irrelevant style fix

* deprecate `HasApiTokens::clients()` method

* rename interface to `OAuthenticatable`

* formatting

* rename interface to `ScopeAuthorizable`

* formatting

* formatting

Author: hafezdivandari

.github/workflows/tests.yml

@@ -29,14 +29,14 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php }}
-          extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick
+          extensions: dom, curl, libxml, mbstring, zip
           ini-values: error_reporting=E_ALL
           tools: composer:v2
           coverage: none
 
       - name: Install dependencies
         run: |
-           composer update --prefer-dist --no-interaction --no-progress --with="illuminate/contracts=^${{ matrix.laravel }}"
+          composer update --prefer-dist --no-interaction --no-progress --with="illuminate/contracts=^${{ matrix.laravel }}"
 
       - name: Execute tests
-        run: vendor/bin/phpunit ${{ matrix.laravel >= 10 && '--display-deprecations' || '' }}
+        run: vendor/bin/phpunit --display-deprecations --display-phpunit-deprecations

UPGRADE.md

@@ -12,9 +12,9 @@ PHP 8.2 is now the minimum required version.
 
 ### Minimum Laravel Version
 
-PR: https://github.com/laravel/passport/pull/1757, https://github.com/laravel/passport/pull/1783
+PR: https://github.com/laravel/passport/pull/1757, https://github.com/laravel/passport/pull/1783, https://github.com/laravel/passport/pull/1797 
 
-Laravel 11.14 is now the minimum required version.
+Laravel 11.35 is now the minimum required version.
 
 ### OAuth2 Server
 

composer.json

@@ -18,27 +18,27 @@
         "ext-json": "*",
         "ext-openssl": "*",
         "firebase/php-jwt": "^6.4",
-        "illuminate/auth": "^11.14|^12.0",
-        "illuminate/console": "^11.14|^12.0",
-        "illuminate/container": "^11.14|^12.0",
-        "illuminate/contracts": "^11.14|^12.0",
-        "illuminate/cookie": "^11.14|^12.0",
-        "illuminate/database": "^11.14|^12.0",
-        "illuminate/encryption": "^11.14|^12.0",
-        "illuminate/http": "^11.14|^12.0",
-        "illuminate/support": "^11.14|^12.0",
-        "lcobucci/jwt": "^5.0",
-        "league/oauth2-server": "^9.0",
-        "nyholm/psr7": "^1.5",
+        "illuminate/auth": "^11.35|^12.0",
+        "illuminate/console": "^11.35|^12.0",
+        "illuminate/container": "^11.35|^12.0",
+        "illuminate/contracts": "^11.35|^12.0",
+        "illuminate/cookie": "^11.35|^12.0",
+        "illuminate/database": "^11.35|^12.0",
+        "illuminate/encryption": "^11.35|^12.0",
+        "illuminate/http": "^11.35|^12.0",
+        "illuminate/support": "^11.35|^12.0",
+        "league/oauth2-server": "^9.2",
+        "php-http/discovery": "^1.20",
         "phpseclib/phpseclib": "^3.0",
-        "symfony/console": "^7.0",
+        "psr/http-factory-implementation": "*",
+        "symfony/console": "^7.1",
         "symfony/psr-http-message-bridge": "^7.1"
     },
     "require-dev": {
-        "mockery/mockery": "^1.0",
-        "orchestra/testbench": "^9.0|^10.0",
-        "phpstan/phpstan": "^1.10",
-        "phpunit/phpunit": "^10.5|^11.5"
+        "mockery/mockery": "^1.6",
+        "orchestra/testbench": "^9.9|^10.0",
+        "phpstan/phpstan": "^2.0",
+        "phpunit/phpunit": "^11.5|^12.0"
     },
     "autoload": {
         "psr-4": {
@@ -61,7 +61,10 @@
         }
     },
     "config": {
-        "sort-packages": true
+        "sort-packages": true,
+        "allow-plugins": {
+            "php-http/discovery": false
+        }
     },
     "scripts": {
         "post-autoload-dump": "@prepare",

database/factories/ClientFactory.php

@@ -29,7 +29,8 @@ public function modelName(): string
     public function definition(): array
     {
         return [
-            'user_id' => null,
+            'owner_id' => null,
+            'owner_type' => null,
             'name' => $this->faker->company(),
             'secret' => Str::random(40),
             'redirect_uris' => [$this->faker->url()],

database/migrations/2016_06_01_000004_create_oauth_clients_table.php

@@ -13,7 +13,7 @@ public function up(): void
     {
         Schema::create('oauth_clients', function (Blueprint $table) {
             $table->uuid('id')->primary();
-            $table->foreignId('user_id')->nullable()->index();
+            $table->nullableMorphs('owner');
             $table->string('name');
             $table->string('secret')->nullable();
             $table->string('provider')->nullable();

phpunit.xml.dist

@@ -1,5 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit colors="true">
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
+         colors="true"
+         failOnDeprecation="true"
+         failOnNotice="true"
+         failOnRisky="true"
+         failOnWarning="true"
+>
     <testsuites>
         <testsuite name="Unit">
             <directory suffix="Test.php">./tests/Unit</directory>

src/AccessToken.php

@@ -6,39 +6,39 @@
 use Illuminate\Contracts\Support\Jsonable;
 use Illuminate\Support\Traits\ForwardsCalls;
 use JsonSerializable;
+use Laravel\Passport\Contracts\ScopeAuthorizable;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
- * @template TKey of string
  * @template TValue
  *
- * @implements \Illuminate\Contracts\Support\Arrayable<TKey, TValue>
+ * @implements \Illuminate\Contracts\Support\Arrayable<string, TValue>
  *
  * @property string $oauth_access_token_id
  * @property string $oauth_client_id
  * @property string $oauth_user_id
  * @property string[] $oauth_scopes
  */
-class AccessToken implements Arrayable, Jsonable, JsonSerializable
+class AccessToken implements ScopeAuthorizable, Arrayable, Jsonable, JsonSerializable
 {
     use ResolvesInheritedScopes, ForwardsCalls;
 
     /**
      * The token instance.
      */
-    protected ?Token $token;
+    protected ?Token $token = null;
 
     /**
      * All the attributes set on the access token instance.
      *
-     * @var array<TKey, TValue>
+     * @var array<string, TValue>
      */
     protected array $attributes = [];
 
     /**
      * Create a new access token instance.
      *
-     * @param  array<TKey, TValue>  $attributes
+     * @param  array<string, TValue>  $attributes
      */
     public function __construct(array $attributes = [])
     {
@@ -60,7 +60,7 @@ public static function fromPsrRequest(ServerRequestInterface $request): static
      */
     public function can(string $scope): bool
     {
-        return in_array('*', $this->oauth_scopes) || $this->scopeExists($scope, $this->oauth_scopes);
+        return in_array('*', $this->oauth_scopes) || $this->scopeExistsIn($scope, $this->oauth_scopes);
     }
 
     /**
@@ -98,7 +98,7 @@ protected function getToken(): ?Token
     /**
      * Convert the access token instance to an array.
      *
-     * @return array<TKey, TValue>
+     * @return array<string, TValue>
      */
     public function toArray(): array
     {
@@ -108,7 +108,7 @@ public function toArray(): array
     /**
      * Convert the object into something JSON serializable.
      *
-     * @return array<TKey, TValue>
+     * @return array<string, TValue>
      */
     public function jsonSerialize(): array
     {

src/ApiTokenCookieFactory.php

@@ -2,10 +2,10 @@
 
 namespace Laravel\Passport;
 
-use Carbon\Carbon;
 use Firebase\JWT\JWT;
 use Illuminate\Contracts\Config\Repository as Config;
 use Illuminate\Contracts\Encryption\Encrypter;
+use Illuminate\Support\Facades\Date;
 use Symfony\Component\HttpFoundation\Cookie;
 
 class ApiTokenCookieFactory
@@ -26,7 +26,7 @@ public function make(string|int $userId, string $csrfToken): Cookie
     {
         $config = $this->config->get('session');
 
-        $expiration = Carbon::now()->addMinutes((int) $config['lifetime']);
+        $expiration = Date::now()->addMinutes((int) $config['lifetime'])->getTimestamp();
 
         return new Cookie(
             Passport::cookie(),
@@ -37,19 +37,20 @@ public function make(string|int $userId, string $csrfToken): Cookie
             $config['secure'],
             true,
             false,
-            $config['same_site'] ?? null
+            $config['same_site'] ?? null,
+            $config['partitioned'] ?? false
         );
     }
 
     /**
      * Create a new JWT token for the given user ID and CSRF token.
      */
-    protected function createToken(string|int $userId, string $csrfToken, Carbon $expiration): string
+    protected function createToken(string|int $userId, string $csrfToken, int $expiration): string
     {
         return JWT::encode([
             'sub' => $userId,
             'csrf' => $csrfToken,
-            'expiry' => $expiration->getTimestamp(),
+            'exp' => $expiration,
         ], Passport::tokenEncryptionKey($this->encrypter), 'HS256');
     }
 }

src/AuthCode.php

@@ -31,7 +31,7 @@ class AuthCode extends Model
     /**
      * The attributes that should be cast to native types.
      *
-     * @var array<string, \Illuminate\Contracts\Database\Eloquent\Castable|string>
+     * @var array<string, string>
      */
     protected $casts = [
         'revoked' => 'bool',

src/Bridge/AccessTokenRepository.php

@@ -2,7 +2,6 @@
 
 namespace Laravel\Passport\Bridge;
 
-use DateTime;
 use Illuminate\Contracts\Events\Dispatcher;
 use Laravel\Passport\Events\AccessTokenCreated;
 use Laravel\Passport\Events\AccessTokenRevoked;
@@ -13,8 +12,6 @@
 
 class AccessTokenRepository implements AccessTokenRepositoryInterface
 {
-    use FormatsScopesForStorage;
-
     /**
      * Create a new repository instance.
      */
@@ -39,16 +36,14 @@ public function getNewToken(
      */
     public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity): void
     {
-        Passport::token()->newQuery()->create([
+        Passport::token()->forceFill([
             'id' => $id = $accessTokenEntity->getIdentifier(),
             'user_id' => $userId = $accessTokenEntity->getUserIdentifier(),
             'client_id' => $clientId = $accessTokenEntity->getClient()->getIdentifier(),
-            'scopes' => $this->scopesToArray($accessTokenEntity->getScopes()),
+            'scopes' => $accessTokenEntity->getScopes(),
             'revoked' => false,
-            'created_at' => new DateTime,
-            'updated_at' => new DateTime,
             'expires_at' => $accessTokenEntity->getExpiryDateTime(),
-        ]);
+        ])->save();
 
         $this->events->dispatch(new AccessTokenCreated($id, $userId, $clientId));
     }

src/Bridge/AuthCodeRepository.php

@@ -8,8 +8,6 @@
 
 class AuthCodeRepository implements AuthCodeRepositoryInterface
 {
-    use FormatsScopesForStorage;
-
     /**
      * {@inheritdoc}
      */
@@ -27,7 +25,7 @@ public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): voi
             'id' => $authCodeEntity->getIdentifier(),
             'user_id' => $authCodeEntity->getUserIdentifier(),
             'client_id' => $authCodeEntity->getClient()->getIdentifier(),
-            'scopes' => $this->formatScopesForStorage($authCodeEntity->getScopes()),
+            'scopes' => json_encode($authCodeEntity->getScopes()),
             'revoked' => false,
             'expires_at' => $authCodeEntity->getExpiryDateTime(),
         ])->save();

src/Bridge/FormatsScopesForStorage.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace Laravel\Passport\Bridge;
+
+use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
+use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
+
+class PersonalAccessBearerTokenResponse extends BearerTokenResponse
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected function getExtraParams(AccessTokenEntityInterface $accessToken): array
+    {
+        return [
+            'access_token_id' => $accessToken->getIdentifier(),
+        ];
+    }
+}

src/Bridge/PersonalAccessBearerTokenResponse.php

@@ -3,8 +3,11 @@
 namespace Laravel\Passport\Bridge;
 
 use DateInterval;
+use Laravel\Passport\Passport;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\AbstractGrant;
+use League\OAuth2\Server\RequestAccessTokenEvent;
+use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
@@ -47,6 +50,14 @@ public function respondToAccessTokenRequest(
             $scopes
         );
 
+        // Send event to emitter
+        $this->getEmitter()->emit(new RequestAccessTokenEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request, $accessToken));
+
+        // Persist access token's name
+        Passport::token()->newQuery()->whereKey($accessToken->getIdentifier())->update([
+            'name' => $this->getRequestParameter('name', $request),
+        ]);
+
         // Inject access token into response type
         $responseType->setAccessToken($accessToken);
 

src/Bridge/PersonalAccessGrant.php

@@ -31,12 +31,12 @@ public function getNewRefreshToken(): ?RefreshTokenEntityInterface
      */
     public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity): void
     {
-        Passport::refreshToken()->newQuery()->create([
+        Passport::refreshToken()->forceFill([
             'id' => $id = $refreshTokenEntity->getIdentifier(),
             'access_token_id' => $accessTokenId = $refreshTokenEntity->getAccessToken()->getIdentifier(),
             'revoked' => false,
             'expires_at' => $refreshTokenEntity->getExpiryDateTime(),
-        ]);
+        ])->save();
 
         $this->events->dispatch(new RefreshTokenCreated($id, $accessTokenId));
     }