Merge branch '9.x'

driesvints · driesvints · commit 81c92b0ecb43 · 2020-05-05T21:44:26.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,15 +7,18 @@
 
 ### Added
 - Allow client credentials secret to be hashed ([#1145](https://github.com/laravel/passport/pull/1145), [ccbcfeb](https://github.com/laravel/passport/commit/ccbcfeb5301e8f757395ba0e43980615acf4385e), [1c40ae0](https://github.com/laravel/passport/commit/1c40ae07503aeb23173d48f3a6e5757cafcfd71b))
+- Implement `passport:hash` command ([#1238](https://github.com/laravel/passport/pull/1238))
 - Initial support for multiple providers ([#1220](https://github.com/laravel/passport/pull/1220))
 
 ### Changed
 - Client credentials middleware should allow any valid client ([#1132](https://github.com/laravel/passport/pull/1132))
 - Switch from `getKey()` to `getAuthIdentifier()` to match Laravel core ([#1134](https://github.com/laravel/passport/pull/1134))
 - Use Hasher interface instead of HashManager ([#1157](https://github.com/laravel/passport/pull/1157))
+- Bump league server dependency ([#1237](https://github.com/laravel/passport/pull/1237))
 
 ### Removed
 - Remove deprecated functionality ([#1235](https://github.com/laravel/passport/pull/1235))
+- Drop support for old JWT versions ([#1236](https://github.com/laravel/passport/pull/1236))
 
 
 ## [v8.5.0 (2020-05-05)](https://github.com/laravel/passport/compare/v8.4.4...v8.5.0)
diff --git a/UPGRADE.md b/UPGRADE.md
@@ -1,5 +1,48 @@
 # Upgrade Guide
 
+## Upgrading To 9.0 From 8.0
+
+### Support For Multiple Guards
+
+PR: https://github.com/laravel/passport/pull/1220
+
+Passport now has support for multiple guard user providers. Because of this change, you must add a `provider` column to the `oauth_clients` database table:
+
+    Schema::table('oauth_clients', function (Blueprint $table) {
+        $table->string('provider')->after('secret')->nullable();
+    });
+
+### Client Credentials Secret Hashing
+
+PR: https://github.com/laravel/passport/pull/1145
+
+Client secrets may now be stored using a Bcrypt hash. However, before enabling this functionality, please consider the following. First, there is no way to reverse the hashing process once you have migrated your existing tokens. Secondly, when hashing client secrets, you will only have one opportunity to display the plain-text value to the user before it is hashed and stored in the database.
+
+You may enable client secret hashing by calling the `Passport::hashClientSecrets()` method within the `boot` method of your `AppServiceProvider`. For convenience, we've included a new Artisan command which you can run to hash all existing client secrets:
+
+    php artisan passport:hash
+
+**Again, please be aware that running this command cannot be undone. For extra precaution, you may wish to create a backup of your database before running the command.**
+
+### Client Credentials Middleware Changes
+
+PR: https://github.com/laravel/passport/pull/1132
+
+[After a lengthy debate](https://github.com/laravel/passport/issues/1125), it was decided to revert the change made [in a previous PR](https://github.com/laravel/passport/pull/1040) that introduced an exception when the client credentials middleware was used to authenticate first party clients.
+
+### Switch From `getKey` To `getAuthIdentifier`
+
+PR: https://github.com/laravel/passport/pull/1134
+
+Internally, Passport will now use the `getAuthIdentifier` method to determine a model's primary key. This is consistent with the framework and Laravel's first party libraries.
+
+### Remove Deprecated Functionality
+
+PR: https://github.com/laravel/passport/pull/1235
+
+The deprecated `revokeOtherTokens` and `pruneRevokedTokens` methods and the `revokeOtherTokens` and `pruneRevokedTokens` properties were removed from the `Passport` object.
+
+
 ## Upgrading To 8.0 From 7.0
 
 ### Minimum & Upgraded Versions
diff --git a/composer.json b/composer.json
@@ -16,7 +16,7 @@
     "require": {
         "php": "^7.2",
         "ext-json": "*",
-        "firebase/php-jwt": "^3.0|^4.0|^5.0",
+        "firebase/php-jwt": "^5.0",
         "guzzlehttp/guzzle": "^6.0",
         "illuminate/auth": "^6.0|^7.0",
         "illuminate/console": "^6.0|^7.0",
@@ -28,7 +28,7 @@
         "illuminate/http": "^6.0|^7.0",
         "illuminate/support": "^6.0|^7.0",
         "laminas/laminas-diactoros": "^2.2",
-        "league/oauth2-server": "^8.0",
+        "league/oauth2-server": "^8.1",
         "nyholm/psr7": "^1.0",
         "phpseclib/phpseclib": "^2.0",
         "symfony/psr-http-message-bridge": "^2.0"
diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php
@@ -162,6 +162,6 @@ protected function createAuthCodeClient(ClientRepository $clients)
     protected function outputClientDetails(Client $client)
     {
         $this->line('<comment>Client ID:</comment> '.$client->id);
-        $this->line('<comment>Client secret:</comment> '.$client->secret);
+        $this->line('<comment>Client secret:</comment> '.$client->plainSecret);
     }
 }
diff --git a/src/Console/HashCommand.php b/src/Console/HashCommand.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Laravel\Passport\Console;
+
+use Illuminate\Console\Command;
+use Laravel\Passport\Passport;
+
+class HashCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'passport:hash';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Hash all of the existing secrets in the clients table';
+
+    /**
+     * Execute the console command.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        if (! Passport::$hashesClientSecrets) {
+            $this->warn('Please enable client hashing yet in your AppServiceProvider before continuning.');
+
+            return;
+        }
+
+        if ($this->confirm('Are you sure you want to hash all client secrets? This cannot be undone.')) {
+            $model = Passport::clientModel();
+
+            foreach ((new $model)->whereNotNull('secret')->cursor() as $client) {
+                if (password_get_info($client->secret)['algo'] === PASSWORD_BCRYPT) {
+                    continue;
+                }
+
+                $client->timestamps = false;
+
+                $client->forceFill([
+                    'secret' => password_hash($client->secret, PASSWORD_BCRYPT),
+                ])->save();
+            }
+
+            $this->info('All client secrets were successfully hashed.');
+        }
+    }
+}
diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php
@@ -62,6 +62,7 @@ public function boot()
             $this->commands([
                 Console\InstallCommand::class,
                 Console\ClientCommand::class,
+                Console\HashCommand::class,
                 Console\KeysCommand::class,
                 Console\PurgeCommand::class,
             ]);

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,6 @@ protected function createAuthCodeClient(ClientRepository $clients)`
`162`	`162`	`protected function outputClientDetails(Client $client)`
`163`	`163`	`{`
`164`	`164`	`$this->line('<comment>Client ID:</comment> '.$client->id);`
`165`		`- $this->line('<comment>Client secret:</comment> '.$client->secret);`
	`165`	`+ $this->line('<comment>Client secret:</comment> '.$client->plainSecret);`
`166`	`166`	`}`
`167`	`167`	`}`