Merge branch '11.x'

Author: nunomaduro

.gitattributes

@@ -14,5 +14,6 @@
 .gitignore export-ignore
 .styleci.yml export-ignore
 CHANGELOG.md export-ignore
+phpstan.neon.dist export-ignore
 phpunit.xml.dist export-ignore
 UPGRADE.md

.github/ISSUE_TEMPLATE/1_Bug_report.md

@@ -0,0 +1,47 @@
+name: Bug Report
+description: "Report a general library issue."
+body:
+  - type: markdown
+    attributes:
+      value: "Before submitting your report, [please ensure your Laravel version is still supported](https://laravel.com/docs/releases#support-policy)."
+  - type: input
+    attributes:
+      label: Passport Version
+      description: Provide the Passport version that you are using.
+      placeholder: 10.0.1
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Laravel Version
+      description: Provide the Laravel version that you are using.
+      placeholder: 10.4.1
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: PHP Version
+      description: Provide the PHP version that you are using.
+      placeholder: 8.1.4
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Database Driver & Version
+      description: If applicable, provide the database driver and version you are using.
+      placeholder: "MySQL 8.0.31 for macOS 13.0 on arm64 (Homebrew)"
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Description
+      description: Provide a detailed description of the issue you are facing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Provide detailed steps to reproduce your issue. If necessary, please provide a GitHub repository to demonstrate your issue using `laravel new bug-report --github="--public"`.
+    validations:
+      required: true
+      

.github/ISSUE_TEMPLATE/1_Bug_report.yml

@@ -0,0 +1,41 @@
+name: static analysis
+
+on:
+  push:
+    branches:
+      - master
+      - '*.x'
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  tests:
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: true
+
+    name: Static Analysis
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.2
+          tools: composer:v2
+          coverage: none
+
+      - name: Install dependencies
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: composer update --prefer-stable --prefer-dist --no-interaction --no-progress
+
+      - name: Execute type checking
+        run: vendor/bin/phpstan

.github/workflows/static-analysis.yml

@@ -16,17 +16,19 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: ['8.0', 8.1, 8.2]
+        php: ['8.0', 8.1, 8.2, 8.3]
         laravel: [9, 10]
         exclude:
           - php: '8.0'
             laravel: 10
+          - php: 8.3
+            laravel: 9
 
     name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }}
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2

.github/workflows/tests.yml

@@ -1,6 +1,62 @@
 # Release Notes
 
-## [Unreleased](https://github.com/laravel/passport/compare/v11.8.0...master)
+## [Unreleased](https://github.com/laravel/passport/compare/v11.10.0...master)
+
+## [v11.10.0](https://github.com/laravel/passport/compare/v11.9.2...v11.10.0) - 2023-11-02
+
+- [11.x] Named static methods for middleware by [@michaelnabil230](https://github.com/michaelnabil230) in https://github.com/laravel/passport/pull/1695
+- Simplify Conditional Statement by [@michaelnabil230](https://github.com/michaelnabil230) in https://github.com/laravel/passport/pull/1696
+
+## [v11.9.2](https://github.com/laravel/passport/compare/v11.9.1...v11.9.2) - 2023-10-16
+
+- Add return to revokeRefreshTokensByAccessTokenId method by [@aminkhoshzahmat](https://github.com/aminkhoshzahmat) in https://github.com/laravel/passport/pull/1693
+
+## [v11.9.1](https://github.com/laravel/passport/compare/v11.9.0...v11.9.1) - 2023-09-01
+
+- [11.x] Allow scope repository to be constructed without parameters by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1686
+
+## [v11.9.0](https://github.com/laravel/passport/compare/v11.8.8...v11.9.0) - 2023-08-29
+
+- [11.x] Add the ability to limit scopes by client by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1682
+- [11.x] Add support for inherited scopes when limiting scopes on clients by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1683
+
+## [v11.8.8](https://github.com/laravel/passport/compare/v11.8.7...v11.8.8) - 2023-07-07
+
+- Add generics to client factory by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1669
+- Update composer.json by [@Smoggert](https://github.com/Smoggert) in https://github.com/laravel/passport/pull/1674
+- Update composer.json by [@drhoussem](https://github.com/drhoussem) in https://github.com/laravel/passport/pull/1677
+
+## [v11.8.7](https://github.com/laravel/passport/compare/v11.8.6...v11.8.7) - 2023-04-28
+
+- Revert "[11.x] Add Provider Guard to ClientRepository for Personal Access Clients" by @driesvints in https://github.com/laravel/passport/pull/1658
+
+## [v11.8.6](https://github.com/laravel/passport/compare/v11.8.5...v11.8.6) - 2023-04-24
+
+- Add Provider Guard to ClientRepository for Personal Access Clients by @michaelnabil230 in https://github.com/laravel/passport/pull/1655
+
+## [v11.8.5](https://github.com/laravel/passport/compare/v11.8.4...v11.8.5) - 2023-04-04
+
+- Allow `lcobucci/jwt` v5 and cleaned up version constraints by @GrahamCampbell in https://github.com/laravel/passport/pull/1649
+- Pass user identifier through to finalize scopes in personal access grant by @GrahamCampbell in https://github.com/laravel/passport/pull/1650
+
+## [v11.8.4](https://github.com/laravel/passport/compare/v11.8.3...v11.8.4) - 2023-03-18
+
+- Removed deprecated `dates` property from `RefreshToken` model by @siarheipashkevich in https://github.com/laravel/passport/pull/1645
+- Removed deprecated `dates` property from `AuthCode` model by @siarheipashkevich in https://github.com/laravel/passport/pull/1644
+- Fix doc block types by @hafezdivandari in https://github.com/laravel/passport/pull/1647
+
+## [v11.8.3](https://github.com/laravel/passport/compare/v11.8.2...v11.8.3) - 2023-03-01
+
+- Allow overriding the `AccessToken` class by @hafezdivandari in https://github.com/laravel/passport/pull/1638
+- Make `$userId` nullable in `ClientRepository->createPersonalAccessClient` by @bram-pkg in https://github.com/laravel/passport/pull/1642
+
+## [v11.8.2](https://github.com/laravel/passport/compare/v11.8.1...v11.8.2) - 2023-02-20
+
+- Re-apply "Added AuthenticationException to extend the behaviour of Laravel's default exception handler" by @driesvints in https://github.com/laravel/passport/commit/67c3e336af163f6eba5dbca8e5db46275ff0e433
+
+## [v11.8.1](https://github.com/laravel/passport/compare/v11.8.0...v11.8.1) - 2023-02-20
+
+- Revert "Move AuthenticationException into the scope of Laravel Passport" by @driesvints in https://github.com/laravel/passport/commit/db543b0cc13ed3f56f1bffda04707fbe2a8c7ab5
 
 ## [v11.8.0](https://github.com/laravel/passport/compare/v11.7.0...v11.8.0) - 2023-02-17
 

CHANGELOG.md

@@ -16,7 +16,7 @@
     "require": {
         "php": "^8.0",
         "ext-json": "*",
-        "firebase/php-jwt": "^6.3.1",
+        "firebase/php-jwt": "^6.4",
         "illuminate/auth": "^9.0|^10.0",
         "illuminate/console": "^9.0|^10.0",
         "illuminate/container": "^9.0|^10.0",
@@ -26,15 +26,16 @@
         "illuminate/encryption": "^9.0|^10.0",
         "illuminate/http": "^9.0|^10.0",
         "illuminate/support": "^9.0|^10.0",
-        "lcobucci/jwt": "^3.4|^4.0",
-        "league/oauth2-server": "^8.2",
-        "nyholm/psr7": "^1.3",
+        "lcobucci/jwt": "^4.3|^5.0",
+        "league/oauth2-server": "^8.5.3",
+        "nyholm/psr7": "^1.5",
         "phpseclib/phpseclib": "^2.0|^3.0",
-        "symfony/psr-http-message-bridge": "^2.0"
+        "symfony/psr-http-message-bridge": "^2.1"
     },
     "require-dev": {
         "mockery/mockery": "^1.0",
-        "orchestra/testbench": "^7.0|^8.0",
+        "orchestra/testbench": "^7.31|^8.11",
+        "phpstan/phpstan": "^1.10",
         "phpunit/phpunit": "^9.3"
     },
     "autoload": {
@@ -45,7 +46,9 @@
     },
     "autoload-dev": {
         "psr-4": {
-            "Laravel\\Passport\\Tests\\": "tests/"
+            "Laravel\\Passport\\Tests\\": "tests/",
+            "Workbench\\App\\": "workbench/app/",
+            "Workbench\\Database\\Factories\\": "workbench/database/factories/"
         }
     },
     "extra": {
@@ -61,6 +64,10 @@
     "config": {
         "sort-packages": true
     },
+    "scripts": {
+        "post-autoload-dump": "@prepare",
+        "prepare": "@php vendor/bin/testbench package:discover --ansi"
+    },
     "minimum-stability": "dev",
     "prefer-stable": true
 }

composer.json

@@ -7,6 +7,9 @@
 use Laravel\Passport\Client;
 use Laravel\Passport\Passport;
 
+/**
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<\Laravel\Passport\Client>
+ */
 class ClientFactory extends Factory
 {
     /**

database/factories/ClientFactory.php

@@ -0,0 +1,11 @@
+parameters:
+  paths:
+    - config
+    - database
+    - routes
+    - src
+
+  level: 0
+
+  ignoreErrors:
+    - "#Unsafe usage of new static\\(\\)#"

phpstan.neon.dist

@@ -34,15 +34,7 @@ class AuthCode extends Model
      */
     protected $casts = [
         'revoked' => 'bool',
-    ];
-
-    /**
-     * The attributes that should be mutated to dates.
-     *
-     * @var array
-     */
-    protected $dates = [
-        'expires_at',
+        'expires_at' => 'datetime',
     ];
 
     /**

src/AuthCode.php

@@ -5,6 +5,7 @@
 use DateTime;
 use Illuminate\Contracts\Events\Dispatcher;
 use Laravel\Passport\Events\AccessTokenCreated;
+use Laravel\Passport\Passport;
 use Laravel\Passport\TokenRepository;
 use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\ClientEntityInterface;
@@ -46,7 +47,7 @@ public function __construct(TokenRepository $tokenRepository, Dispatcher $events
      */
     public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null)
     {
-        return new AccessToken($userIdentifier, $scopes, $clientEntity);
+        return new Passport::$accessTokenEntity($userIdentifier, $scopes, $clientEntity);
     }
 
     /**

src/Bridge/AccessTokenRepository.php

@@ -20,14 +20,22 @@ public function respondToAccessTokenRequest(
         // Validate request
         $client = $this->validateClient($request);
         $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
+        $userIdentifier = $this->getRequestParameter('user_id', $request);
 
         // Finalize the requested scopes
-        $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
+        $scopes = $this->scopeRepository->finalizeScopes(
+            $scopes,
+            $this->getIdentifier(),
+            $client,
+            $userIdentifier
+        );
 
         // Issue and persist access token
         $accessToken = $this->issueAccessToken(
-            $accessTokenTTL, $client,
-            $this->getRequestParameter('user_id', $request), $scopes
+            $accessTokenTTL,
+            $client,
+            $userIdentifier,
+            $scopes
         );
 
         // Inject access token into response type

src/Bridge/PersonalAccessGrant.php

@@ -2,12 +2,31 @@
 
 namespace Laravel\Passport\Bridge;
 
+use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Passport;
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 
 class ScopeRepository implements ScopeRepositoryInterface
 {
+    /**
+     * The client repository.
+     *
+     * @var \Laravel\Passport\ClientRepository|null
+     */
+    protected ?ClientRepository $clients;
+
+    /**
+     * Create a new scope repository.
+     *
+     * @param  \Laravel\Passport\ClientRepository|null  $clients
+     * @return void
+     */
+    public function __construct(?ClientRepository $clients = null)
+    {
+        $this->clients = $clients;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -31,8 +50,12 @@ public function finalizeScopes(
             })->values()->all();
         }
 
+        $client = $this->clients?->findActive($clientEntity->getIdentifier());
+
         return collect($scopes)->filter(function ($scope) {
             return Passport::hasScope($scope->getIdentifier());
+        })->when($client, function ($scopes, $client) {
+            return $scopes->filter(fn ($scope) => $client->hasScope($scope->getIdentifier()));
         })->values()->all();
     }
 }