This change is discussed in #104
Currently, the library defaults to a QR Code Provider using an external
service, thus leaking secrets.
This change forces the definition of a QR Code Provider in the
constructor. It is a breaking change.
fixes#104
* master:
add CI4-auth link in README. fix#107 (#123)
remove insecure rng providers and remove polyfill for hash_equals (#122)
delete files specific to code editors (#120)
Exclude useless files from dist archive #103
* remove insecure rng providers
and remove the openssl provider. We now rely exclusively on
random_bytes(), as there are no reasons not to. Fix#121
* remove the isSecure property of the test rng class
* remove pointless test rng class
we were testing a test class, which didn't make a lot of sense.
* Revert "remove pointless test rng class"
This reverts commit f6da6bee6d.
* Reapply "remove pointless test rng class"
This reverts commit 06220d4a54.
* assing rng provider to class attribute
this also aligns with other providers
* remove polyfill for hash_equals
This change adds the PHP attribute SensitiveParameter to the secret
holding variables.
See: https://www.php.net/manual/en/class.sensitiveparameter
This feature is only available in PHP 8.2, so the minimum php version
required has been updated.
Github Actions now use PHP 8.2 and 8.3 for the tests.
The checkout action has been updated to v4, too.
Fix issue #118
By forcing $this->issuer to be string, even if null is set, it prevents throwing errors in PHP 8.1 is `rawurlencode` is not allowed to have null as parameter.
It would be better to force string to be already in `__construct`, but this may create a breaking change for existing users.
Changed access modifier for the function getQRText() from private to
public.
This allows for generating the QR Code in different ways (eg pass the
data from getQRText() to the client and have a Javascript Library render
the QR Code)
* Added a bunch basic of unittests for the RNG's
* QRicketProvider and QRServerProvider now throw on invalid MIME-types
* TwoFactorAuth now first tries to use CSRNGProvider before any of the other RNG providers
