Merge branch '1.x' into dependabot/composer/phpspec/prophecy-phpunit-…

…tw-2.2
slimphp · Jun 8, 2024 · 1ff747f · 1ff747f
2 parents 7f20573 + 7be1390
commit 1ff747f
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 16 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                php: [7.4, 8.0, 8.1]
+                php: [7.4, 8.0, 8.1, 8.2, 8.3]
 
         steps:
             - name: Checkout

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,22 +1,62 @@
 # Change Log
 
-## 2016-08-14
+See https://github.com/slimphp/Slim-Csrf/releases for a full list
 
-Now supports "persistence mode", to persist a single CSRF name/value pair throughout the life of a user's session.  Added the following methods:
+## Next
 
-- `protected getLastKeyPair` - gets the most recently generated key/value pair from storage.
-- `protected loadLastKeyPair` - gets the most recently generated key/value pair from storage, and assign it to `$this->keyPair`.
-- `public setPersistentTokenMode`
-- `public getPersistentTokenMode`
+- Added: Support for PHP 8.2 and 8.3
 
-Note that if CSRF token validation fails, then the token should be renewed regardless of the persistence setting.
+## 1.4.0
 
-The methods `getTokenName` and `getTokenValue` now return `null` if `$this->keyPair` has not yet been set.
+- Added: Allow to set token name and value in header
 
-### Tests added:
+## 1.3.0
+
+- Added: Support for PSR-12
+- Added: Add XOR to token to avoid BREACH attack
+- Change: PHP 7.3 is no longer supported
+
+## 1.2.1
+
+- Added: Implement iterator support for getLastKeyPair
+
+## 1.2.0
+
+- Added: Support PHP 8
+- Changed: Remove support for PHP 7.1 and 7.2
+
+## 1.1.0
+
+- Changed: `remoteTokenFromStorage()` is now public
+- Changed: Don't allow token in the body of a GET request
+- Fixed: Prevent replay attack by removing token on valdiation
+
+## 1.0.0
+
+- Added: PSR-15 support
+
+## 0.8.3
+
+ - Fixed: Widen random_compat constraint in composer.json
+
+## 0.8.2
+
+- Fixed: Attach token name and value to request when persist mode is on
+
+## 0.8.1
+
+- Fixed: Default stroageis now $_SESSION again
+
+## 0.8.0
+
+- Added: Now supports "persistence mode", to persist a single CSRF name/value pair throughout the life of a user's session.  Added the following methods:
+
+  - `protected getLastKeyPair` - gets the most recently generated key/value pair from storage.
+  - `protected loadLastKeyPair` - gets the most recently generated key/value pair from storage, and assign it to `$this->keyPair`.
+  - `public setPersistentTokenMode`
+  - `public getPersistentTokenMode`
+
+  Note that if CSRF token validation fails, then the token should be renewed regardless of the persistence setting.
+
+  The methods `getTokenName` and `getTokenValue` now return `null` if `$this->keyPair` has not yet been set.
 
-- `testPersistenceModeTrueBetweenRequestsArray` - Token should persist between requests after initial creation, when stored in an array.
-- `testPersistenceModeTrueBetweenRequestsArrayAccess` - Token should persist between requests after initial creation, when stored in an ArrayObject.
-- `testPersistenceModeFalseBetweenRequestsArray` - Token should be changed between requests, when stored in an array.
-- `testPersistenceModeFalseBetweenRequestsArrayAccess` - Token should be changed between requests, when stored in an ArrayObject.
-- `testUpdateAfterInvalidTokenWithPersistenceModeTrue` - New token should be generated after an invalid request, even if persistence mode is enabled.
diff --git a/composer.json b/composer.json
@@ -18,7 +18,7 @@
     "require": {
         "php": "^7.4 || ^8.0",
         "psr/http-factory": "^1.0",
-        "psr/http-message": "^1.0",
+        "psr/http-message": "^1.0 || ^2.0",
         "psr/http-server-handler": "^1.0",
         "psr/http-server-middleware": "^1.0"
     },