diff --git a/.github/workflows/test-bacon.yml b/.github/workflows/test-bacon.yml index a4903ad..82faaaf 100644 --- a/.github/workflows/test-bacon.yml +++ b/.github/workflows/test-bacon.yml @@ -10,10 +10,10 @@ jobs: strategy: matrix: - php-version: ['8.1', '8.2'] + php-version: ['8.2', '8.3'] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: shivammathur/setup-php@v2 with: diff --git a/.github/workflows/test-endroid.yml b/.github/workflows/test-endroid.yml index 23b3867..7312acb 100644 --- a/.github/workflows/test-endroid.yml +++ b/.github/workflows/test-endroid.yml @@ -10,11 +10,11 @@ jobs: strategy: matrix: - php-version: ['8.1', '8.2'] + php-version: ['8.2', '8.3'] endroid-version: ["^3","^4","^5"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: shivammathur/setup-php@v2 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a51e67e..e9564dc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,10 +10,10 @@ jobs: strategy: matrix: - php-version: ['8.1', '8.2'] + php-version: ['8.2', '8.3'] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: shivammathur/setup-php@v2 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 11c01b5..16c097d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # RobThree\TwoFactorAuth changelog +# Version 3.x + +## Breaking changes + +### PHP Version + +Version 3.x requires at least PHP 8.2. + +## Other changes + +* The new PHP attribute [SensitiveParameter](https://www.php.net/manual/en/class.sensitiveparameter.php) was added to the code, to prevent accidental leak of secrets in stack traces. + # Version 2.x ## Breaking changes diff --git a/README.md b/README.md index 30f56f6..a4c7a42 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ You can make use of the included [Endroid](https://robthree.github.io/TwoFactorA ## Requirements -* Requires PHP version >=8.1 +* Requires PHP version >=8.2 * [cURL](http://php.net/manual/en/book.curl.php) when using the provided `QRServerProvider` (default), `ImageChartsQRCodeProvider` or `QRicketProvider` but you can also provide your own QR-code provider. Optionally, you may need: diff --git a/composer.json b/composer.json index 25c8135..1a75fc5 100644 --- a/composer.json +++ b/composer.json @@ -27,7 +27,7 @@ "source": "https://github.com/RobThree/TwoFactorAuth" }, "require": { - "php": ">=8.1.0" + "php": ">=8.2.0" }, "require-dev": { "phpunit/phpunit": "^9", diff --git a/lib/TwoFactorAuth.php b/lib/TwoFactorAuth.php index 0133448..52d09ab 100644 --- a/lib/TwoFactorAuth.php +++ b/lib/TwoFactorAuth.php @@ -14,6 +14,7 @@ use RobThree\Auth\Providers\Time\ITimeProvider; use RobThree\Auth\Providers\Time\LocalMachineTimeProvider; use RobThree\Auth\Providers\Time\NTPTimeProvider; +use SensitiveParameter; // Based on / inspired by: https://github.com/PHPGangsta/GoogleAuthenticator // Algorithms, digits, period etc. explained: https://github.com/google/google-authenticator/wiki/Key-Uri-Format @@ -66,7 +67,7 @@ public function createSecret(int $bits = 80): string /** * Calculate the code with given secret and point in time */ - public function getCode(string $secret, ?int $time = null): string + public function getCode(#[SensitiveParameter] string $secret, ?int $time = null): string { $secretkey = $this->base32Decode($secret); @@ -104,7 +105,7 @@ public function verifyCode(string $secret, string $code, int $discrepancy = 1, ? /** * Get data-uri of QRCode */ - public function getQRCodeImageAsDataUri(string $label, string $secret, int $size = 200): string + public function getQRCodeImageAsDataUri(string $label, #[SensitiveParameter] string $secret, int $size = 200): string { if ($size <= 0) { throw new TwoFactorAuthException('Size must be > 0'); @@ -150,7 +151,7 @@ public function ensureCorrectTime(?array $timeproviders = null, int $leniency = /** * Builds a string to be encoded in a QR code */ - public function getQRText(string $label, string $secret): string + public function getQRText(string $label, #[SensitiveParameter] string $secret): string { return 'otpauth://totp/' . rawurlencode($label) . '?secret=' . rawurlencode($secret)