All notable changes to this project will be documented in this file, in reverse chronological order by release.
3.7.0 - 2022-12-23
- Support for pre-release versions of
tuupola/callable-handler
(#233).
- PHP 7.2 is now the minimum requirement (#232).
3.6.0 - 2022-01-12
- Allow installing with latest versions of
psr/log
(#215).
3.5.2 - 2021-09-17
- Replace Zend Diactoros with Laminas Diactoros in unit tests (#209).
3.5.1 - 2020-10-28
- Bump minimum requirement of
tuupola/http-factory
to1.0.2
. This is to avoid Composer 2 installing the broken1.0.1
version which will also causepsr/http-factory
to be removed. (#193) (#194).
3.5.0 - 2020-09-24
- Possibility to use
ArrayAccess
objects as thesecret
(#174). - Given
regexp
is also used when extracting token from cookie (#171). - Allow installing with PHP 8 (#191).
3.4.0 - 2019-07-01
- Raw token to
before
andafter
arguments (#168).
- Cookie contents from debug log (#166).
3.3.0 - 2019-03-11
- Relaxed the typehinting of
error
,before
andafter
handlers fromClosure
tocallable
. This allows the usage of invokable classes and array notation callables in addition to anonymous functions.$middleware = new JwtAuthentication([ "secret" => "supersecretkeyyoushouldnotcommit", "error" => new SomeErrorHandler ]); $middleware = new JwtAuthentication([ "secret" => "supersecretkeyyoushouldnotcommit", "error" => [SomeErrorHandler::class, "error"] ]);
- The
error
handler now receives the request uri in the$arguments
array. This is a workaround for #96 which will be fixed in4.x
.$middleware = new JwtAuthentication([ "secret" => "supersecretkeyyoushouldnotcommit", "error" => function ($response, $arguments) { print_r(arguments["uri"]); } ]);
- Cookie was ignored if using
/(.*)/
as regexp and the configured header was missing from request (#156, #158).
3.2.0 - 2019-01-26
- Support for multiple secret keys. If an array of secret keys is given, middleware will choose the key based on
kid
claim in the token header.$middleware = new JwtAuthentication([ "secret" => [ "acme" =>"supersecretkeyyoushouldnotcommittogithub", "beta" =>"anothersecretkeyfornevertocommittogithub" ] ]);
{ "typ": "JWT", "alg": "HS256", "kid": "acme" }
3.1.1 - 2018-10-12
- Support for
tuupola/callable-handler:^1.0
andtuupola/http-factory:^1.0
.
3.1.0 - 2018-08-07
- Support for the stable version of PSR-17
3.0.0 - 2018-03-02
- Namespace changed from
Slim\Middleware
toTuupola\Middleware
- Middleware now uses only
Authorization
header or cookie from the PSR-7 request. TheHTTP_AUTHORIZATION
environment are now ignored. - The
callback
setting was renamed tobefore
. It is called before executing other middlewares in the stack. - The
passthrough
setting was renamed toignore
. - Public setter methods
addRule()
andwithRules()
are now immutable. - Error callback now receives only response and arguments, request was removed.
- Before callback now receives only request and arguments, response was removed.
- After callback now receives only response and arguments, request was removed.
- PHP 7.1 is now minimal requirement.
- The decoded token is now an array instead of object.
- Support for the approved version of PSR-15.
- New
after
callback. It is called after executing other middlewares in the stack.
- Most setters and getters for settings. Pass settings in an array only during initialization.