Skip to content

Releases: eustasy/authenticatron

v4.1.1 - Oath with Patch 1

Choose a tag to compare

@lewisgoddard lewisgoddard released this 31 May 21:02
448ed72

Package Changes

BUGFIX: Authenticatron::getCode() now throws a RuntimeException if unpack() fails to decode the HMAC value, instead of silently continuing with an invalid result.
IMPROVEMENT: Authenticatron::makeSecret() now guards the requested length with max(1, $length), preventing random_bytes() from being called with a non-positive value.
IMPROVEMENT: Type-safety hardening across src/authenticatron.php to satisfy strict static analysis (PHPStan) — explicit string/int casts in the Base32 decode and code-generation paths,
plus array-shape PHPDoc annotations (@return array<int, string> and array{Secret: string, URL: string, QR: string|null}) on getCodesInRange() and new().

Supporting Changes

SECURITY: Set persist-credentials: false on actions/checkout in CI so the GITHUB_TOKEN is no longer persisted into the workspace and cannot leak through workflow artifacts.
SECURITY: Pin shivammathur/setup-php to a full commit SHA (accd6127… / v2.37.0) instead of the floating @v2 tag, hardening against supply-chain tampering of the action.
MAINTENANCE: Adopt the shared eustasy/.Normal tooling baseline — .editorconfig, .vscode settings, qlty configs, and css / markdown / php / security / test workflows.
MAINTENANCE: Migrate test reporting to qlty.sh; add a root phpunit.xml, retire the standalone test-composer.yml workflow, and surface maintainability/coverage badges in the README.
MAINTENANCE: Stop tracking composer.lock (this is a library, not an application).
MAINTENANCE: Format the codebase with php-cs-fixer and markdownlint.

Full Changelog: v4.1.0...v4.1.1

v4.1.0 - Oath

Choose a tag to compare

@lewisgoddard lewisgoddard released this 03 May 15:11
9fcb68c

Package Changes

BUGFIX: Authenticatron::getCode() timestamp override now correctly expects a raw time() unix timestamp, converting to 30-second time steps internally. Previously the caller was expected to pre-divide by 30, making overrides inconsistent.
BUGFIX: Authenticatron::getCodesInRange() loop now offsets by $i * 30 seconds rather than $i time steps, matching the corrected getCode() behaviour.
IMPROVEMENT: Authenticatron::makeSecret() now requires PHP >= 8.2 and uses random_bytes() exclusively, removing OpenSSL and mcrypt fallbacks. Return type tightened from ?string to string.
IMPROVEMENT: Authenticatron::new() simplified — null-secret guard removed now that makeSecret() always returns a string.

Supporting Changes

BUGFIX: Fix broken LICENSE.md link in footer
BUGFIX: Fix multiple typos in documentation and index page
IMPROVEMENT: Expand test suite with coverage for custom secret length, secret uniqueness, URL special-character stripping, QR data URI format, code determinism, range keys, invalid code rejection, and new() output
MAINTENANCE: Remove OpenSSL and mcrypt fallback UI from documentation.php and server.php
MAINTENANCE: Remove legacy linting config files (CodeClimate, ESLint, stylelint, mdlrc)
MAINTENANCE: Remove unused .github/workflows/normal.yml workflow
MAINTENANCE: Expand PHP test matrix to include 8.4, 8.5, and 8.6
MAINTENANCE: Update CI action versions and switch Dependabot to monthly grouped updates
MAINTENANCE: Update copyright year to 2026

Full Changelog: v4.0.1...v4.1.0

v4.0.1 - Inauguration with Patch 1

Choose a tag to compare

@lewisgoddard lewisgoddard released this 31 Mar 12:49
0704440

Package Changes

IMPROVEMENT: Authenticatron::getUrl() now strips a wider array of non-compliant characters for better reliability with 2fa apps.
BUGFIX: Authenticatron::new() now handles not having a secure source by returning null and an error message, instead of returning a URL and QR Code for a null value secret.

Supporting Changes

FEATURE: Optimise docs for mobile
BUGFIX: Fix colors in documentation
MAINTENANCE: Better accessibility in docs
MAINTENANCE: Update Iconography

v4 - Inauguration

Choose a tag to compare

@lewisgoddard lewisgoddard released this 14 Mar 10:09
d6b8493
composer require eustasy/authenticatron

IMPROVEMENT: Launch Composer package: https://packagist.org/packages/eustasy/authenticatron
MAINTENANCE: Drop PHPQRCode for jysperu/PHP-QR-Code
MAINTENANCE: Add PHP Unit tests with PHPUnit
DEPRECATED: Remove deprecated mcrypt library
NOTE: Updated eustasy/.Normal to 3.0
NOTE: Removed Codacy, Travis-CI
NOTE: Regular testing against PHP 8.3, 8.2, 8.1, 8.0

v3 - Establishment - with Patch 6 [Better PHP 7.2 Support]

Choose a tag to compare

@lewisgoddard lewisgoddard released this 25 Apr 22:13
4fcd094
  • MAINTENANCE: Support new random_bytes to replace deprecated mcrypt library
  • NOTE: Updated NC to 1.10.0
  • NOTE: Updated license for detection
  • NOTE: Updated badges
  • NOTE: Added a Code of Conduct

Establishment - with Patch 5

Choose a tag to compare

@lewisgoddard lewisgoddard released this 27 Sep 22:53
  • IMPROVEMENT: Better passing of variables/defaults.
  • IMPROVEMENT: Update SSL documentation.
  • IMPROVEMENT: Update documentation for PHP versions.
  • NOTE: Add NC 1.7
  • NOTE: Fix spelling errors.

Establishment - with Patch 4 [Documentation]

Choose a tag to compare

@lewisgoddard lewisgoddard released this 27 Jan 15:34
  • FEATURE: Create a nice homepage with only necessary functions.
  • IMPROVEMENT: Combine the examples and documentation page.
  • IMPROVEMENT: Expand the Glossary
  • IMPROVEMENT: Move all TODOs to Issue Tracker
  • IMPROVEMENT: Add source and glossary to navigation.

Establishment - with Patch 3

Choose a tag to compare

@lewisgoddard lewisgoddard released this 26 May 21:36
  • BUGFIX: Remove unused variable.

Establishment - with Patch 2

Choose a tag to compare

@lewisgoddard lewisgoddard released this 26 May 21:34
  • BUGFIX: Undefined variable.

Establishment - with Patch 1

Choose a tag to compare

@lewisgoddard lewisgoddard released this 04 Mar 18:52
  • BUGFIX: Unused variable.
  • BUGFIX: Uncached count.