Add GitHub Actions CI, bump minimum PHP to 7.4 and WP to 6.5

.github/workflows/tests.yml

@@ -0,0 +1,83 @@
+name: Tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  phpunit:
+    name: PHP ${{ matrix.php }} / WP ${{ matrix.wp }}
+    runs-on: ubuntu-latest
+
+    services:
+      mysql:
+        image: mysql:8.0
+        env:
+          MYSQL_ROOT_PASSWORD: root
+          MYSQL_DATABASE: wordpress_test
+        ports:
+          - 3306:3306
+        options: >-
+          --health-cmd="mysqladmin ping"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=3
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php: ['7.4', '8.0', '8.1', '8.2', '8.3']
+        wp: ['6.5', '6.6', '6.7', '6.8', '6.9']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install SVN
+        run: sudo apt-get update -q && sudo apt-get install -y subversion
+
+      - name: Set up PHP ${{ matrix.php }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          tools: composer
+          coverage: none
+
+      - name: Cache Composer packages
+        uses: actions/cache@v4
+        with:
+          path: vendor
+          key: ${{ runner.os }}-php-${{ matrix.php }}-${{ hashFiles('composer.json') }}
+          restore-keys: ${{ runner.os }}-php-${{ matrix.php }}-
+
+      - name: Install Composer dependencies
+        run: composer install --prefer-dist --no-progress --no-interaction
+
+      - name: Install WordPress test suite
+        run: bash bin/install-wp-tests.sh wordpress_test root root 127.0.0.1:3306 ${{ matrix.wp }} true
+
+      - name: Run PHPUnit
+        run: vendor/bin/phpunit
+
+      - name: Run PHPUnit (multisite)
+        run: WP_MULTISITE=1 vendor/bin/phpunit
+
+  phpcs:
+    name: PHPCS
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          tools: composer
+          coverage: none
+
+      - name: Install Composer dependencies
+        run: composer install --prefer-dist --no-progress --no-interaction
+
+      - name: Run PHPCS
+        run: vendor/bin/phpcs

.phpcs.xml.dist

@@ -6,6 +6,7 @@
 	<file>.</file>
 	<exclude-pattern>/vendor/</exclude-pattern>
 	<exclude-pattern>/node_modules/</exclude-pattern>
+	<exclude-pattern>/tests/</exclude-pattern>
 
 	<!-- How to scan -->
 	<!-- Usage instructions: https://github.com/squizlabs/PHP_CodeSniffer/wiki/Usage -->
@@ -19,12 +20,13 @@
 	<!-- Rules: WordPress Coding Standards -->
 	<!-- https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards -->
 	<!-- https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Customizable-sniff-properties -->
-	<config name="minimum_supported_wp_version" value="4.8"/>
+	<config name="minimum_supported_wp_version" value="6.5"/>
 	<rule ref="WordPress">
 		<exclude name="Generic.Commenting" />
 		<exclude name="Generic.Arrays.DisallowShortArraySyntax" />
 		<exclude name="Squiz.Commenting" />
 		<exclude name="WordPress.DateTime.RestrictedFunctions.date_date" />
 		<exclude name="WordPress.NamingConventions.ValidHookName.UseUnderscores" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode" />
 	</rule>
 </ruleset>

composer.json

@@ -11,14 +11,21 @@
 	],
 	"require": {
 		"composer/installers": "~1.0",
-		"php": "^5.6.0||^7.0||^8.0"
+		"php": ">=7.4"
 	},
 	"require-dev": {
 		"squizlabs/php_codesniffer": "^3.3.1",
 		"wp-coding-standards/wpcs": "^2.1.1",
-		"dealerdirect/phpcodesniffer-composer-installer": "^0.5.0",
+		"dealerdirect/phpcodesniffer-composer-installer": "^1.0",
 		"phpcompatibility/phpcompatibility-wp": "^2.0",
-		"phpunit/phpunit": "^4.0 || ^5.0 || ^6.0"
+		"phpunit/phpunit": "^9.6",
+		"yoast/phpunit-polyfills": "^1.1 || ^2.0"
+	},
+	"config": {
+		"allow-plugins": {
+			"composer/installers": true,
+			"dealerdirect/phpcodesniffer-composer-installer": true
+		}
 	},
 	"scripts": {
 		"post-install-cmd": "\"vendor/bin/phpcs\" --config-set installed_paths vendor/wp-coding-standards/wpcs",

inc/endpoints/class-token.php

@@ -20,20 +20,21 @@ public function register_routes() {
 			'oauth2',
 			'/access_token',
 			[
-				'methods'  => 'POST',
-				'callback' => [ $this, 'exchange_token' ],
-				'args'     => [
-					'grant_type' => [
+				'methods'             => 'POST',
+				'callback'            => [ $this, 'exchange_token' ],
+				'permission_callback' => '__return_true',
+				'args'                => [
+					'grant_type'    => [
 						'required'          => true,
 						'type'              => 'string',
 						'validate_callback' => [ $this, 'validate_grant_type' ],
 					],
-					'client_id'  => [
+					'client_id'     => [
 						'required'          => false,
 						'type'              => 'string',
 						'validate_callback' => 'rest_validate_request_arg',
 					],
-					'code'       => [
+					'code'          => [
 						'required'          => false,
 						'type'              => 'string',
 						'validate_callback' => 'rest_validate_request_arg',
@@ -67,7 +68,7 @@ public function validate_grant_type( $type ) {
 	 * @return array|WP_Error Token data on success, or error on failure.
 	 */
 	public function exchange_token( WP_REST_Request $request ) {
-		if ( $request['grant_type'] === 'client_credentials' ) {
+		if ( 'client_credentials' === $request['grant_type'] ) {
 			return $this->handle_client_credentials( $request );
 		}
 
@@ -206,7 +207,7 @@ private function extract_client_credentials( WP_REST_Request $request ) {
 			$encoded = substr( $auth_header, 6 );
 			$decoded = base64_decode( $encoded, true );
 
-			if ( $decoded === false ) {
+			if ( false === $decoded ) {
 				return new WP_Error(
 					'oauth2.endpoints.token.invalid_request',
 					__( 'Invalid Authorization header.', 'oauth2' ),

inc/endpoints/namespace.php

@@ -23,8 +23,9 @@ function register() {
 		'oauth2',
 		'/authorize',
 		[
-			'methods'  => 'GET',
-			'callback' => __NAMESPACE__ . '\\redirect_to_authorize',
+			'methods'             => 'GET',
+			'callback'            => __NAMESPACE__ . '\\redirect_to_authorize',
+			'permission_callback' => '__return_true',
 		]
 	);
 }

inc/tokens/class-access-token.php

@@ -303,7 +303,7 @@ public static function create_for_client( ClientInterface $client, $meta = [] )
 	 * @return bool True if this is a client token, false otherwise.
 	 */
 	public function is_client_token() {
-		return $this->user === null;
+		return null === $this->user;
 	}
 
 	/**

phpunit.xml.dist

@@ -1,14 +1,13 @@
 <?xml version="1.0"?>
 <phpunit
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.6/phpunit.xsd"
 	bootstrap="tests/bootstrap.php"
 	backupGlobals="false"
 	colors="true"
-	convertErrorsToExceptions="true"
-	convertNoticesToExceptions="true"
-	convertWarningsToExceptions="true"
-	>
+>
 	<testsuites>
-		<testsuite>
+		<testsuite name="OAuth2">
 			<directory prefix="test-" suffix=".php">./tests/</directory>
 			<exclude>./tests/test-sample.php</exclude>
 		</testsuite>

tests/bootstrap.php

@@ -16,6 +16,9 @@
 	exit( 1 );
 }
 
+// PHPUnit Polyfills required by the WP test bootstrap since WP 5.9.
+define( 'WP_TESTS_PHPUNIT_POLYFILLS_PATH', dirname( __DIR__ ) . '/vendor/yoast/phpunit-polyfills' );
+
 // Give access to tests_add_filter() function.
 require_once $_tests_dir . '/includes/functions.php';
 

tests/class-test-case.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Shared base test case.
+ *
+ * @package WP\OAuth2\Tests
+ */
+
+namespace WP\OAuth2\Tests;
+
+use WP\OAuth2\Client;
+use WP_UnitTestCase;
+
+/**
+ * Base test case with helpers shared across all OAuth2 test classes.
+ */
+abstract class Test_Case extends WP_UnitTestCase {
+
+	/**
+	 * Create and approve a test client.
+	 *
+	 * @param array  $meta_overrides  Optional overrides for the client meta.
+	 * @param string $name            Client name.
+	 *
+	 * @return Client
+	 */
+	protected function create_client( array $meta_overrides = [], $name = 'Test Client' ) {
+		$data = [
+			'name'        => $name,
+			'description' => 'Test client description.',
+			'meta'        => array_merge(
+				[
+					'callback'                   => 'https://example.com/callback',
+					'type'                       => 'web',
+					'client_credentials_enabled' => false,
+				],
+				$meta_overrides
+			),
+		];
+
+		$client = Client::create( $data );
+		$this->assertInstanceOf( Client::class, $client, 'create_client helper: Client::create() must return a Client instance.' );
+		$client->approve();
+
+		return $client;
+	}
+}