Merge pull request #9 from bedita/refactor/update-lcobucci-jwt-library

Various cleanup
bedita · Aug 31, 2022 · d75163b · d75163b
2 parents 1081c3c + 793691c
commit d75163b
Show file tree

Hide file tree

Showing 9 changed files with 113 additions and 56 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -22,7 +22,7 @@ jobs:
       - name: 'Setup PHP'
         uses: 'shivammathur/setup-php@v2'
         with:
-          php-version: '7.4'
+          php-version: '8.1'
           tools: 'composer'
           extensions: 'mbstring, intl'
           coverage: 'none'
@@ -58,7 +58,7 @@ jobs:
       - name: 'Setup PHP'
         uses: 'shivammathur/setup-php@v2'
         with:
-          php-version: '7.4'
+          php-version: '8.1'
           tools: 'composer'
           extensions: 'mbstring, intl'
           coverage: 'none'
@@ -144,3 +144,40 @@ jobs:
           name: 'PHP ${{ matrix.php }}'
           path: 'clover.xml'
 
+  unit-lowest:
+    name: 'Run unit tests with lowest-matching dependencies versions'
+    if: "!contains(github.event.commits[0].message, '[skip ci]') && !contains(github.event.commits[0].message, '[ci skip]')"
+    runs-on: 'ubuntu-20.04'
+
+    steps:
+      - name: 'Checkout current revision'
+        uses: 'actions/checkout@v2'
+
+      - name: 'Setup PHP'
+        uses: 'shivammathur/setup-php@v2'
+        with:
+          php-version: '7.4'
+          tools: 'composer'
+          extensions: 'mbstring, intl'
+
+      - name: 'Discover Composer cache directory'
+        id: 'cachedir'
+        run: 'echo "::set-output name=path::$(composer global config cache-dir)"'
+
+      - name: 'Share Composer cache across runs'
+        uses: 'actions/cache@v2'
+        with:
+          path: '${{ steps.cachedir.outputs.path }}'
+          key: "composer-lowest-${{ hashFiles('**/composer.json') }}"
+          restore-keys: |
+            composer-lowest-
+            composer-
+
+      - name: 'Update dependencies with Composer'
+        run: 'composer update --prefer-lowest --prefer-dist --no-interaction'
+
+      - name: 'Dump Composer autoloader'
+        run: 'composer dump-autoload --classmap-authoritative --no-cache'
+
+      - name: 'Run PHPUnit'
+        run: 'vendor/bin/phpunit'
diff --git a/codecov.yml b/codecov.yml
@@ -0,0 +1,16 @@
+---
+codecov:
+  require_ci_to_pass: true
+  notify:
+    after_n_builds: 3
+
+coverage:
+  precision: 1
+  round: down
+  range: "85...100"
+
+comment:
+  layout: "reach,diff,flags,files,footer"
+  behavior: default
+  require_changes: no
+  after_n_builds: 2
diff --git a/composer.json b/composer.json
@@ -8,17 +8,18 @@
         "aws/aws-sdk-php": "^3.222",
         "bedita/core": "^5.0.0",
         "cakephp/cakephp": "^4.4.1",
-        "lcobucci/jwt": "^4.1.5",
+        "lcobucci/jwt": "^4.2.1",
         "league/flysystem": "^2.4.3",
         "league/flysystem-aws-s3-v3": "^2.4.3",
         "guzzlehttp/guzzle": "^7.4"
     },
     "require-dev": {
         "cakephp/cakephp-codesniffer": "~4.5.1",
         "phpunit/phpunit": "^9.5",
-        "dms/phpunit-arraysubset-asserts": "^0.4",
-        "phpstan/phpstan": "^1.7.1",
-        "cakephp/authentication": "^2.9"
+        "phpstan/phpstan": "~1.8.2",
+        "cakephp/authentication": "^2.9",
+        "phpstan/extension-installer": "^1.1",
+        "phpstan/phpstan-phpunit": "^1.1"
     },
     "suggest": {
         "cakephp/authentication": "^2.9"
@@ -42,7 +43,8 @@
     "config": {
         "allow-plugins": {
             "cakephp/plugin-installer": true,
-            "dealerdirect/phpcodesniffer-composer-installer": true
+            "dealerdirect/phpcodesniffer-composer-installer": true,
+            "phpstan/extension-installer": true
         }
     }
 }
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
@@ -9,4 +9,8 @@
     <config name="installed_paths" value="../../cakephp/cakephp-codesniffer"/>
 
     <rule ref="CakePHP"/>
+
+    <rule ref="Generic.PHP.DeprecatedFunctions">
+        <type>warning</type>
+    </rule>
 </ruleset>
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -4,5 +4,6 @@ parameters:
   paths:
     - src
     - tests
+  phpVersion: 70400
   level: 8
   checkMissingIterableValueType: false
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -26,12 +26,8 @@
       <directory>tests/TestCase/</directory>
     </testsuite>
   </testsuites>
-  <!-- Setup a listener for fixtures -->
-  <listeners>
-    <listener class="Cake\TestSuite\Fixture\FixtureInjector">
-      <arguments>
-        <object class="Cake\TestSuite\Fixture\FixtureManager"/>
-      </arguments>
-    </listener>
-  </listeners>
+  <!-- Register extension for fixtures -->
+  <extensions>
+    <extension class="\Cake\TestSuite\Fixture\PHPUnitExtension" />
+  </extensions>
 </phpunit>
diff --git a/src/Authenticator/AlbAuthenticator.php b/src/Authenticator/AlbAuthenticator.php
@@ -27,10 +27,10 @@
 use GuzzleHttp\RequestOptions;
 use Lcobucci\Clock\FrozenClock;
 use Lcobucci\JWT\Encoding\JoseEncoder;
-use Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter;
 use Lcobucci\JWT\Signer\Ecdsa\Sha256;
 use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\Token\Parser as TokenParser;
+use Lcobucci\JWT\UnencryptedToken;
 use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
 use Lcobucci\JWT\Validation\Validator;
@@ -78,7 +78,7 @@ class AlbAuthenticator extends TokenAuthenticator
      *
      * @var array|null
      */
-    protected $payload = null;
+    protected ?array $payload = null;
 
     /**
      * Authenticates the identity based on a JWT token contained in a request.
@@ -185,19 +185,16 @@ function () use ($keyId): string {
      */
     protected function decodeToken(string $token): ?array
     {
-        $parser = new TokenParser(new JoseEncoder());
-        /** @var \Lcobucci\JWT\UnencryptedToken $jwt */
-        $jwt = $parser->parse($token);
-
+        $jwt = (new TokenParser(new JoseEncoder()))->parse($token);
         $kid = $jwt->headers()->get('kid');
-        if (empty($kid) || !is_string($kid)) {
+        if (empty($kid) || !is_string($kid) || !$jwt instanceof UnencryptedToken) {
             return null;
         }
 
         (new Validator())->assert(
             $jwt,
-            new SignedWith(new Sha256(new MultibyteStringConverter()), $this->getKey($kid)),
-            new LooseValidAt(new FrozenClock(FrozenTime::now()))
+            new SignedWith(Sha256::create(), $this->getKey($kid)),
+            new LooseValidAt(new FrozenClock(FrozenTime::now())),
         );
 
         return $jwt->claims()->all();