bug #522 Fix clock skew + deprecation message (chalasr)

This PR was squashed before being merged into the 2.x-dev branch (closes #522). Discussion ---------- Fix clock skew + deprecation message Commits ------- b6beaea Improve deprecation message when using the default encoder service 1b15394 Fix unused clock skew (bad rebase)
lexik · Jul 3, 2018 · 6650b79 · 6650b79
2 parents 6265991 + b6beaea
commit 6650b79
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 35 deletions.
diff --git a/DependencyInjection/LexikJWTAuthenticationExtension.php b/DependencyInjection/LexikJWTAuthenticationExtension.php
@@ -61,6 +61,11 @@ public function load(array $configs, ContainerBuilder $container)
         $container->setParameter('lexik_jwt_authentication.clock_skew', $config['clock_skew']);
         $container->setParameter('lexik_jwt_authentication.user_identity_field', $config['user_identity_field']);
         $encoderConfig = $config['encoder'];
+
+        if ('lexik_jwt_authentication.encoder.default' === $encoderConfig['service']) {
+            @trigger_error('Using "lexik_jwt_authentication.encoder.default" as encoder service is deprecated since LexikJWTAuthenticationBundle 2.5, use "lexik_jwt_authentication.encoder.lcobucci" (default) or your own encoder service instead.', E_USER_DEPRECATED);
+        }
+
         $container->setAlias('lexik_jwt_authentication.encoder', new Alias($encoderConfig['service'], true));
         $container->setAlias(JWTEncoderInterface::class, 'lexik_jwt_authentication.encoder');
         $container->setAlias(

diff --git a/Services/JWSProvider/LcobucciJWSProvider.php b/Services/JWSProvider/LcobucciJWSProvider.php
@@ -110,7 +110,7 @@ public function load($token)
             $payload[$claim->getName()] = $claim->getValue();
         }
 
-        return new LoadedJWS($payload, $this->verify($jws), null !== $this->ttl, $jws->getHeaders());
+        return new LoadedJWS($payload, $this->verify($jws), null !== $this->ttl, $jws->getHeaders(), $this->clockSkew);
     }
 
     private function getSignerForAlgorithm($signatureAlgorithm)

diff --git a/Tests/Functional/DependencyInjection/LexikJWTAuthenticationExtensionTest.php b/Tests/Functional/DependencyInjection/LexikJWTAuthenticationExtensionTest.php
@@ -5,7 +5,6 @@
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\LexikJWTAuthenticationExtension;
 use Lexik\Bundle\JWTAuthenticationBundle\Encoder\LcobucciJWTEncoder;
 use Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle;
-use Lexik\Bundle\JWTAuthenticationBundle\Services\JWSProvider\DefaultJWSProvider;
 use Lexik\Bundle\JWTAuthenticationBundle\Tests\Functional\TestCase;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
 use Symfony\Component\Config\FileLocator;
@@ -33,40 +32,18 @@ protected function setUp()
         }
     }
 
-    public function testEncoderConfiguration()
+    public function testEncoderAlias()
     {
-        /* @var \Symfony\Component\DependencyInjection\ContainerInterface */
-        $container          = static::$kernel->getContainer();
-        $encoderNamespace   = 'lexik_jwt_authentication.encoder';
-        $cryptoEngine       = $container->getParameter($encoderNamespace.'.crypto_engine');
-        $signatureAlgorithm = $container->getParameter($encoderNamespace.'.signature_algorithm');
-
-        $jwsProviderMock = $this
-            ->getMockBuilder(DefaultJWSProvider::class)
-            ->setConstructorArgs([
-                $container->get('lexik_jwt_authentication.key_loader'),
-                $cryptoEngine,
-                $signatureAlgorithm,
-                3600,
-                0,
-            ])
-            ->getMock();
-
-        $this->assertInstanceOf(LcobucciJWTEncoder::class, $container->get($encoderNamespace));
-
-        // The configured engine is the one used by the service
-        $this->assertAttributeEquals(
-            'openssl' == $cryptoEngine ? 'OpenSSL' : 'SecLib',
-            'cryptoEngine',
-            $jwsProviderMock
-        );
-
-        // The configured algorithm is the one used by the service
-        $this->assertAttributeEquals(
-            $signatureAlgorithm,
-            'signatureAlgorithm',
-            $jwsProviderMock
-        );
+        $this->assertInstanceOf(LcobucciJWTEncoder::class, static::$kernel->getContainer()->get('lexik_jwt_authentication.encoder'));
+    }
+
+    /**
+     * @group legacy
+     * @expectedDeprecation Using "lexik_jwt_authentication.encoder.default" as encoder service is deprecated since LexikJWTAuthenticationBundle 2.5, use "lexik_jwt_authentication.encoder.lcobucci" (default) or your own encoder service instead.
+     */
+    public function testDeprecatedDefaultEncoderService()
+    {
+        (new LexikJWTAuthenticationExtension())->load([['encoder' => ['service' => 'lexik_jwt_authentication.encoder.default']]], new ContainerBuilder());
     }
 
     public function testTokenExtractorsConfiguration()