Raise supported php version to 8.1+ and symfony version to 6.x, drop …

…support for older versions

.github/workflows/build.yml

@@ -0,0 +1,61 @@
+# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
+
+name: "Build"
+
+on:
+  pull_request:
+    branches:
+      - "v*.*"
+  push:
+    branches:
+      - "v*.*"
+
+jobs:
+  tests:
+    name: "Tests"
+
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        php-version:
+          - "8.1"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          php-version: "${{ matrix.php-version }}"
+          extensions: mbstring
+
+      - name: "Cache dependencies"
+        uses: "actions/cache@v2"
+        with:
+          path: "~/.composer/cache"
+          key: "php-${{ matrix.php-version }}-composer-${{ hashFiles('**/composer.json') }}"
+          restore-keys: "php-${{ matrix.php-version }}-composer-"
+
+      - name: "Install dependencies"
+        run: "composer update --prefer-dist --no-interaction --no-progress --no-suggest"
+
+      - name: "Security Checker"
+        run: |
+          wget -O local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/latest/download/local-php-security-checker_1.2.0_linux_amd64
+          chmod +x local-php-security-checker
+          ./local-php-security-checker
+
+      - name: "Code Style"
+        run: |
+          wget -O php-cs-fixer https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases/latest/download/php-cs-fixer.phar
+          chmod a+x php-cs-fixer
+          ./php-cs-fixer fix --dry-run --stop-on-violation --using-cache=no
+
+      - name: "Static Analysis"
+        run: "vendor/bin/phpstan"
+
+      - name: "Tests"
+        run: "vendor/bin/behat"

.php_cs.dist → .php-cs-fixer.dist.php

@@ -16,7 +16,7 @@
     ->in(__DIR__.'/Tests')
 ;
 
-return PhpCsFixer\Config::create()
+return (new PhpCsFixer\Config())
     ->setRules([
         '@PSR1' => true,
         '@PSR2' => true,
@@ -55,7 +55,7 @@
             'comment_type' => 'all_multiline',
         ],
         'php_unit_test_annotation' => [
-            'case' => 'snake',
+            //'case' => 'snake',
             'style' => 'annotation',
         ],
         'php_unit_test_case_static_method_calls' => true,

Checker/AlgHeaderChecker.php

@@ -16,7 +16,6 @@
 use function is_string;
 use Jose\Component\Checker\HeaderChecker;
 use Jose\Component\Checker\InvalidHeaderException;
-use function Safe\sprintf;
 
 final class AlgHeaderChecker implements HeaderChecker
 {

Checker/EncHeaderChecker.php

@@ -16,7 +16,6 @@
 use function is_string;
 use Jose\Component\Checker\HeaderChecker;
 use Jose\Component\Checker\InvalidHeaderException;
-use function Safe\sprintf;
 
 final class EncHeaderChecker implements HeaderChecker
 {

Checker/IssuerChecker.php

@@ -16,7 +16,6 @@
 use Exception;
 use Jose\Component\Checker\ClaimChecker;
 use Jose\Component\Checker\HeaderChecker;
-use function Safe\sprintf;
 
 final class IssuerChecker implements ClaimChecker, HeaderChecker
 {

DependencyInjection/Configuration.php

@@ -30,6 +30,8 @@ public function getConfigTreeBuilder(): TreeBuilder
         if (!$rootNode instanceof ArrayNodeDefinition) {
             throw new RuntimeException('Invalid root node');
         }
+
+        // @phpstan-ignore-next-line
         $rootNode
             ->validate()
             ->ifTrue(static function (array $config): bool {
@@ -97,6 +99,7 @@ public function getConfigTreeBuilder(): TreeBuilder
 
     private function addEncryptionSection(ArrayNodeDefinition $node): void
     {
+        // @phpstan-ignore-next-line
         $node
             ->addDefaultsIfNotSet()
             ->children()

DependencyInjection/SpomkyLabsLexikJoseExtension.php

@@ -27,7 +27,7 @@ final class SpomkyLabsLexikJoseExtension extends Extension implements PrependExt
     /**
      * {@inheritdoc}
      */
-    public function getAlias()
+    public function getAlias(): string
     {
         return 'lexik_jose';
     }
@@ -74,8 +74,8 @@ public function loadEncryptionServices(ContainerBuilder $container): void
 
     public function prepend(ContainerBuilder $container): void
     {
-        $isDebug = $container->getParameter('kernel.debug');
-        $bridgeConfig = current($container->getExtensionConfig($this->getAlias()));
+        $isDebug = (bool) $container->getParameter('kernel.debug');
+        $bridgeConfig = (array) current($container->getExtensionConfig($this->getAlias()));
         if (!array_key_exists('claim_checked', $bridgeConfig)) {
             $bridgeConfig['claim_checked'] = [];
         }

Encoder/LexikJoseEncoder.php

@@ -13,7 +13,6 @@
 
 namespace SpomkyLabs\LexikJoseBundle\Encoder;
 
-use Base64Url\Base64Url;
 use Exception;
 use function is_string;
 use Jose\Component\Checker\ClaimCheckerManager;
@@ -33,7 +32,7 @@
 use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTDecodeFailureException;
 use Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTEncodeFailureException;
-use function Safe\sprintf;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 
 /**
  * Json Web Token encoder/decoder.
@@ -234,6 +233,7 @@ public function decode($token): array
                     $reason = JWTDecodeFailureException::EXPIRED_TOKEN;
 
                     break;
+
                 default:
                     $reason = JWTDecodeFailureException::INVALID_TOKEN;
             }
@@ -311,7 +311,7 @@ private function verify(string $token): array
     private function getAdditionalPayload(): array
     {
         return [
-            'jti' => Base64Url::encode(random_bytes(64)),
+            'jti' => Base64UrlSafe::encode(random_bytes(64)),
             'exp' => time() + $this->ttl,
             'iat' => time(),
             'iss' => $this->issuer,

Resources/config/services.php

@@ -16,7 +16,7 @@
 use SpomkyLabs\LexikJoseBundle\Checker\AlgHeaderChecker;
 use SpomkyLabs\LexikJoseBundle\Encoder\LexikJoseEncoder;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
-use function Symfony\Component\DependencyInjection\Loader\Configurator\ref;
+use function Symfony\Component\DependencyInjection\Loader\Configurator\service;
 
 return static function (ContainerConfigurator $container): void {
     $container = $container->services()->defaults()
@@ -27,11 +27,11 @@
 
     $container->set(LexikJoseEncoder::class)
         ->args([
-            ref('jose.jws_builder.lexik_jose'),
-            ref('jose.jws_verifier.lexik_jose'),
-            ref('jose.claim_checker.lexik_jose'),
-            ref('jose.header_checker.lexik_jose_signature'),
-            ref('jose.key_set.lexik_jose_bridge.signature'),
+            service('jose.jws_builder.lexik_jose'),
+            service('jose.jws_verifier.lexik_jose'),
+            service('jose.claim_checker.lexik_jose'),
+            service('jose.header_checker.lexik_jose_signature'),
+            service('jose.key_set.lexik_jose_bridge.signature'),
             '%lexik_jose_bridge.encoder.key_index%',
             '%lexik_jose_bridge.encoder.signature_algorithm%',
             '%lexik_jose_bridge.encoder.issuer%',

Tests/Bundle/TestBundle/Controller/ApiController.php

@@ -17,6 +17,7 @@
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 
 /**
  * @Route("/api")
@@ -26,13 +27,13 @@ final class ApiController extends AbstractController
     /**
      * @Route("/anonymous")
      */
-    public function anonymousAction(): Response
+    public function anonymousAction(TokenStorageInterface $tokenStorage): Response
     {
-        $user = $this->getUser();
+        $user = $tokenStorage->getToken()?->getUser();
         if (null === $user) {
             $message = 'Hello anonymous!';
         } else {
-            $message = "Hello {$user->getUsername()}!";
+            $message = "Hello {$user->getUserIdentifier()}!";
         }
 
         return new Response($message);
@@ -42,10 +43,10 @@ public function anonymousAction(): Response
      * @Route("/hello")
      * @IsGranted("ROLE_USER")
      */
-    public function helloAction(): Response
+    public function helloAction(TokenStorageInterface $tokenStorage): Response
     {
-        $user = $this->getUser();
-        $message = "Hello {$user->getUsername()}!";
+        $user = $tokenStorage->getToken()?->getUser();
+        $message = "Hello {$user->getUserIdentifier()}!";
 
         return new Response($message);
     }
@@ -54,10 +55,10 @@ public function helloAction(): Response
      * @Route("/admin")
      * @IsGranted("ROLE_ADMIN")
      */
-    public function adminAction(): Response
+    public function adminAction(TokenStorageInterface $tokenStorage): Response
     {
-        $user = $this->getUser();
-        $message = "Hello {$user->getUsername()}!";
+        $user = $tokenStorage->getToken()?->getUser();
+        $message = "Hello {$user->getUserIdentifier()}!";
 
         return new Response($message);
     }

Tests/Bundle/TestBundle/Controller/LoginController.php

@@ -16,16 +16,16 @@
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 
 final class LoginController extends AbstractController
 {
     /**
      * @Route("/login", name="login")
      * @Template
      */
-    public function loginAction(): array
+    public function loginAction(AuthenticationUtils $authenticationUtils): array
     {
-        $authenticationUtils = $this->get('security.authentication_utils');
         $error = $authenticationUtils->getLastAuthenticationError();
         $lastUsername = $authenticationUtils->getLastUsername();