Skip to content

Commit

Permalink
Merge pull request #138 from cultuurnet/cultuurnet/III-6082/upgrade-a…
Browse files Browse the repository at this point in the history 
…uth0

III-6082 upgrade auth0 to 8.3 - last version that works on php 7.1 and php 8.0
  • Loading branch information
@grubolsch
grubolsch authored Mar 27, 2024
2 parents 508a3f2 + 1c77168 commit f6eb80f
Show file tree
Hide file tree
Showing 43 changed files with 1,505 additions and 1,146 deletions.
16 changes: 11 additions & 5 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
php-versions: ['7.4']
php-versions: ['7.4', '8.0']
name: PHP ${{ matrix.php-versions }}
steps:
- name: 📤 Checkout project
Expand Down Expand Up @@ -44,15 +44,18 @@ jobs:

cs:
runs-on: ubuntu-latest
name: Code style (PHP 7.4)
strategy:
matrix:
php-versions: [ '7.4', '8.0' ]
name: Code style (PHP ${{ matrix.php-versions }})
steps:
- name: 📤 Checkout project
uses: actions/checkout@v2

- name: 🐘 Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: 7.4
php-version: ${{ matrix.php-versions }}
tools: composer

- name: 📩 Cache Composer packages
Expand All @@ -73,15 +76,18 @@ jobs:

phpstan:
runs-on: ubuntu-latest
name: Static analysis (PHP 7.4)
strategy:
matrix:
php-versions: [ '7.4', '8.0' ]
name: Static analysis (PHP ${{ matrix.php-versions }})
steps:
- name: 📤 Checkout project
uses: actions/checkout@v2

- name: 🐘 Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: 7.4
php-version: ${{ matrix.php-versions }}
tools: composer

- name: 📩 Cache Composer packages
Expand Down
175 changes: 75 additions & 100 deletions app/ActionServiceProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,28 +16,23 @@
use CultuurNet\UDB3\JwtProvider\Domain\Action\RequestToken;
use CultuurNet\UDB3\JwtProvider\Domain\Factory\ResponseFactoryInterface;
use CultuurNet\UDB3\JwtProvider\Domain\Repository\ClientInformationRepositoryInterface;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractClientInformationFromRequest;
use CultuurNet\UDB3\JwtProvider\Domain\Service\LoginServiceInterface;
use CultuurNet\UDB3\JwtProvider\Domain\Service\GenerateAuthorizedDestinationUrl;
use CultuurNet\UDB3\JwtProvider\Domain\Service\LoginServiceInterface;
use CultuurNet\UDB3\JwtProvider\Domain\Service\LogOutServiceInterface;
use CultuurNet\UDB3\JwtProvider\Domain\Service\RefreshServiceInterface;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Factory\SlimResponseFactory;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Repository\SessionClientInformation;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractClientInformationFromRequest;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractLocaleFromRequest;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\IsAllowedRefreshToken;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LoginAuth0Adapter;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LogOutAuth0Adapter;
use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\RefreshAuth0Adapter;
use Firebase\JWT\JWT;
use GuzzleHttp\Client;
use Slim\Psr7\Factory\UriFactory;

final class ActionServiceProvider extends BaseServiceProvider
{
// @see https://community.auth0.com/t/help-with-leeway-setting-using-auth0-php/14657
// @see https://community.auth0.com/t/help-with-leeway-setting-using-auth0-php/14657/7
private const JWT_IAT_LEEWAY = 30;

/**
* @var string[]
*/
Expand All @@ -54,136 +49,118 @@ public function register(): void
{
$this->addShared(
RequestToken::class,
function () {
return new RequestToken(
$this->get(ExtractClientInformationFromRequest::class),
$this->get(LoginServiceInterface::class),
$this->get(ClientInformationRepositoryInterface::class),
$this->get(ExtractLocaleFromRequest::class)
);
}
fn (): RequestToken => new RequestToken(
$this->get(ExtractClientInformationFromRequest::class),
$this->get(LoginServiceInterface::class),
$this->get(ClientInformationRepositoryInterface::class),
$this->get(ExtractLocaleFromRequest::class)
)
);

$this->addShared(
Authorize::class,
function () {
return new Authorize(
$this->get(LoginServiceInterface::class),
new GenerateAuthorizedDestinationUrl(),
$this->get(ResponseFactoryInterface::class),
$this->get(ClientInformationRepositoryInterface::class)
);
}
fn (): Authorize => new Authorize(
$this->get(LoginServiceInterface::class),
new GenerateAuthorizedDestinationUrl(),
$this->get(ResponseFactoryInterface::class),
$this->get(ClientInformationRepositoryInterface::class)
)
);

$this->addShared(
RequestLogout::class,
function () {
return new RequestLogout(
$this->get(ExtractClientInformationFromRequest::class),
$this->get(LogOutServiceInterface::class),
$this->get(ClientInformationRepositoryInterface::class)
);
}
fn (): RequestLogout => new RequestLogout(
$this->get(ExtractClientInformationFromRequest::class),
$this->get(LogOutServiceInterface::class),
$this->get(ClientInformationRepositoryInterface::class)
)
);

$this->addShared(
LogOut::class,
function () {
return new LogOut(
$this->get(ClientInformationRepositoryInterface::class),
$this->get(ResponseFactoryInterface::class)
);
}
fn (): LogOut => new LogOut(
$this->get(ClientInformationRepositoryInterface::class),
$this->get(ResponseFactoryInterface::class)
)
);

$this->addShared(
Refresh::class,
function () {
return new Refresh(
$this->get(ResponseFactoryInterface::class),
$this->get(RefreshServiceInterface::class)
);
}
fn (): Refresh => new Refresh(
$this->get(ResponseFactoryInterface::class),
$this->get(RefreshServiceInterface::class)
)
);

$this->addShared(
LogOutServiceInterface::class,
function () {
return new LogOutAuth0Adapter(
$this->get(Auth0::class),
new Authentication(
$this->parameter('auth0.domain'),
$this->parameter('auth0.client_id'),
$this->parameter('auth0.client_secret')
),
$this->get(ResponseFactoryInterface::class),
new UriFactory(),
$this->parameter('auth0.log_out_uri'),
$this->parameter('auth0.client_id')
);
}
fn (): LogOutAuth0Adapter => new LogOutAuth0Adapter(
$this->get(Auth0::class),
new Authentication(
[
'domain' => $this->parameter('auth0.domain'),
'clientId' => $this->parameter('auth0.client_id'),
'clientSecret' => $this->parameter('auth0.client_secret'),
'cookieSecret' => $this->parameter('auth0.cookie_secret'),
]
),
$this->get(ResponseFactoryInterface::class),
new UriFactory(),
$this->parameter('auth0.log_out_uri'),
$this->parameter('auth0.client_id')
)
);

$this->addShared(
ResponseFactoryInterface::class,
function () {
return new SlimResponseFactory();
}
fn (): SlimResponseFactory => new SlimResponseFactory()
);

$this->addShared(
LoginServiceInterface::class,
function () {
return new LoginAuth0Adapter(
$this->get(Auth0::class)
);
}
fn (): LoginAuth0Adapter => new LoginAuth0Adapter(
$this->get(Auth0::class)
)
);

$this->addShared(
RefreshServiceInterface::class,
function () {
return new RefreshAuth0Adapter(
new Client(),
$this->parameter('auth0.client_id'),
$this->parameter('auth0.client_secret'),
$this->parameter('auth0.domain')
);
}
fn (): RefreshAuth0Adapter => new RefreshAuth0Adapter(
new Client(),
$this->parameter('auth0.client_id'),
$this->parameter('auth0.client_secret'),
$this->parameter('auth0.domain')
)
);

$this->addShared(
Auth0::class,
function () {
JWT::$leeway = self::JWT_IAT_LEEWAY;
return new Auth0(
[
'domain' => $this->parameter('auth0.domain'),
'client_id' => $this->parameter('auth0.client_id'),
'client_secret' => $this->parameter('auth0.client_secret'),
'redirect_uri' => $this->parameter('auth0.redirect_uri'),
'scope' => 'openid email profile offline_access',
'persist_id_token' => true,
'persist_refresh_token' => true,
]
);
}
fn (): Auth0 => new Auth0(
[
'domain' => $this->parameter('auth0.domain'),
'clientId' => $this->parameter('auth0.client_id'),
'clientSecret' => $this->parameter('auth0.client_secret'),
'redirectUri' => $this->parameter('auth0.redirect_uri'),
'scope' => ['openid','email','profile','offline_access'],
'persistIdToken' => true,
'persistRefreshToken' => true,
'tokenLeeway' => $this->parameter('auth0.id_token_leeway'),
'cookieSecret' => $this->parameter('auth0.cookie_secret'),
]
)
);

$this->addShared(
IsAllowedRefreshToken::class,
function () {
return new IsAllowedRefreshToken(
$this->get(ConsumerReadRepositoryInterface::class),
(string) $this->parameter('auth0.allowed_refresh_permission')
);
}
fn (): IsAllowedRefreshToken => new IsAllowedRefreshToken(
$this->get(ConsumerReadRepositoryInterface::class),
(string)$this->parameter('auth0.allowed_refresh_permission')
)
);

$this->addShared(
ClientInformationRepositoryInterface::class,
function () {
function (): SessionClientInformation {
$session = $this->get(Session::class);
$segment = $session->getSegment(ClientInformationRepositoryInterface::class);
return new SessionClientInformation(
Expand All @@ -194,13 +171,11 @@ function () {

$this->addShared(
ExtractClientInformationFromRequest::class,
function () {
return new ExtractClientInformationFromRequest(
new UriFactory(),
$this->get(ApiKeyReaderInterface::class),
$this->get(IsAllowedRefreshToken::class)
);
}
fn (): ExtractClientInformationFromRequest => new ExtractClientInformationFromRequest(
new UriFactory(),
$this->get(ApiKeyReaderInterface::class),
$this->get(IsAllowedRefreshToken::class)
)
);
}
}
13 changes: 6 additions & 7 deletions app/ApiGuardServiceProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

namespace CultuurNet\UDB3\JwtProvider;

use CultureFeed_DefaultOAuthClient;
use CultureFeed;
use CultuurNet\UDB3\ApiGuard\ApiKey\Reader\ApiKeyReaderInterface;
use CultuurNet\UDB3\ApiGuard\ApiKey\Reader\CompositeApiKeyReader;
Expand All @@ -26,11 +27,11 @@ final class ApiGuardServiceProvider extends BaseServiceProvider
/**
* @inheritDoc
*/
public function register()
public function register(): void
{
$this->addShared(
ApiKeyReaderInterface::class,
function () {
function (): CompositeApiKeyReader {
$queryReader = new QueryParameterApiKeyReader('apiKey');
$headerReader = new CustomHeaderApiKeyReader('X-Api-Key');

Expand All @@ -43,15 +44,13 @@ function () {

$this->addShared(
ConsumerReadRepositoryInterface::class,
function () {
return new CultureFeedConsumerReadRepository($this->get(ICultureFeed::class));
}
fn (): CultureFeedConsumerReadRepository => new CultureFeedConsumerReadRepository($this->get(ICultureFeed::class))
);

$this->addShared(
ICultureFeed::class,
function () {
$oauthClient = new \CultureFeed_DefaultOAuthClient(
function (): CultureFeed {
$oauthClient = new CultureFeed_DefaultOAuthClient(
$this->parameter('uitid.consumer.key'),
$this->parameter('uitid.consumer.secret')
);
Expand Down
8 changes: 3 additions & 5 deletions app/Error/ApiExceptionHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

namespace CultuurNet\UDB3\JwtProvider\Error;

use Throwable;
use CultuurNet\UDB3\JwtProvider\Domain\Exception\JwtProviderExceptionInterface;
use Fig\Http\Message\StatusCodeInterface;
use Laminas\HttpHandlerRunner\Emitter\EmitterInterface;
Expand All @@ -13,10 +14,7 @@

final class ApiExceptionHandler extends Handler
{
/**
* @var EmitterInterface
*/
private $emitter;
private EmitterInterface $emitter;

public function __construct(EmitterInterface $emitter)
{
Expand All @@ -34,7 +32,7 @@ public function handle(): ?int
return Handler::QUIT;
}

private function generateResponse(\Throwable $exception): ResponseInterface
private function generateResponse(Throwable $exception): ResponseInterface
{
if ($exception instanceof JwtProviderExceptionInterface) {
$response = new Response(StatusCodeInterface::STATUS_BAD_REQUEST);
Expand Down
5 changes: 1 addition & 4 deletions app/Error/ErrorLoggerHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,7 @@ final class ErrorLoggerHandler extends Handler
JwtProviderExceptionInterface::class,
];

/**
* @var LoggerInterface
*/
private $logger;
private LoggerInterface $logger;

public function __construct(LoggerInterface $logger)
{
Expand Down
Loading

0 comments on commit f6eb80f

Please sign in to comment.