From 8e4ac92c15a9e188cc89cc82be3fa55e888b8f75 Mon Sep 17 00:00:00 2001 From: Bizley Date: Sat, 28 Nov 2020 16:13:23 +0100 Subject: [PATCH 1/3] 2.0.1 --- .gitattributes | 3 ++ .github/dependabot.yml | 10 +++++ .github/workflows/tests.yml | 52 ++++++++++++++++++++++++ .travis.yml | 28 ------------- CODE_OF_CONDUCT.md | 76 +++++++++++++++++++++++++++++++++++ README.md | 5 ++- composer.json | 8 ++-- phpunit.xml.dist | 4 +- src/Jwt.php | 9 +++-- src/JwtHttpBearerAuth.php | 16 +++++--- tests/BearerTest.php | 35 +++++++++------- tests/HmacVerifyTest.php | 9 +++-- tests/RsaVerifyTest.php | 9 +++-- tests/SignerTestCase.php | 16 +++++--- tests/TokenValidationTest.php | 28 +++++++------ tests/UserIdentity.php | 4 +- tests/bootstrap.php | 2 +- 17 files changed, 228 insertions(+), 86 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/tests.yml delete mode 100644 .travis.yml create mode 100644 CODE_OF_CONDUCT.md diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..cb445a2 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +/.github export-ignore +/tests export-ignore +/phpunit.xml.dist export-ignore diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a83a73d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..39058ce --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,52 @@ +name: Tests + +on: + pull_request: + push: + branches: + - "2.x" + +jobs: + Infection: + name: PHP ${{ matrix.php }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: ['7.1', '7.2', '7.3', '7.4', '8.0'] + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Install PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + extensions: mbstring, intl, mysql + coverage: "none" + env: + COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }} + update: true + + - name: Get composer cache directory + id: composer-cache + run: echo "::set-output name=dir::$(composer config cache-files-dir)" + + - name: Cache composer dependencies + uses: actions/cache@v2.1.3 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} + restore-keys: ${{ runner.os }}-composer- + + - name: Install dependencies with PHP 8 + if: matrix.php == '8.0' + run: composer update --ignore-platform-reqs --prefer-dist --no-interaction --no-progress --optimize-autoloader + + - name: Install dependencies with PHP 7 + if: matrix.php == '7.4' + run: composer update --prefer-dist --no-interaction --no-progress --optimize-autoloader + + - name: Run PHPUnit + run: vendor/bin/phpunit diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 714e15a..0000000 --- a/.travis.yml +++ /dev/null @@ -1,28 +0,0 @@ -dist: trusty -sudo: false -group: edge -language: php -env: - global: - - DEFAULT_COMPOSER_FLAGS="--prefer-dist --no-interaction --no-progress --optimize-autoloader" - -cache: - directories: - - vendor - - $HOME/.composer/cache - -matrix: - fast_finish: true - include: - - php: 7.3 - - php: 7.2 - - php: 7.1 - -install: -- phpenv config-rm xdebug.ini || echo "xdebug is not installed" -- travis_retry composer self-update -- export PATH="$HOME/.composer/vendor/bin:$PATH" -- travis_retry composer install $DEFAULT_COMPOSER_FLAGS - -script: -- vendor/bin/phpunit --verbose $PHPUNIT_FLAGS diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..b0078e1 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at pawel@positive.codes. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/README.md b/README.md index 4f1bd65..1a76ff1 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ ![Latest Stable Version](https://img.shields.io/packagist/v/bizley/jwt.svg) [![Total Downloads](https://img.shields.io/packagist/dt/bizley/jwt.svg)](https://packagist.org/packages/bizley/jwt) ![License](https://img.shields.io/packagist/l/bizley/jwt.svg) -[![Build Status](https://travis-ci.org/bizley/yii2-jwt.svg?branch=master)](https://travis-ci.org/bizley/yii2-jwt) # JWT Integration For Yii 2 @@ -10,6 +9,8 @@ This extension provides the [JWT](https://github.com/lcobucci/jwt) integration f > This is fork of [sizeg/yii2-jwt](https://github.com/sizeg/yii2-jwt) package +This package uses lcobucci/jwt v3. For v4 install `bizley/jwt:^3.0`. + ## Installation Add the package to your `composer.json`: @@ -67,4 +68,4 @@ Please refer to the [lcobucci/jwt Documentation](https://github.com/lcobucci/jwt ## JSON Web Tokens -- https://jwt.io \ No newline at end of file +- https://jwt.io diff --git a/composer.json b/composer.json index 05aaa02..b1e1c0d 100644 --- a/composer.json +++ b/composer.json @@ -5,13 +5,13 @@ "keywords": ["yii2", "jwt", "jws", "token", "authentication"], "license": "Apache-2.0", "authors": [ - { - "name": "Dmitriy Demin", - "email": "sizemail@gmail.com" - }, { "name": "Pawel Bizley Brzozowski", "email": "pawel@positive.codes" + }, + { + "name": "Dmitriy Demin", + "email": "sizemail@gmail.com" } ], "support": { diff --git a/phpunit.xml.dist b/phpunit.xml.dist index 4fa390a..edbf5f5 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -1,9 +1,7 @@ + convertDeprecationsToExceptions="false"> ./tests diff --git a/src/Jwt.php b/src/Jwt.php index 862ba20..c416591 100644 --- a/src/Jwt.php +++ b/src/Jwt.php @@ -1,4 +1,6 @@ - original package * @author Paweł Bizley Brzozowski since 2.0 (fork) */ -class Jwt extends \yii\base\Component +class Jwt extends Component { /** * @var array Token signers @@ -61,7 +64,7 @@ public function getBuilder(?Encoder $encoder = null, ?Factory $claimFactory = nu */ public function getParser(?Decoder $decoder = null, ?Factory $claimFactory = null): Parser { - return new Parser($decoder, $claimFactory); + return new Parser($decoder, $claimFactory); // $claimFactory not used anymore in lcobucci/jwt 3.4 } /** diff --git a/src/JwtHttpBearerAuth.php b/src/JwtHttpBearerAuth.php index 504d0ed..c910d41 100644 --- a/src/JwtHttpBearerAuth.php +++ b/src/JwtHttpBearerAuth.php @@ -1,12 +1,18 @@ - original package * @author Paweł Bizley Brzozowski since 2.0 (fork) */ -class JwtHttpBearerAuth extends \yii\filters\auth\HttpBearerAuth +class JwtHttpBearerAuth extends HttpBearerAuth { /** * @var string|array|Jwt application component ID of the JWT handler, configuration array, or JWT handler object itself. @@ -55,7 +61,7 @@ public function init(): void { parent::init(); - $this->jwt = \yii\di\Instance::ensure($this->jwt, Jwt::class); + $this->jwt = Instance::ensure($this->jwt, Jwt::class); if (empty($this->pattern)) { throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!'); @@ -64,8 +70,8 @@ public function init(): void /** * Authenticates the current user. - * @param \yii\web\User $user - * @param \yii\web\Request $request + * @param User $user + * @param Request $request * @param Response $response * @return IdentityInterface the authenticated user identity. If authentication information is not provided, null will be returned. * @throws UnauthorizedHttpException if authentication information is provided but is invalid. diff --git a/tests/BearerTest.php b/tests/BearerTest.php index f98691e..0963d12 100644 --- a/tests/BearerTest.php +++ b/tests/BearerTest.php @@ -1,21 +1,26 @@ - 'test', 'basePath' => __DIR__, 'vendorPath' => __DIR__ . '/../vendor', @@ -41,7 +46,7 @@ protected function setUp(): void } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testHttpBearerAuthInvalidToken(): void { @@ -52,14 +57,14 @@ public function testHttpBearerAuthInvalidToken(): void try { $controller->run('filtered'); - $this->fail('Should throw UnauthorizedHttpException'); + self::fail('Should throw UnauthorizedHttpException'); } catch (UnauthorizedHttpException $e) { - $this->assertArrayHasKey('WWW-Authenticate', Yii::$app->getResponse()->getHeaders()); + self::assertArrayHasKey('WWW-Authenticate', Yii::$app->getResponse()->getHeaders()); } } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testHttpBearerAuthExpiredToken(): void { @@ -75,14 +80,14 @@ public function testHttpBearerAuthExpiredToken(): void try { $controller->run('filtered'); - $this->fail('Should throw UnauthorizedHttpException'); + self::fail('Should throw UnauthorizedHttpException'); } catch (UnauthorizedHttpException $e) { - $this->assertArrayHasKey('WWW-Authenticate', Yii::$app->getResponse()->getHeaders()); + self::assertArrayHasKey('WWW-Authenticate', Yii::$app->getResponse()->getHeaders()); } } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testHttpBearerAuth(): void { @@ -100,11 +105,11 @@ public function testHttpBearerAuth(): void /* @var $controller Controller */ $controller = Yii::$app->createController('test-auth')[0]; - $this->assertEquals('test', $controller->run('filtered')); + self::assertEquals('test', $controller->run('filtered')); } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testHttpBearerAuthCustom(): void { @@ -125,11 +130,11 @@ public function testHttpBearerAuthCustom(): void }; /* @var $controller Controller */ - $this->assertEquals('test', $controller->run('filtered')); + self::assertEquals('test', $controller->run('filtered')); } } -class TestAuthController extends \yii\rest\Controller +class TestAuthController extends Controller { public $filterConfig = []; diff --git a/tests/HmacVerifyTest.php b/tests/HmacVerifyTest.php index b55e72e..fbb1024 100644 --- a/tests/HmacVerifyTest.php +++ b/tests/HmacVerifyTest.php @@ -1,10 +1,13 @@ -assertTrue($this->verify($this->createTokenWithSignature())); + self::assertTrue($this->verify($this->createTokenWithSignature())); } } diff --git a/tests/TokenValidationTest.php b/tests/TokenValidationTest.php index 92090d9..e403cc9 100644 --- a/tests/TokenValidationTest.php +++ b/tests/TokenValidationTest.php @@ -1,11 +1,15 @@ -assertTrue($this->getJwt()->validateToken($this->createToken(), null, [ + self::assertTrue($this->getJwt()->validateToken($this->createToken(), null, [ 'iss' => static::$issuer, 'aud' => static::$audience, 'jti' => static::$id, @@ -64,28 +68,28 @@ public function testValidateToken(): void } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testValidateDiff(): void { - $this->assertFalse($this->getJwt()->validateToken($this->createToken(), null, [ + self::assertFalse($this->getJwt()->validateToken($this->createToken(), null, [ 'aud' => 'different', ])); } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testValidateTokenTimeout(): void { - $this->assertFalse($this->getJwt()->validateToken($this->createToken(), time() + 4000)); + self::assertFalse($this->getJwt()->validateToken($this->createToken(), time() + 4000)); } /** - * @throws \yii\base\InvalidConfigException + * @throws InvalidConfigException */ public function testValidateTokenPremature(): void { - $this->assertFalse($this->getJwt()->validateToken($this->createToken(60))); + self::assertFalse($this->getJwt()->validateToken($this->createToken(60))); } } diff --git a/tests/UserIdentity.php b/tests/UserIdentity.php index a26c19a..93c1870 100644 --- a/tests/UserIdentity.php +++ b/tests/UserIdentity.php @@ -1,4 +1,6 @@ - Date: Sat, 28 Nov 2020 16:16:31 +0100 Subject: [PATCH 2/3] 2.0.1 --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 39058ce..a6f6b5a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -45,7 +45,7 @@ jobs: run: composer update --ignore-platform-reqs --prefer-dist --no-interaction --no-progress --optimize-autoloader - name: Install dependencies with PHP 7 - if: matrix.php == '7.4' + if: matrix.php != '8.0' run: composer update --prefer-dist --no-interaction --no-progress --optimize-autoloader - name: Run PHPUnit From 3d97f735e298fb4a5b369be964976ab5e4fc92be Mon Sep 17 00:00:00 2001 From: Bizley Date: Sat, 28 Nov 2020 16:18:31 +0100 Subject: [PATCH 3/3] 2.0.1 --- .github/workflows/tests.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a6f6b5a..a6f0af4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - php: ['7.1', '7.2', '7.3', '7.4', '8.0'] + php: ['7.1', '7.2', '7.3', '7.4'] steps: - name: Checkout @@ -40,12 +40,7 @@ jobs: key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} restore-keys: ${{ runner.os }}-composer- - - name: Install dependencies with PHP 8 - if: matrix.php == '8.0' - run: composer update --ignore-platform-reqs --prefer-dist --no-interaction --no-progress --optimize-autoloader - - - name: Install dependencies with PHP 7 - if: matrix.php != '8.0' + - name: Install dependencies run: composer update --prefer-dist --no-interaction --no-progress --optimize-autoloader - name: Run PHPUnit