Auth0 Reset fix for worker mode

JanMikes · JanMikes · commit a6d0ba03377f · 2026-01-03T17:07:59.000+01:00
diff --git a/config/reference.php b/config/reference.php
@@ -1877,8 +1877,8 @@
  * }
  * @psalm-type MercureConfig = array{
  *     hubs?: array<string, array{ // Default: []
- *         url?: scalar|null, // URL of the hub's publish endpoint // Default: null
- *         public_url?: scalar|null, // URL of the hub's public endpoint
+ *         url?: scalar|null, // URL of the hub's publish endpoint
+ *         public_url?: scalar|null, // URL of the hub's public endpoint // Default: null
  *         jwt?: string|array{ // JSON Web Token configuration.
  *             value?: scalar|null, // JSON Web Token to use to publish to this hub.
  *             provider?: scalar|null, // The ID of a service to call to provide the JSON Web Token.
diff --git a/src/Query/GetRanking.php b/src/Query/GetRanking.php
@@ -9,8 +9,9 @@
 use SpeedPuzzling\Web\Exceptions\PlayerNotFound;
 use SpeedPuzzling\Web\Exceptions\PuzzleNotFound;
 use SpeedPuzzling\Web\Results\PlayerRanking;
+use Symfony\Contracts\Service\ResetInterface;
 
-final class GetRanking
+final class GetRanking implements ResetInterface
 {
     /** @var array<string, array<string, PlayerRanking>> */
     private array $allForPlayerCache = [];
@@ -221,4 +222,10 @@ public function ofPuzzleForPlayer(string $puzzleId, string $playerId): null|Play
 
         return $ranking;
     }
+
+    public function reset(): void
+    {
+        $this->allForPlayerCache = [];
+        $this->ofPuzzleForPlayerCache = [];
+    }
 }
diff --git a/src/Services/Auth0SdkResetListener.php b/src/Services/Auth0SdkResetListener.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SpeedPuzzling\Web\Services;
+
+use Auth0\Symfony\Service;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+/**
+ * Resets Auth0 SDK at the start of each request.
+ *
+ * This is critical for FrankenPHP worker mode where PHP processes persist between requests.
+ * Without this reset, the Auth0 SDK caches user credentials in memory, causing session leakage
+ * where one user's authentication bleeds into another user's request.
+ */
+#[AsEventListener(event: KernelEvents::REQUEST, priority: 512)]
+final class Auth0SdkResetListener
+{
+    public function __construct(
+        #[Autowire(service: 'auth0')]
+        private readonly Service $auth0Service,
+    ) {
+    }
+
+    public function __invoke(RequestEvent $event): void
+    {
+        if ($event->isMainRequest() === false) {
+            return;
+        }
+
+        // Reset Auth0 SDK to force fresh credentials check from session
+        $reflection = new \ReflectionClass($this->auth0Service);
+        $property = $reflection->getProperty('sdk');
+        $property->setValue($this->auth0Service, null);
+    }
+}
diff --git a/src/Services/Auth0ServiceResetter.php b/src/Services/Auth0ServiceResetter.php

Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,9 @@`
`9`	`9`	`use SpeedPuzzling\Web\Exceptions\PlayerNotFound;`
`10`	`10`	`use SpeedPuzzling\Web\Exceptions\PuzzleNotFound;`
`11`	`11`	`use SpeedPuzzling\Web\Results\PlayerRanking;`
	`12`	`+use Symfony\Contracts\Service\ResetInterface;`
`12`	`13`
`13`		`-final class GetRanking`
	`14`	`+final class GetRanking implements ResetInterface`
`14`	`15`	`{`
`15`	`16`	`/** @var array<string, array<string, PlayerRanking>> */`
`16`	`17`	`private array $allForPlayerCache = [];`
`@@ -221,4 +222,10 @@ public function ofPuzzleForPlayer(string $puzzleId, string $playerId): null\|Play`
`221`	`222`
`222`	`223`	`return $ranking;`
`223`	`224`	`}`
	`225`	`+`
	`226`	`+ public function reset(): void`
	`227`	`+ {`
	`228`	`+ $this->allForPlayerCache = [];`
	`229`	`+ $this->ofPuzzleForPlayerCache = [];`
	`230`	`+ }`
`224`	`231`	`}`