JWT Session 6.0 - Major Version Update (#19)

* Claude/update legacy config 011 c uy cef h lgxfv x zm77h5 c6 (#18)

* Update legacy configuration files

- Update phpunit.xml.dist to PHPUnit 10+ format with new attributes and source tag
- Create psalm.xml with static analysis configuration
- Update composer.json: PHP >=8.1 <8.5, byjg/jwt-wrapper ^6.0, phpunit ^10|^11, vimeo/psalm ^5.9|^6.12
- Add composer scripts for test and psalm
- Update GitHub workflow to test PHP 8.1-8.4
- Update .gitignore with additional patterns

* Fix compatibility with jwt-wrapper 6.0

- Update namespace imports from ByJG\Util to ByJG\JwtWrapper
- Update class names: JwtKeySecret -> JwtHashHmacSecret, JwtRsaKey -> JwtOpenSSLKey
- Update JwtWrapper::createJwtData() call to pass array instead of string
- Make test data providers static for PHPUnit 10+ compatibility
- Convert @dataProvider annotations to PHP attributes
- Suppress unserialize warnings in session parser (expected behavior)

* Fix psalm static analysis errors

- Add #[Override] attributes to SessionHandlerInterface methods
- Fix gc() return type from bool to int|false per interface
- Remove redundant null coalescing for getCookiePath() calls

---------

Co-authored-by: Claude <[email protected]>

* Update PHPUnit GitHub Actions workflow with container options and checkout version

---------

Co-authored-by: Claude <[email protected]>

Author: byjg

.github/workflows/phpunit.yml

@@ -12,16 +12,19 @@ on:
 jobs:
   Build:
     runs-on: 'ubuntu-latest'
-    container: 'byjg/php:${{ matrix.php-version }}-cli'
+    container:
+      image: 'byjg/php:${{ matrix.php-version }}-cli'
+      options: --user root --privileged
     strategy:
       matrix:
         php-version:
+          - "8.4"
+          - "8.3"
           - "8.2"
           - "8.1"
-          - "8.0"
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - run: composer install
       - run: ./vendor/bin/phpunit
 
@@ -32,5 +35,6 @@ jobs:
     with:
       folder: php
       project: ${{ github.event.repository.name }}
-    secrets: inherit
+    secrets:
+      DOC_TOKEN: ${{ secrets.DOC_TOKEN }}
 

.gitignore

@@ -2,3 +2,6 @@
 composer.lock
 vendor
 /.phpunit.result.cache
+phpunit.coverage.xml
+phpunit.report.xml
+*.bak

composer.json

@@ -9,11 +9,16 @@
   "minimum-stability": "dev",
   "prefer-stable": true,
   "require": {
-    "php": ">=8.0",
-    "byjg/jwt-wrapper": "4.9.*"
+    "php": ">=8.1 <8.5",
+    "byjg/jwt-wrapper": "^6.0"
   },
   "require-dev": {
-    "phpunit/phpunit": "5.7.*|7.4.*|^9.6"
+    "phpunit/phpunit": "^10|^11",
+    "vimeo/psalm": "^5.9|^6.12"
+  },
+  "scripts": {
+    "test": "vendor/bin/phpunit",
+    "psalm": "vendor/bin/psalm"
   },
   "license": "MIT"
 }

phpunit.xml.dist

@@ -6,26 +6,33 @@ and open the template in the editor.
 -->
 
 <!-- see http://www.phpunit.de/wiki/Documentation -->
-<phpunit bootstrap="./vendor/autoload.php"
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         bootstrap="./vendor/autoload.php"
          colors="true"
          testdox="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         convertDeprecationsToExceptions="true"
-         stopOnFailure="false">
+         displayDetailsOnTestsThatTriggerDeprecations="true"
+         displayDetailsOnTestsThatTriggerErrors="true"
+         displayDetailsOnTestsThatTriggerNotices="true"
+         displayDetailsOnTestsThatTriggerWarnings="true"
+         displayDetailsOnPhpunitDeprecations="true"
+         failOnWarning="true"
+         failOnNotice="true"
+         failOnDeprecation="true"
+         failOnPhpunitDeprecation="true"
+         stopOnFailure="false"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd">
 
     <php>
         <ini name="display_errors" value="On" />
         <ini name="display_startup_errors" value="On" />
         <ini name="error_reporting" value="E_ALL" />
     </php>
 
-    <filter>
-        <whitelist>
+    <source>
+        <include>
             <directory>./src</directory>
-        </whitelist>
-    </filter>
+        </include>
+    </source>
 
     <testsuites>
         <testsuite name="Test Suite">

psalm.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<psalm
+    errorLevel="4"
+    resolveFromConfigFile="true"
+    findUnusedBaselineEntry="true"
+    findUnusedCode="false"
+    cacheDirectory="/tmp/psalm"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns="https://getpsalm.org/schema/config"
+    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd">
+
+    <projectFiles>
+        <directory name="src"/>
+        <ignoreFiles>
+            <directory name="vendor"/>
+        </ignoreFiles>
+    </projectFiles>
+</psalm>

src/JwtSession.php

@@ -2,8 +2,8 @@
 
 namespace ByJG\Session;
 
-use ByJG\Util\JwtWrapper;
-use ByJG\Util\JwtWrapperException;
+use ByJG\JwtWrapper\JwtWrapper;
+use ByJG\JwtWrapper\JwtWrapperException;
 use Exception;
 use SessionHandlerInterface;
 
@@ -64,6 +64,7 @@ protected function replaceSessionHandler(): void
      * </p>
      * @since 5.4.0
      */
+    #[\Override]
     public function close(): bool
     {
         return true;
@@ -80,14 +81,15 @@ public function close(): bool
      * </p>
      * @since 5.4.0
      */
+    #[\Override]
     public function destroy(string $id): bool
     {
         if (!headers_sent()) {
             setcookie(
                 self::COOKIE_PREFIX . $this->sessionConfig->getSessionContext(),
                 "",
                 (time()-3000),
-                $this->sessionConfig->getCookiePath() ?? "",
+                $this->sessionConfig->getCookiePath(),
                 $this->sessionConfig->getCookieDomain() ?? "",
             );
         }
@@ -99,19 +101,20 @@ public function destroy(string $id): bool
      * Cleanup old sessions
      *
      * @link http://php.net/manual/en/sessionhandlerinterface.gc.php
+     *
      * @param int $max_lifetime <p>
      * Sessions that have not updated for
      * the last maxlifetime seconds will be removed.
      * </p>
-     * @return int|false <p>
-     * The return value (usually TRUE on success, FALSE on failure).
-     * Note this value is returned internally to PHP for processing.
-     * </p>
+     *
+     * @return int|false <p> The return value (usually TRUE on success, FALSE on failure). Note this value is returned internally to PHP for processing. </p>
+     *
      * @since 5.4.0
      */
+    #[\Override]
     public function gc(int $max_lifetime): int|false
     {
-        return true;
+        return 1;
     }
 
     /**
@@ -126,6 +129,7 @@ public function gc(int $max_lifetime): int|false
      * </p>
      * @since 5.4.0
      */
+    #[\Override]
     public function open(string $path, string $name): bool
     {
         return true;
@@ -143,6 +147,7 @@ public function open(string $path, string $name): bool
      * </p>
      * @since 5.4.0
      */
+    #[\Override]
     public function read(string $id): string
     {
         try {
@@ -184,21 +189,22 @@ public function read(string $id): string
      * @throws JwtWrapperException
      * @since 5.4.0
      */
+    #[\Override]
     public function write(string $id, string $data): bool
     {
         $jwt = new JwtWrapper(
             $this->sessionConfig->getServerName(),
             $this->sessionConfig->getKey()
         );
-        $session_data = $jwt->createJwtData($data, $this->sessionConfig->getTimeoutMinutes() * 60);
+        $session_data = $jwt->createJwtData(['data' => $data], $this->sessionConfig->getTimeoutMinutes() * 60, 0, null);
         $token = $jwt->generateToken($session_data);
 
         if (!headers_sent()) {
             setcookie(
                 self::COOKIE_PREFIX . $this->sessionConfig->getSessionContext(),
                 $token,
                 (time()+$this->sessionConfig->getTimeoutMinutes()*60) ,
-                $this->sessionConfig->getCookiePath() ?? "",
+                $this->sessionConfig->getCookiePath(),
                 $this->sessionConfig->getCookieDomain() ?? "",
                 false,
                 true
@@ -236,7 +242,7 @@ public function unSerializeSessionData($session_data): array
             $num = $pos - $offset;
             $varname = substr($session_data, $offset, $num);
             $offset += $num + 1;
-            $data = unserialize(substr($session_data, $offset));
+            $data = @unserialize(substr($session_data, $offset), ['allowed_classes' => true]);
             $return_data[$varname] = $data;
             $offset += strlen(serialize($data));
         }

src/SessionConfig.php

@@ -2,9 +2,9 @@
 
 namespace ByJG\Session;
 
-use ByJG\Util\JwtKeyInterface;
-use ByJG\Util\JwtKeySecret;
-use ByJG\Util\JwtRsaKey;
+use ByJG\JwtWrapper\JwtKeyInterface;
+use ByJG\JwtWrapper\JwtHashHmacSecret;
+use ByJG\JwtWrapper\JwtOpenSSLKey;
 
 class SessionConfig
 {
@@ -53,13 +53,13 @@ public function withCookie($domain, $path = "/"): static
 
     public function withSecret($secret): static
     {
-        $this->jwtKey = new JwtKeySecret($secret);
+        $this->jwtKey = new JwtHashHmacSecret($secret);
         return $this;
     }
-    
+
     public function withRsaSecret($private, $public): static
     {
-        $this->jwtKey = new JwtRsaKey($private, $public);
+        $this->jwtKey = new JwtOpenSSLKey($private, $public);
         return $this;
     }
 

tests/JwtSessionTest.php

@@ -1,10 +1,11 @@
 <?php
 
+use ByJG\JwtWrapper\JwtWrapperException;
 use ByJG\Session\JwtSession;
 use ByJG\Session\JwtSessionException;
 use ByJG\Session\SessionConfig;
-use ByJG\Util\JwtWrapperException;
 use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
 
 ob_start();
 define("SETCOOKIE_FORTEST", "TESTCASE");
@@ -57,7 +58,7 @@ public function testClose()
         $this->assertTrue($this->object->close());
     }
 
-    public function dataProvider(): array
+    public static function dataProvider(): array
     {
         $obj = new stdClass();
         $obj->prop1 = "value1";
@@ -119,35 +120,21 @@ public function dataProvider(): array
         ];
     }
 
-    /**
-     * @dataProvider dataProvider
-     * @param $input
-     * @param $expected
-     */
+    #[DataProvider('dataProvider')]
     public function testSerializeSessionData($input, $expected)
     {
         $result = $this->object->serializeSessionData($input);
         $this->assertEquals($expected, $result);
     }
 
-    /**
-     * @dataProvider dataProvider
-     * @param $expected
-     * @param $input
-     * @throws Exception
-     */
+    #[DataProvider('dataProvider')]
     public function testUnserializeData($expected, $input)
     {
         $result = $this->object->unSerializeSessionData($input);
         $this->assertEquals($expected, $result);
     }
 
-    /**
-     * @dataProvider dataProvider
-     * @param $object
-     * @param $serialize
-     * @throws JwtWrapperException
-     */
+    #[DataProvider('dataProvider')]
     public function testReadWrite($object, $serialize)
     {
         $this->object->write("SESSID", $serialize);