Fix compat with league/oauth2-server:^8.3 & symfony/*:^5.3

chalasr · chalasr · commit 69be264f2735 · 2021-08-20T17:36:08.000+02:00
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -11,7 +11,7 @@ jobs:
         strategy:
             matrix:
                 symfony-version:
-                    - "5.2.*"
+                    - "5.3.*"
                 php-version:
                     - "7.2"
                     - "7.3"
@@ -49,10 +49,7 @@ jobs:
 
             -   name: "install lowest dependencies"
                 if: ${{ matrix.dependencies == 'lowest' }}
-                run: |
-                    composer require --no-update symfony/config=${{ matrix.symfony-version }} symfony/http-kernel=${{ matrix.symfony-version }} symfony/dependency-injection=${{ matrix.symfony-version }} symfony/options-resolver=${{ matrix.symfony-version }}
-                    composer require --no-update --dev symfony/framework-bundle=${{ matrix.symfony-version }} symfony/yaml=${{ matrix.symfony-version }}
-                    composer update --prefer-lowest --no-interaction --no-progress --prefer-dist
+                run: composer update --prefer-lowest --no-interaction --no-progress --prefer-dist
 
             -   name: "install highest dependencies"
                 if: ${{ matrix.dependencies == 'highest' }}
diff --git a/composer.json b/composer.json
@@ -22,16 +22,16 @@
         "league/oauth2-server": "^8.0",
         "nyholm/psr7": "^1.4",
         "psr/http-factory": "^1.0",
-        "symfony/framework-bundle": "^5.2",
+        "symfony/framework-bundle": "^5.3",
         "symfony/psr-http-message-bridge": "^2.0",
-        "symfony/security-bundle": "^5.2"
+        "symfony/security-bundle": "^5.3"
     },
     "require-dev": {
         "ext-pdo": "*",
         "ext-pdo_sqlite": "*",
         "psalm/plugin-symfony": "^2.2",
-        "symfony/browser-kit": "^5.2",
-        "symfony/phpunit-bridge": "^5.2",
+        "symfony/browser-kit": "^5.3",
+        "symfony/phpunit-bridge": "^5.3",
         "vimeo/psalm": "^4.6"
     },
     "autoload": {
diff --git a/src/Converter/UserConverter.php b/src/Converter/UserConverter.php
@@ -10,11 +10,14 @@
 
 final class UserConverter implements UserConverterInterface
 {
+    /**
+     * @psalm-suppress DeprecatedMethod
+     */
     public function toLeague(?UserInterface $user): UserEntityInterface
     {
         $userEntity = new User();
         if ($user instanceof UserInterface) {
-            $userEntity->setIdentifier($user->getUsername());
+            $userEntity->setIdentifier(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername());
         }
 
         return $userEntity;
diff --git a/src/DBAL/Type/ImplodedArray.php b/src/DBAL/Type/ImplodedArray.php
@@ -18,7 +18,7 @@ abstract class ImplodedArray extends TextType
     private const VALUE_DELIMITER = ' ';
 
     /**
-     * {@inheritdoc}
+     * @psalm-suppress MixedArgumentTypeCoercion
      */
     public function convertToDatabaseValue($value, AbstractPlatform $platform): ?string
     {
diff --git a/src/Repository/AuthCodeRepository.php b/src/Repository/AuthCodeRepository.php
@@ -54,15 +54,15 @@ public function getNewAuthCode(): AuthCode
      *
      * @return void
      */
-    public function persistNewAuthCode(AuthCodeEntityInterface $authCode)
+    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
     {
-        $authorizationCode = $this->authorizationCodeManager->find($authCode->getIdentifier());
+        $authorizationCode = $this->authorizationCodeManager->find($authCodeEntity->getIdentifier());
 
         if (null !== $authorizationCode) {
             throw UniqueTokenIdentifierConstraintViolationException::create();
         }
 
-        $authorizationCode = $this->buildAuthorizationCode($authCode);
+        $authorizationCode = $this->buildAuthorizationCode($authCodeEntity);
 
         $this->authorizationCodeManager->save($authorizationCode);
     }
@@ -97,22 +97,22 @@ public function isAuthCodeRevoked($codeId): bool
         return $authorizationCode->isRevoked();
     }
 
-    private function buildAuthorizationCode(AuthCodeEntityInterface $authCode): AuthorizationCode
+    private function buildAuthorizationCode(AuthCodeEntityInterface $authCodeEntity): AuthorizationCode
     {
         /** @var AbstractClient $client */
-        $client = $this->clientManager->find($authCode->getClient()->getIdentifier());
+        $client = $this->clientManager->find($authCodeEntity->getClient()->getIdentifier());
 
-        $userIdentifier = $authCode->getUserIdentifier();
+        $userIdentifier = $authCodeEntity->getUserIdentifier();
         if (null !== $userIdentifier) {
             $userIdentifier = (string) $userIdentifier;
         }
 
         return new AuthorizationCode(
-            $authCode->getIdentifier(),
-            $authCode->getExpiryDateTime(),
+            $authCodeEntity->getIdentifier(),
+            $authCodeEntity->getExpiryDateTime(),
             $client,
             $userIdentifier,
-            $this->scopeConverter->toDomainArray(array_values($authCode->getScopes()))
+            $this->scopeConverter->toDomainArray(array_values($authCodeEntity->getScopes()))
         );
     }
 }
diff --git a/src/Security/Authenticator/OAuth2Authenticator.php b/src/Security/Authenticator/OAuth2Authenticator.php
@@ -72,6 +72,9 @@ public function start(Request $request, AuthenticationException $authException =
         return new Response('', 401, ['WWW-Authenticate' => 'Bearer']);
     }
 
+    /**
+     * @psalm-suppress DeprecatedMethod
+     */
     public function authenticate(Request $request): PassportInterface
     {
         try {
@@ -89,11 +92,21 @@ public function authenticate(Request $request): PassportInterface
         /** @var list<string> $scopes */
         $scopes = $psr7Request->getAttribute('oauth_scopes', []);
 
-        $passport = new SelfValidatingPassport(new UserBadge($userIdentifier, function (string $userIdentifier): UserInterface {
-            return '' !== $userIdentifier ? $this->userProvider->loadUserByUsername($userIdentifier) : new NullUser();
-        }), [
+        $userLoader = function (string $userIdentifier): UserInterface {
+            if ('' === $userIdentifier) {
+                return new NullUser();
+            }
+            if (!method_exists($this->userProvider, 'loadUserByIdentifier')) {
+                return $this->userProvider->loadUserByUsername($userIdentifier);
+            }
+
+            return $this->userProvider->loadUserByIdentifier($userIdentifier);
+        };
+
+        $passport = new SelfValidatingPassport(new UserBadge($userIdentifier, $userLoader), [
             new ScopeBadge($scopes),
         ]);
+
         $passport->setAttribute('accessTokenId', $accessTokenId);
 
         return $passport;
diff --git a/src/Security/EventListener/CheckScopeListener.php b/src/Security/EventListener/CheckScopeListener.php
@@ -44,7 +44,7 @@ public function checkPassport(CheckPassportEvent $event): void
         }
 
         /** @var Request $request */
-        $request = $this->requestStack->getMasterRequest();
+        $request = $this->requestStack->{method_exists($this->requestStack, 'getMainRequest') ? 'getMainRequest' : 'getMasterRequest'}();
 
         /** @var list<string> $requestedScopes */
         $requestedScopes = $request->attributes->get('oauth2_scopes', []);
diff --git a/src/Security/User/NullUser.php b/src/Security/User/NullUser.php
@@ -21,12 +21,17 @@ public function getUsername(): string
         return '';
     }
 
+    public function getUserIdentifier(): string
+    {
+        return '';
+    }
+
     /**
      * @psalm-mutation-free
      */
-    public function getPassword(): string
+    public function getPassword(): ?string
     {
-        return '';
+        return null;
     }
 
     /**
diff --git a/src/Service/CredentialsRevoker/DoctrineCredentialsRevoker.php b/src/Service/CredentialsRevoker/DoctrineCredentialsRevoker.php
@@ -31,9 +31,12 @@ public function __construct(EntityManagerInterface $entityManager, ClientManager
         $this->clientManager = $clientManager;
     }
 
+    /**
+     * @psalm-suppress DeprecatedMethod
+     */
     public function revokeCredentialsForUser(UserInterface $user): void
     {
-        $userIdentifier = $user->getUsername();
+        $userIdentifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
 
         $this->entityManager->createQueryBuilder()
             ->update(AccessToken::class, 'at')
diff --git a/tests/Fixtures/SecurityTestController.php b/tests/Fixtures/SecurityTestController.php
@@ -28,7 +28,7 @@ public function helloAction(): Response
         $user = $this->getUser();
 
         return new Response(
-            sprintf('Hello, %s', $user instanceof NullUser ? 'guest' : $user->getUsername())
+            sprintf('Hello, %s', $user instanceof NullUser ? 'guest' : (method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername()))
         );
     }
 
diff --git a/tests/Fixtures/User.php b/tests/Fixtures/User.php
@@ -11,31 +11,39 @@ class User extends \ArrayObject implements UserInterface
     /**
      * {@inheritdoc}
      */
-    public function getRoles()
+    public function getRoles(): array
     {
         return $this['roles'] ?? [];
     }
 
     /**
      * {@inheritdoc}
      */
-    public function getPassword()
+    public function getPassword(): ?string
     {
         return FixtureFactory::FIXTURE_PASSWORD;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function getSalt()
+    public function getSalt(): ?string
     {
         return null;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function getUsername()
+    public function getUsername(): string
+    {
+        return $this->getUserIdentifier();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getUserIdentifier(): string
     {
         return FixtureFactory::FIXTURE_USER;
     }
@@ -45,6 +53,5 @@ public function getUsername()
      */
     public function eraseCredentials()
     {
-        return;
     }
 }
diff --git a/tests/Integration/AuthorizationServerTest.php b/tests/Integration/AuthorizationServerTest.php
@@ -314,7 +314,6 @@ public function testInvalidCredentialsPasswordGrant(): void
 
         // Response assertions.
         $this->assertSame('invalid_grant', $response['error']);
-        $this->assertSame('The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.', $response['message']);
     }
 
     public function testMissingUsernameFieldPasswordGrant(): void
diff --git a/tests/Unit/OAuth2AuthenticatorTest.php b/tests/Unit/OAuth2AuthenticatorTest.php
@@ -40,7 +40,7 @@ public function testAuthenticateThrowIfCannotValidateAuthenticatedRequest(): voi
         $authenticator = new OAuth2Authenticator(
             $httpMessageFactory,
             $resourceServer,
-            $this->createMock(UserProviderInterface::class),
+            $this->createMock(TestUserProvider::class),
             'PREFIX_'
         );
 
@@ -68,10 +68,10 @@ public function testAuthenticateCreatePassport(): void
             ->willReturn($serverRequest)
         ;
 
-        $userProvider = $this->createMock(UserProviderInterface::class);
+        $userProvider = $this->createMock(TestUserProvider::class);
         $userProvider
             ->expects($this->once())
-            ->method('loadUserByUsername')
+            ->method('loadUserByIdentifier')
             ->with('userIdentifier')
             ->willReturn($this->createMock(UserInterface::class))
         ;
@@ -110,10 +110,10 @@ public function testAuthenticateCreatePassportWithNullUser(): void
             ->willReturn($serverRequest)
         ;
 
-        $userProvider = $this->createMock(UserProviderInterface::class);
+        $userProvider = $this->createMock(TestUserProvider::class);
         $userProvider
             ->expects($this->never())
-            ->method('loadUserByUsername')
+            ->method('loadUserByIdentifier')
         ;
 
         $authenticator = new OAuth2Authenticator(
@@ -147,7 +147,7 @@ public function testCreateAuthenticatedToken(): void
         $authenticator = new OAuth2Authenticator(
             $this->createMock(HttpMessageFactoryInterface::class),
             $this->createMock(ResourceServer::class),
-            $this->createMock(UserProviderInterface::class),
+            $this->createMock(TestUserProvider::class),
             'PREFIX_'
         );
 
@@ -159,3 +159,10 @@ public function testCreateAuthenticatedToken(): void
         $this->assertTrue($token->isAuthenticated());
     }
 }
+
+abstract class TestUserProvider implements UserProviderInterface
+{
+    public function loadUserByIdentifier(string $identifier): UserInterface
+    {
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -10,11 +10,14 @@`
`10`	`10`
`11`	`11`	`final class UserConverter implements UserConverterInterface`
`12`	`12`	`{`
	`13`	`+ /**`
	`14`	`+ * @psalm-suppress DeprecatedMethod`
	`15`	`+ */`
`13`	`16`	`public function toLeague(?UserInterface $user): UserEntityInterface`
`14`	`17`	`{`
`15`	`18`	`$userEntity = new User();`
`16`	`19`	`if ($user instanceof UserInterface) {`
`17`		`- $userEntity->setIdentifier($user->getUsername());`
	`20`	`+ $userEntity->setIdentifier(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername());`
`18`	`21`	`}`
`19`	`22`
`20`	`23`	`return $userEntity;`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ abstract class ImplodedArray extends TextType`
`18`	`18`	`private const VALUE_DELIMITER = ' ';`
`19`	`19`
`20`	`20`	`/**`
`21`		`- * {@inheritdoc}`
	`21`	`+ * @psalm-suppress MixedArgumentTypeCoercion`
`22`	`22`	`*/`
`23`	`23`	`public function convertToDatabaseValue($value, AbstractPlatform $platform): ?string`
`24`	`24`	`{`
Original file line number	Diff line number	Diff line change
`@@ -54,15 +54,15 @@ public function getNewAuthCode(): AuthCode`
`54`	`54`	`*`
`55`	`55`	`* @return void`
`56`	`56`	`*/`
`57`		`- public function persistNewAuthCode(AuthCodeEntityInterface $authCode)`
	`57`	`+ public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)`
`58`	`58`	`{`
`59`		`- $authorizationCode = $this->authorizationCodeManager->find($authCode->getIdentifier());`
	`59`	`+ $authorizationCode = $this->authorizationCodeManager->find($authCodeEntity->getIdentifier());`
`60`	`60`
`61`	`61`	`if (null !== $authorizationCode) {`
`62`	`62`	`throw UniqueTokenIdentifierConstraintViolationException::create();`
`63`	`63`	`}`
`64`	`64`
`65`		`- $authorizationCode = $this->buildAuthorizationCode($authCode);`
	`65`	`+ $authorizationCode = $this->buildAuthorizationCode($authCodeEntity);`
`66`	`66`
`67`	`67`	`$this->authorizationCodeManager->save($authorizationCode);`
`68`	`68`	`}`
`@@ -97,22 +97,22 @@ public function isAuthCodeRevoked($codeId): bool`
`97`	`97`	`return $authorizationCode->isRevoked();`
`98`	`98`	`}`
`99`	`99`
`100`		`- private function buildAuthorizationCode(AuthCodeEntityInterface $authCode): AuthorizationCode`
	`100`	`+ private function buildAuthorizationCode(AuthCodeEntityInterface $authCodeEntity): AuthorizationCode`
`101`	`101`	`{`
`102`	`102`	`/** @var AbstractClient $client */`
`103`		`- $client = $this->clientManager->find($authCode->getClient()->getIdentifier());`
	`103`	`+ $client = $this->clientManager->find($authCodeEntity->getClient()->getIdentifier());`
`104`	`104`
`105`		`- $userIdentifier = $authCode->getUserIdentifier();`
	`105`	`+ $userIdentifier = $authCodeEntity->getUserIdentifier();`
`106`	`106`	`if (null !== $userIdentifier) {`
`107`	`107`	`$userIdentifier = (string) $userIdentifier;`
`108`	`108`	`}`
`109`	`109`
`110`	`110`	`return new AuthorizationCode(`
`111`		`- $authCode->getIdentifier(),`
`112`		`- $authCode->getExpiryDateTime(),`
	`111`	`+ $authCodeEntity->getIdentifier(),`
	`112`	`+ $authCodeEntity->getExpiryDateTime(),`
`113`	`113`	`$client,`
`114`	`114`	`$userIdentifier,`
`115`		`- $this->scopeConverter->toDomainArray(array_values($authCode->getScopes()))`
	`115`	`+ $this->scopeConverter->toDomainArray(array_values($authCodeEntity->getScopes()))`
`116`	`116`	`);`
`117`	`117`	`}`
`118`	`118`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public function checkPassport(CheckPassportEvent $event): void`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`/** @var Request $request */`
`47`		`- $request = $this->requestStack->getMasterRequest();`
	`47`	`+ $request = $this->requestStack->{method_exists($this->requestStack, 'getMainRequest') ? 'getMainRequest' : 'getMasterRequest'}();`
`48`	`48`
`49`	`49`	`/** @var list<string> $requestedScopes */`
`50`	`50`	`$requestedScopes = $request->attributes->get('oauth2_scopes', []);`
Original file line number	Diff line number	Diff line change
`@@ -21,12 +21,17 @@ public function getUsername(): string`
`21`	`21`	`return '';`
`22`	`22`	`}`
`23`	`23`
	`24`	`+ public function getUserIdentifier(): string`
	`25`	`+ {`
	`26`	`+ return '';`
	`27`	`+ }`
	`28`	`+`
`24`	`29`	`/**`
`25`	`30`	`* @psalm-mutation-free`
`26`	`31`	`*/`
`27`		`- public function getPassword(): string`
	`32`	`+ public function getPassword(): ?string`
`28`	`33`	`{`
`29`		`- return '';`
	`34`	`+ return null;`
`30`	`35`	`}`
`31`	`36`
`32`	`37`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,12 @@ public function __construct(EntityManagerInterface $entityManager, ClientManager`
`31`	`31`	`$this->clientManager = $clientManager;`
`32`	`32`	`}`
`33`	`33`
	`34`	`+ /**`
	`35`	`+ * @psalm-suppress DeprecatedMethod`
	`36`	`+ */`
`34`	`37`	`public function revokeCredentialsForUser(UserInterface $user): void`
`35`	`38`	`{`
`36`		`- $userIdentifier = $user->getUsername();`
	`39`	`+ $userIdentifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();`
`37`	`40`
`38`	`41`	`$this->entityManager->createQueryBuilder()`
`39`	`42`	`->update(AccessToken::class, 'at')`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public function helloAction(): Response`
`28`	`28`	`$user = $this->getUser();`
`29`	`29`
`30`	`30`	`return new Response(`
`31`		`- sprintf('Hello, %s', $user instanceof NullUser ? 'guest' : $user->getUsername())`
	`31`	`+ sprintf('Hello, %s', $user instanceof NullUser ? 'guest' : (method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername()))`
`32`	`32`	`);`
`33`	`33`	`}`
`34`	`34`