From f7b68dd8c8866ec52f581963cc3d882ddce24a7d Mon Sep 17 00:00:00 2001 From: Julien Veyssier Date: Wed, 30 Aug 2023 13:35:30 +0200 Subject: [PATCH] bump min NC to 24, upgrade php-jwt, adjust implementation Signed-off-by: Julien Veyssier --- .github/workflows/integration.yml | 9 ------- .github/workflows/lint.yml | 2 +- .github/workflows/phpunit.yml | 20 ++------------ appinfo/info.xml | 2 +- composer.json | 4 +-- composer.lock | 26 ++++++++++++------- lib/Controller/LoginController.php | 4 +-- .../SelfEncodedTokenProvisioning.php | 2 +- lib/User/Validator/SelfEncodedValidator.php | 2 +- 9 files changed, 26 insertions(+), 45 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index b5c96831..d1f396f3 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -22,15 +22,6 @@ jobs: databases: ['sqlite', 'mysql', 'pgsql'] server-versions: ['master'] include: - - php-versions: 7.4 - databases: mysql - server-versions: stable21 - - php-versions: 8.0 - databases: mysql - server-versions: stable22 - - php-versions: 8.0 - databases: mysql - server-versions: stable23 - php-versions: 8.1 databases: mysql server-versions: stable24 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5b1671d9..4b1fe823 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,7 @@ jobs: strategy: matrix: - php-versions: ['7.3', '7.4', '8.0', "8.1"] + php-versions: ['7.4', '8.0', "8.1"] name: php${{ matrix.php-versions }} steps: diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index e64467d5..d4f34bd4 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -19,32 +19,16 @@ jobs: strategy: fail-fast: false matrix: - php-versions: ['7.3', '7.4', '8.0', '8.1'] + php-versions: ['7.4', '8.0', '8.1'] databases: ['mysql'] - server-versions: ['stable21', 'stable22', 'stable23', 'stable24', 'stable25', 'stable26', 'stable27', 'master'] + server-versions: ['stable24', 'stable25', 'stable26', 'stable27', 'master'] exclude: - - php-versions: 7.3 - server-versions: master - php-versions: 7.4 server-versions: master - - php-versions: 7.3 - server-versions: stable27 - php-versions: 7.4 server-versions: stable27 - - php-versions: 7.3 - server-versions: stable26 - php-versions: 7.4 server-versions: stable26 - - php-versions: 7.3 - server-versions: stable25 - - php-versions: 7.3 - server-versions: stable24 - - php-versions: 8.1 - server-versions: stable21 - - php-versions: 8.1 - server-versions: stable22 - - php-versions: 8.1 - server-versions: stable23 include: - php-versions: 8.2 databases: mysql diff --git a/appinfo/info.xml b/appinfo/info.xml index 600315d2..9f72de97 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -19,7 +19,7 @@ https://github.com/nextcloud/user_oidc/issues https://github.com/nextcloud/user_oidc - + OCA\UserOIDC\Settings\AdminSettings diff --git a/composer.json b/composer.json index 64f65dcc..a4f7a9a9 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,7 @@ "bamarni/composer-bin-plugin": true }, "platform": { - "php": "7.3" + "php": "7.4" } }, "scripts": { @@ -30,7 +30,7 @@ }, "require": { "id4me/id4me-rp": "^1.2", - "firebase/php-jwt": "^5.2", + "firebase/php-jwt": "^6.8.1", "bamarni/composer-bin-plugin": "^1.4" }, "require-dev": { diff --git a/composer.lock b/composer.lock index 09240206..edb383aa 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "eceab4317e87253bab686f61fa020d3e", + "content-hash": "382de2134affed595a28b7d7e45fe397", "packages": [ { "name": "bamarni/composer-bin-plugin", @@ -65,25 +65,31 @@ }, { "name": "firebase/php-jwt", - "version": "v5.5.1", + "version": "v6.8.1", "source": { "type": "git", "url": "https://github.com/firebase/php-jwt.git", - "reference": "83b609028194aa042ea33b5af2d41a7427de80e6" + "reference": "5dbc8959427416b8ee09a100d7a8588c00fb2e26" }, "dist": { "type": "zip", - "url": "https://github.com/gitapi/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6", - "reference": "83b609028194aa042ea33b5af2d41a7427de80e6", + "url": "https://github.com/gitapi/repos/firebase/php-jwt/zipball/5dbc8959427416b8ee09a100d7a8588c00fb2e26", + "reference": "5dbc8959427416b8ee09a100d7a8588c00fb2e26", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": "^7.4||^8.0" }, "require-dev": { - "phpunit/phpunit": ">=4.8 <=9" + "guzzlehttp/guzzle": "^6.5||^7.4", + "phpspec/prophecy-phpunit": "^2.0", + "phpunit/phpunit": "^9.5", + "psr/cache": "^1.0||^2.0", + "psr/http-client": "^1.0", + "psr/http-factory": "^1.0" }, "suggest": { + "ext-sodium": "Support EdDSA (Ed25519) signatures", "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present" }, "type": "library", @@ -116,9 +122,9 @@ ], "support": { "issues": "https://github.com/firebase/php-jwt/issues", - "source": "https://github.com/firebase/php-jwt/tree/v5.5.1" + "source": "https://github.com/firebase/php-jwt/tree/v6.8.1" }, - "time": "2021-11-08T20:18:51+00:00" + "time": "2023-07-14T18:33:00+00:00" }, { "name": "id4me/id4me-rp", @@ -4103,7 +4109,7 @@ "platform": [], "platform-dev": [], "platform-overrides": { - "php": "7.3" + "php": "7.4" }, "plugin-api-version": "2.3.0" } diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index 4b98ceb3..b2db72ff 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -416,7 +416,7 @@ public function code(string $state = '', string $code = '', string $scope = '', $idTokenRaw = $data['id_token']; $jwks = $this->discoveryService->obtainJWK($provider); JWT::$leeway = 60; - $idTokenPayload = JWT::decode($idTokenRaw, $jwks, array_keys(JWT::$supported_algs)); + $idTokenPayload = JWT::decode($idTokenRaw, $jwks); $this->logger->debug('Parsed the JWT payload: ' . json_encode($idTokenPayload, JSON_THROW_ON_ERROR)); @@ -617,7 +617,7 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok // decrypt the logout token $jwks = $this->discoveryService->obtainJWK($provider); JWT::$leeway = 60; - $logoutTokenPayload = JWT::decode($logout_token, $jwks, array_keys(JWT::$supported_algs)); + $logoutTokenPayload = JWT::decode($logout_token, $jwks); $this->logger->debug('Parsed the logout JWT payload: ' . json_encode($logoutTokenPayload, JSON_THROW_ON_ERROR)); diff --git a/lib/User/Provisioning/SelfEncodedTokenProvisioning.php b/lib/User/Provisioning/SelfEncodedTokenProvisioning.php index f66c88e9..6aa7324b 100644 --- a/lib/User/Provisioning/SelfEncodedTokenProvisioning.php +++ b/lib/User/Provisioning/SelfEncodedTokenProvisioning.php @@ -30,7 +30,7 @@ public function __construct(ProvisioningService $provisioningService, DiscoveryS public function provisionUser(Provider $provider, string $tokenUserId, string $bearerToken): ?IUser { JWT::$leeway = 60; try { - $payload = JWT::decode($bearerToken, $this->discoveryService->obtainJWK($provider), array_keys(JWT::$supported_algs)); + $payload = JWT::decode($bearerToken, $this->discoveryService->obtainJWK($provider)); } catch (Throwable $e) { $this->logger->error('Impossible to decode OIDC token:' . $e->getMessage()); return null; diff --git a/lib/User/Validator/SelfEncodedValidator.php b/lib/User/Validator/SelfEncodedValidator.php index 108fa70b..5c02ace1 100644 --- a/lib/User/Validator/SelfEncodedValidator.php +++ b/lib/User/Validator/SelfEncodedValidator.php @@ -57,7 +57,7 @@ public function isValidBearerToken(Provider $provider, string $bearerToken): ?st // try to decode the bearer token JWT::$leeway = 60; try { - $payload = JWT::decode($bearerToken, $this->discoveryService->obtainJWK($provider), array_keys(JWT::$supported_algs)); + $payload = JWT::decode($bearerToken, $this->discoveryService->obtainJWK($provider)); } catch (Throwable $e) { $this->logger->error('Impossible to decode OIDC token:' . $e->getMessage()); return null;