Fix fatal error when firebase/php-jwt library is 'replaced' in composer

[mattwire]

Overview

#28055 updates recommended php-jwt to 6.x and handles a signature change on JWT::decode (old version 3 parameters, new version 2 parameters).
The problem is that the composer version check doesn't work if an extension also uses php-jwt (eg. https://github.com/mjwconsult/nz.co.fuzion.civixero/blob/mjw/composer.json#L7) because the check returns version = 0.

This PR performs a more direct check of the function to see if it actually is defined with 2 or 3 parameters which should never fail and is independent of the actual version.

Before

Crash due to library conflicts if firebase/php-jwt is required in more than one place.

After

No crash, breaking changes are inspected and handled.

Technical Details

#28055 was merged in 5.69 so this is a potencial issue from that version.

Comments

[civibot]

🤖 Thank you for contributing to CiviCRM! ❤️ We will need to test and review this PR. 👷

Introduction for new contributors...

• If this is your first PR, an admin will greenlight automated testing with the command ok to test or add to whitelist.
• A series of tests will automatically run. You can see the results at the bottom of this page (if there are any problems, it will include a link to see what went wrong).
• A demo site will be built where anyone can try out a version of CiviCRM that includes your changes.
• If this process needs to be repeated, an admin will issue the command test this please to rerun tests and build a new demo site.
• Before this PR can be merged, it needs to be reviewed. Please keep in mind that reviewers are volunteers, and their response time can vary from a few hours to a few weeks depending on their availability and their knowledge of this particular part of CiviCRM.
• A great way to speed up this process is to "trade reviews" with someone - find an open PR that you feel able to review, and leave a comment like "I'm reviewing this now, could you please review mine?" (include a link to yours). You don't have to wait for a response to get started (and you don't have to stop at one!) the more you review, the faster this process goes for everyone 😄
• To ensure that you are credited properly in the final release notes, please add yourself to contributor-key.yml
• For more information about contributing, see CONTRIBUTING.md.

Quick links for reviewers...

• ➡️ PR Demo site (can be rebuilt with the command test this please).
• 📖 Review standards
• 🗒️ Review template (brief or verbose)

➡️ Online demo of this PR 🔗

[totten]

Approach sounds reasonable to me.

For target branch, I think it's fair game for master or 5.70 or 5.69. It's kind of a grey area. (It relates to recent change; the scenario is sorta weird from core-maint pov; the patch itself looks clean/small and feels fairly safe.) Personally, I'd probably go for 5.70-rc fix. But if @mattwire has strong preference for master or 5.70+5.69, then do that.

[mattwire]

I'm happy with 5.70

[mattwire]

Rebased for 5.70

[totten]

Well, this conditional distinguishes Firbase JWT v5.x from v6.0 -- but then it misinterprets v6.6+.

So if your build has v6.6 (as in the D9 E2E tests), then it misfires and gives it the v5.x data:

Error: Cannot pass parameter 3 by reference in Civi\Crypto\CryptoJwt->decode() (line 92 of /Users/totten/bknix/build/build-0/vendor/civicrm/civicrm-core/Civi/Crypto/CryptoJwt.php)

#0 /Users/totten/bknix/build/build-0/vendor/civicrm/civicrm-core/ext/authx/Civi/Authx/CheckCredential.php(96): Civi\Crypto\CryptoJwt->decode('')
#1 [internal function]: Civi\Authx\CheckCredential->bearerJwt(Object(Civi\Authx\CheckCredentialEvent), 'civi.authx.chec...', Object(Civi\Core\UnoptimizedEventDispatcher))