upgrade auth0 to 8.3 - last version that works on php 7.1 and php 8.0

cultuurnet · Mar 21, 2024 · d42ed31 · d42ed31
1 parent 508a3f2
commit d42ed31
Show file tree

Hide file tree

Showing 11 changed files with 71 additions and 90 deletions.
diff --git a/app/ActionServiceProvider.php b/app/ActionServiceProvider.php
@@ -16,28 +16,23 @@
 use CultuurNet\UDB3\JwtProvider\Domain\Action\RequestToken;
 use CultuurNet\UDB3\JwtProvider\Domain\Factory\ResponseFactoryInterface;
 use CultuurNet\UDB3\JwtProvider\Domain\Repository\ClientInformationRepositoryInterface;
-use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractClientInformationFromRequest;
-use CultuurNet\UDB3\JwtProvider\Domain\Service\LoginServiceInterface;
 use CultuurNet\UDB3\JwtProvider\Domain\Service\GenerateAuthorizedDestinationUrl;
+use CultuurNet\UDB3\JwtProvider\Domain\Service\LoginServiceInterface;
 use CultuurNet\UDB3\JwtProvider\Domain\Service\LogOutServiceInterface;
 use CultuurNet\UDB3\JwtProvider\Domain\Service\RefreshServiceInterface;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Factory\SlimResponseFactory;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Repository\SessionClientInformation;
+use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractClientInformationFromRequest;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractLocaleFromRequest;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\IsAllowedRefreshToken;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LoginAuth0Adapter;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LogOutAuth0Adapter;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\RefreshAuth0Adapter;
-use Firebase\JWT\JWT;
 use GuzzleHttp\Client;
 use Slim\Psr7\Factory\UriFactory;
 
 final class ActionServiceProvider extends BaseServiceProvider
 {
-    // @see https://community.auth0.com/t/help-with-leeway-setting-using-auth0-php/14657
-    // @see https://community.auth0.com/t/help-with-leeway-setting-using-auth0-php/14657/7
-    private const JWT_IAT_LEEWAY = 30;
-
     /**
      * @var string[]
      */
@@ -113,9 +108,12 @@ function () {
                 return new LogOutAuth0Adapter(
                     $this->get(Auth0::class),
                     new Authentication(
-                        $this->parameter('auth0.domain'),
-                        $this->parameter('auth0.client_id'),
-                        $this->parameter('auth0.client_secret')
+                        [
+                            'domain' => $this->parameter('auth0.domain'),
+                            'clientId' => $this->parameter('auth0.client_id'),
+                            'clientSecret' => $this->parameter('auth0.client_secret'),
+                            'cookieSecret' => $this->parameter('auth0.cookie_secret'),
+                        ]
                     ),
                     $this->get(ResponseFactoryInterface::class),
                     new UriFactory(),
@@ -156,16 +154,17 @@ function () {
         $this->addShared(
             Auth0::class,
             function () {
-                JWT::$leeway = self::JWT_IAT_LEEWAY;
                 return new Auth0(
                     [
                         'domain' => $this->parameter('auth0.domain'),
-                        'client_id' => $this->parameter('auth0.client_id'),
-                        'client_secret' => $this->parameter('auth0.client_secret'),
-                        'redirect_uri' => $this->parameter('auth0.redirect_uri'),
-                        'scope' => 'openid email profile offline_access',
-                        'persist_id_token' => true,
-                        'persist_refresh_token' => true,
+                        'clientId' => $this->parameter('auth0.client_id'),
+                        'clientSecret' => $this->parameter('auth0.client_secret'),
+                        'redirectUri' => $this->parameter('auth0.redirect_uri'),
+                        'scope' => ['openid','email','profile','offline_access'],
+                        'persistIdToken' => true,
+                        'persistRefreshToken' => true,
+                        'tokenLeeway' => $this->parameter('auth0.id_token_leeway'),
+                        'cookieSecret' => $this->parameter('auth0.cookie_secret'),
                     ]
                 );
             }
@@ -176,7 +175,7 @@ function () {
             function () {
                 return new IsAllowedRefreshToken(
                     $this->get(ConsumerReadRepositoryInterface::class),
-                    (string) $this->parameter('auth0.allowed_refresh_permission')
+                    (string)$this->parameter('auth0.allowed_refresh_permission')
                 );
             }
         );

diff --git a/src/Domain/Action/Authorize.php b/src/Domain/Action/Authorize.php
@@ -13,25 +13,10 @@
 
 final class Authorize
 {
-    /**
-     * @var LoginServiceInterface
-     */
-    private $authService;
-
-    /**
-     * @var GenerateAuthorizedDestinationUrl
-     */
-    private $generateAuthorizedDestinationUrl;
-
-    /**
-     * @var ResponseFactoryInterface
-     */
-    private $responseFactory;
-
-    /**
-     * @var ClientInformationRepositoryInterface
-     */
-    private $clientInformationRepository;
+    private LoginServiceInterface $authService;
+    private GenerateAuthorizedDestinationUrl $generateAuthorizedDestinationUrl;
+    private ResponseFactoryInterface $responseFactory;
+    private ClientInformationRepositoryInterface $clientInformationRepository;
 
     public function __construct(
         LoginServiceInterface $authService,

diff --git a/src/Infrastructure/Service/LogOutAuth0Adapter.php b/src/Infrastructure/Service/LogOutAuth0Adapter.php
@@ -4,8 +4,8 @@
 
 namespace CultuurNet\UDB3\JwtProvider\Infrastructure\Service;
 
-use Auth0\SDK\API\Authentication;
-use Auth0\SDK\Auth0;
+use Auth0\SDK\Contract\API\AuthenticationInterface;
+use Auth0\SDK\Contract\Auth0Interface;
 use CultuurNet\UDB3\JwtProvider\Domain\Factory\ResponseFactoryInterface;
 use CultuurNet\UDB3\JwtProvider\Domain\Service\LogOutServiceInterface;
 use Psr\Http\Message\ResponseInterface;
@@ -30,12 +30,12 @@ final class LogOutAuth0Adapter implements LogOutServiceInterface
     private $logOutUri;
 
     /**
-     * @var Authentication
+     * @var AuthenticationInterface
      */
     private $authentication;
 
     /**
-     * @var Auth0
+     * @var Auth0Interface
      */
     private $auth0;
 
@@ -46,8 +46,8 @@ final class LogOutAuth0Adapter implements LogOutServiceInterface
 
 
     public function __construct(
-        Auth0 $auth0,
-        Authentication $authentication,
+        Auth0Interface $auth0,
+        AuthenticationInterface $authentication,
         ResponseFactoryInterface $responseFactory,
         UriFactoryInterface $uriFactory,
         string $logOutUri,
@@ -69,7 +69,7 @@ public function logout(): ?ResponseInterface
 
     private function generateAuth0LogoutUri(): UriInterface
     {
-        $destination = $this->authentication->get_logout_link($this->logOutUri, $this->clientId);
+        $destination = $this->authentication->getLogoutLink($this->logOutUri, ['clientId' => $this->clientId]);
         return $this->uriFactory->createUri($destination);
     }
 }
diff --git a/src/Infrastructure/Service/LoginAuth0Adapter.php b/src/Infrastructure/Service/LoginAuth0Adapter.php
@@ -4,22 +4,23 @@
 
 namespace CultuurNet\UDB3\JwtProvider\Infrastructure\Service;
 
-use Auth0\SDK\Auth0;
-use Auth0\SDK\Exception\ApiException;
-use Auth0\SDK\Exception\CoreException;
+use Auth0\SDK\Contract\Auth0Interface;
+use Auth0\SDK\Exception\NetworkException;
+use Auth0\SDK\Exception\StateException;
 use CultuurNet\UDB3\JwtProvider\Domain\Enum\Locale;
 use CultuurNet\UDB3\JwtProvider\Domain\Exception\UnSuccessfulAuthException;
 use CultuurNet\UDB3\JwtProvider\Domain\Service\LoginServiceInterface;
 use Psr\Http\Message\ResponseInterface;
+use Slim\Psr7\Response;
 
 final class LoginAuth0Adapter implements LoginServiceInterface
 {
     /**
-     * @var Auth0
+     * @var Auth0Interface
      */
     private $auth0;
 
-    public function __construct(Auth0 $auth0)
+    public function __construct(Auth0Interface $auth0)
     {
         $this->auth0 = $auth0;
     }
@@ -32,34 +33,27 @@ public function redirectToLogin(string $locale = Locale::DUTCH): ?ResponseInterf
             'skip_verify_legacy' => 'true',
             'product_display_name' => 'UiTdatabank',
         ];
-        $this->auth0->login(null, null, $parameters);
-        return null;
+        $url = $this->auth0->login(null, $parameters);
+        return (new Response())
+            ->withHeader('Location', $url)
+            ->withStatus(301);
     }
 
-    /**
-     * @throws UnSuccessfulAuthException
-     */
     public function token(): ?string
     {
         try {
+            $this->auth0->exchange();
             return $this->auth0->getIdToken();
-        } catch (ApiException $e) {
-            throw new UnSuccessfulAuthException();
-        } catch (CoreException $e) {
+        } catch (StateException|NetworkException $e) {
             throw new UnSuccessfulAuthException();
         }
     }
 
-    /**
-     * @throws UnSuccessfulAuthException
-     */
     public function refreshToken(): ?string
     {
         try {
             return $this->auth0->getRefreshToken();
-        } catch (ApiException $e) {
-            throw new UnSuccessfulAuthException();
-        } catch (CoreException $e) {
+        } catch (\Exception $e) {
             throw new UnSuccessfulAuthException();
         }
     }

diff --git a/src/Infrastructure/Service/RefreshAuth0Adapter.php b/src/Infrastructure/Service/RefreshAuth0Adapter.php
@@ -7,7 +7,7 @@
 use CultuurNet\UDB3\JwtProvider\Domain\Exception\UnSuccessfulRefreshException;
 use CultuurNet\UDB3\JwtProvider\Domain\Service\RefreshServiceInterface;
 use GuzzleHttp\Client;
-use GuzzleHttp\Exception\ClientException;
+use GuzzleHttp\Exception\GuzzleException;
 
 final class RefreshAuth0Adapter implements RefreshServiceInterface
 {
@@ -44,9 +44,9 @@ public function token(string $refreshToken): string
                     'body' => $this->body($refreshToken),
                 ]
             );
-            $res = json_decode($response->getBody()->getContents(), true);
+            $res = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
             return $res['id_token'];
-        } catch (ClientException $exception) {
+        } catch (\JsonException|GuzzleException $exception) {
             throw new UnSuccessfulRefreshException($exception->getMessage());
         }
     }

diff --git a/tests/Domain/Action/AuthorizeTest.php b/tests/Domain/Action/AuthorizeTest.php
@@ -40,7 +40,7 @@ public function it_returns_response_with_authorized_url_for_successful_authoriza
 
         $response = $authorizeAction->__invoke();
 
-        $this->assertEquals('http://foo-bar.com/?jwt=token&refresh=refresh', $response->getHeaderLine('Location'));
+        $this->assertEquals('http://foo-bar.com?jwt=token&refresh=refresh', $response->getHeaderLine('Location'));
     }
 
     private function aClientInformation(): ClientInformation

diff --git a/tests/Domain/Action/LogOutTest.php b/tests/Domain/Action/LogOutTest.php
@@ -32,7 +32,7 @@ public function it_redirects_user_back_to_destination(): void
         );
         $response = $logOutAction->__invoke();
 
-        $this->assertEquals('http://foo-bar.com/', $response->getHeaderLine('Location'));
+        $this->assertEquals('http://foo-bar.com', $response->getHeaderLine('Location'));
     }
 
     /**

diff --git a/tests/Domain/Service/GenerateAuthorizedDestinationUrlTest.php b/tests/Domain/Service/GenerateAuthorizedDestinationUrlTest.php
@@ -24,7 +24,7 @@ public function it_appends_token_to_query_params_list(): void
         $generateAuthorizedDestinationUrlTest = new GenerateAuthorizedDestinationUrl();
         $result = $generateAuthorizedDestinationUrlTest->__invoke($destinationUrl, 'token');
 
-        $this->assertEquals('https://bar.com/?query=value&jwt=token', $result->__toString());
+        $this->assertEquals('https://bar.com?query=value&jwt=token', $result->__toString());
     }
 
     /**
@@ -58,6 +58,6 @@ public function it_includes_refresh_token_if_injected(): void
         $generateAuthorizedDestinationUrlTest = new GenerateAuthorizedDestinationUrl();
         $result = $generateAuthorizedDestinationUrlTest->__invoke($destinationUrl, 'token', 'fresh');
 
-        $this->assertEquals('https://bar.com/?query=value&jwt=token&refresh=fresh', $result->__toString());
+        $this->assertEquals('https://bar.com?query=value&jwt=token&refresh=fresh', $result->__toString());
     }
 }
diff --git a/tests/Infrastructure/Factory/SlimResponseFactoryTest.php b/tests/Infrastructure/Factory/SlimResponseFactoryTest.php
@@ -17,10 +17,10 @@ final class SlimResponseFactoryTest extends TestCase
     public function it_creates_redirect_response_for_url(): void
     {
         $factory = new SlimResponseFactory();
-        $url = (new UriFactory())->createUri('http://foo-bar.com/');
+        $url = (new UriFactory())->createUri('http://foo-bar.com');
         $response = $factory->redirectTo($url);
         $this->assertEquals(StatusCodeInterface::STATUS_MOVED_PERMANENTLY, $response->getStatusCode());
         $this->assertTrue($response instanceof Response);
-        $this->assertEquals('http://foo-bar.com/', $response->getHeaderLine('Location'));
+        $this->assertEquals('http://foo-bar.com', $response->getHeaderLine('Location'));
     }
 }
diff --git a/tests/Infrastructure/Service/LogOutAuth0AdapterTest.php b/tests/Infrastructure/Service/LogOutAuth0AdapterTest.php
@@ -4,8 +4,8 @@
 
 namespace CultuurNet\UDB3\JwtProvider\Infrastructure\Service;
 
-use Auth0\SDK\API\Authentication;
-use Auth0\SDK\Auth0;
+use Auth0\SDK\Contract\API\AuthenticationInterface;
+use Auth0\SDK\Contract\Auth0Interface;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Factory\SlimResponseFactory;
 use Fig\Http\Message\StatusCodeInterface;
 use PHPUnit\Framework\TestCase;
@@ -21,18 +21,21 @@ final class LogOutAuth0AdapterTest extends TestCase
      */
     public function it_logs_out_user(): void
     {
-        $auth0 = $this->prophesize(Auth0::class);
-        $authentication = $this->prophesize(Authentication::class);
-        $auth0LogOutUri = 'https://auth0/logout?destinationTo=http://foo-bar.com/';
+        $auth0 = $this->prophesize(Auth0Interface::class);
+        $authentication = $this->prophesize(AuthenticationInterface::class);
+        $auth0LogOutUri = 'https://auth0/logout?destinationTo=http://foo-bar.com';
+        $auth0->logout()->willReturn('http://foo-bar.com');
+        ;
 
-        $authentication->get_logout_link('http://foo-bar.com/', 'client-id')->willReturn($auth0LogOutUri);
+
+        $authentication->getLogoutLink('http://foo-bar.com', ['clientId' => 'client-id'])->willReturn($auth0LogOutUri);
 
         $auth0adapter = new LogOutAuth0Adapter(
             $auth0->reveal(),
             $authentication->reveal(),
             new SlimResponseFactory(),
             new UriFactory(),
-            'http://foo-bar.com/',
+            'http://foo-bar.com',
             'client-id'
         );
-Original file line number
+Diff line change
@@ Expand Up / @@ -32,7 +32,7 @@ public function it_redirects_user_back_to_destination(): void @@
             );
             $response = $logOutAction->__invoke();
-            $this->assertEquals('http://foo-bar.com/', $response->getHeaderLine('Location'));
+            $this->assertEquals('http://foo-bar.com', $response->getHeaderLine('Location'));
         }
         /**
@@ Expand Down @@