Skip to content

Commit a4fcfac

Browse files
turegjorupclaude
andcommitted
Rework exception hierarchy onto marker interfaces (5.0, BREAKING)
Every exception thrown from a public method now implements OpenIdConnectBundleExceptionInterface, which extends the upstream library marker OpenIdConnectExceptionInterface. Concrete exceptions extend the SPL type that best fits the failure category and no longer extend the abstract ItkOpenIdConnectBundleException (kept as a deprecated alias for 5.x). A consumer can now catch every OIDC failure from both packages with a single catch (OpenIdConnectExceptionInterface), or scope to the bundle with OpenIdConnectBundleExceptionInterface. - Bump itk-dev/openid-connect to ^5.0 for the matching upstream contract. - Widen @throws / catch types in the authenticator, manager, controller and CLI helper onto the marker interface; preserve the $previous chain. - Add ExceptionHierarchyTest locking marker inheritance, SPL parents and cross-package catch. BREAKING: catch (ItkOpenIdConnectBundleException) no longer matches any concrete thrown by the bundle. Catch OpenIdConnectBundleExceptionInterface. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent dbab86d commit a4fcfac

18 files changed

Lines changed: 226 additions & 26 deletions

.gitignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,7 @@ var
1818
.php-cs-fixer.cache
1919
.phpunit.cache
2020
unit.xml
21+
22+
# Local Claude Code working files (not part of the published package)
23+
/CLAUDE.md
24+
/EXCEPTION-CONTRACT-MIGRATION.md

.markdownlintignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,7 @@ web/*.md
1010
web/core/
1111
web/libraries/
1212
web/*/contrib/
13+
# Claude Code guidance — verbose narrative prose, intentionally long lines.
14+
CLAUDE.md
15+
# Planning artefact — superseded once 5.0 ships.
16+
EXCEPTION-CONTRACT-MIGRATION.md

CHANGELOG.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,46 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
### Changed (BREAKING)
11+
12+
- **Exception hierarchy reworked.** Every exception thrown from a public
13+
method now implements `OpenIdConnectBundleExceptionInterface` (which
14+
extends `\ItkDev\OpenIdConnect\Exception\OpenIdConnectExceptionInterface`
15+
from the upstream library). Concrete exceptions now extend the SPL type
16+
that best describes the failure category (`\RuntimeException`,
17+
`\InvalidArgumentException`); they no longer extend
18+
`ItkOpenIdConnectBundleException`. Consumers catching the abstract base
19+
must migrate to `OpenIdConnectBundleExceptionInterface` — the abstract
20+
class is kept for this release as a documented alias and is
21+
`@deprecated`, but `catch (ItkOpenIdConnectBundleException $e)` blocks
22+
will no longer match any concrete thrown by the bundle.
23+
- Bumped `itk-dev/openid-connect` requirement to `^5.0` for the matching
24+
upstream contract.
25+
- `OpenIdLoginAuthenticator::validateClaims` now catches on the marker
26+
interface (`OpenIdConnectExceptionInterface`) instead of the deprecated
27+
upstream abstract. The `$previous`-chain behaviour is preserved.
28+
- `LoginController::login` catches on the marker interface before mapping
29+
to `ServiceUnavailableHttpException`. No consumer-visible behaviour
30+
change.
31+
32+
### Added
33+
34+
- `ItkDev\OpenIdConnectBundle\Exception\OpenIdConnectBundleExceptionInterface`
35+
marker for catching all bundle-thrown OIDC failures.
36+
1037
### Changed
1138

1239
- Hardened static analysis. PHPStan now analyses `tests/` in addition to
1340
`src/`, runs the strict, deprecation, PHPUnit and Symfony rule packs, and
1441
requires a comment on every ignore (`reportIgnoresWithoutComments`). Pinned
1542
`phpstan/phpstan` to `^2.1.41`. No public-API or behavioural change.
1643

44+
### Deprecated
45+
46+
- `ItkDev\OpenIdConnectBundle\Exception\ItkOpenIdConnectBundleException`
47+
abstract class (catch `OpenIdConnectBundleExceptionInterface` instead).
48+
Will be removed in 6.0.
49+
1750
## [4.2.0] - 2026-05-11
1851

1952
### Added

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"ext-json": "*",
1919
"ext-openssl": "*",
2020
"doctrine/orm": "^2.8 || ^3.0",
21-
"itk-dev/openid-connect": "^4.0",
21+
"itk-dev/openid-connect": "^5.0",
2222
"symfony/cache": "^6.4 || ^7.0 || ^8.0",
2323
"symfony/framework-bundle": "^6.4.13 || ^7.0 || ^8.0",
2424
"symfony/security-bundle": "^6.4.13 || ^7.0 || ^8.0",

src/Controller/LoginController.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
namespace ItkDev\OpenIdConnectBundle\Controller;
44

5-
use ItkDev\OpenIdConnect\Exception\ItkOpenIdConnectException;
5+
use ItkDev\OpenIdConnect\Exception\OpenIdConnectExceptionInterface;
66
use ItkDev\OpenIdConnectBundle\Exception\InvalidProviderException;
77
use ItkDev\OpenIdConnectBundle\Security\OpenIdConfigurationProviderManager;
88
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -27,7 +27,7 @@ public function __construct(
2727
*
2828
* @throws NotFoundHttpException Provider key not configured (404)
2929
* @throws ServiceUnavailableHttpException IdP unreachable, returned a non-200, served malformed JSON, or local cache failed (503)
30-
* @throws ItkOpenIdConnectException Other provider-init failures (e.g. BadUrlException for a misconfigured metadata_url) — server-side configuration bugs that intentionally bubble as 500
30+
* @throws OpenIdConnectExceptionInterface Other provider-init failures (e.g. BadUrlException for a misconfigured metadata_url) — server-side configuration bugs that intentionally bubble as 500
3131
* @throws \InvalidArgumentException Declared by league\AbstractProvider::getAuthorizationUrl for missing scope/state. Unreachable in this flow (state always provided, getDefaultScopes() implemented in upstream OpenIdConfigurationProvider). Bubbles as 500 if it ever fires — programmer error.
3232
*/
3333
public function login(Request $request, SessionInterface $session, string $providerKey): RedirectResponse
@@ -53,7 +53,7 @@ public function login(Request $request, SessionInterface $session, string $provi
5353
'response_type' => 'code',
5454
'scope' => 'openid email profile',
5555
]);
56-
} catch (ItkOpenIdConnectException $e) {
56+
} catch (OpenIdConnectExceptionInterface $e) {
5757
// Building the authorization URL fetches the IdP's discovery
5858
// document. Surface upstream/transport/cache failures as 503 with
5959
// the cause chained, rather than an unhandled 500.

src/Exception/CacheException.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
namespace ItkDev\OpenIdConnectBundle\Exception;
44

5-
class CacheException extends ItkOpenIdConnectBundleException
5+
class CacheException extends \RuntimeException implements OpenIdConnectBundleExceptionInterface
66
{
77
}

src/Exception/InvalidProviderException.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
namespace ItkDev\OpenIdConnectBundle\Exception;
44

5-
class InvalidProviderException extends ItkOpenIdConnectBundleException
5+
class InvalidProviderException extends \InvalidArgumentException implements OpenIdConnectBundleExceptionInterface
66
{
77
}

src/Exception/ItkOpenIdConnectBundleException.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,12 @@
22

33
namespace ItkDev\OpenIdConnectBundle\Exception;
44

5-
abstract class ItkOpenIdConnectBundleException extends \Exception
5+
/**
6+
* @deprecated since 5.0, will be removed in 6.0.
7+
* Catch {@see OpenIdConnectBundleExceptionInterface} instead. Concrete bundle
8+
* exceptions no longer extend this class; they extend the SPL exception that best
9+
* describes the failure category and implement the marker interface.
10+
*/
11+
abstract class ItkOpenIdConnectBundleException extends \Exception implements OpenIdConnectBundleExceptionInterface
612
{
713
}
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
<?php
2+
3+
namespace ItkDev\OpenIdConnectBundle\Exception;
4+
5+
use ItkDev\OpenIdConnect\Exception\OpenIdConnectExceptionInterface;
6+
7+
/**
8+
* Marker interface for every exception thrown from a public method of this bundle.
9+
*
10+
* Extends the upstream library marker so a consumer can catch every OIDC failure
11+
* from both packages with a single `catch (OpenIdConnectExceptionInterface $e)`,
12+
* or scope to bundle-only failures with `catch (OpenIdConnectBundleExceptionInterface $e)`.
13+
*/
14+
interface OpenIdConnectBundleExceptionInterface extends OpenIdConnectExceptionInterface
15+
{
16+
}

src/Exception/TokenNotFoundException.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
namespace ItkDev\OpenIdConnectBundle\Exception;
44

5-
class TokenNotFoundException extends ItkOpenIdConnectBundleException
5+
class TokenNotFoundException extends \RuntimeException implements OpenIdConnectBundleExceptionInterface
66
{
77
}

0 commit comments

Comments
 (0)