Merge branch 'release/4.0.0'

Author: turegjorup

.github/workflows/github_build_release.yml

@@ -0,0 +1,25 @@
+on:
+  push:
+    tags:
+      - '*.*.*'
+
+name: Create Github Release
+
+permissions:
+  contents: write
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    env:
+      COMPOSER_ALLOW_SUPERUSER: 1
+      APP_ENV: prod
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Create a release in GitHub
+        run: gh release create ${{ github.ref_name }} --verify-tag --generate-notes
+        env:
+          GITHUB_TOKEN: ${{ github.TOKEN }}
+        shell: bash

.github/workflows/pr.yaml

@@ -3,15 +3,15 @@ name: Test & Code Style Review
 jobs:
 
   test-composer-install:
-    name: Validate composer (${{ matrix.php}}) / (${{ matrix.dependency-version}})
+    name: Validate composer (${{ matrix.php}}) / (${{ matrix.prefer}})
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        php: [ '8.1', '8.2' ]
-        dependency-version: [ prefer-lowest, prefer-stable ]
+        php: [ '8.3', '8.4' ]
+        prefer: [ prefer-lowest, prefer-stable ]
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
 
       - name: Setup PHP, with composer and extensions
         uses: shivammathur/setup-php@v2
@@ -21,32 +21,34 @@ jobs:
 
       - name: Get composer cache directory
         id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}-
-          restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}-
+          key: ${{ runner.os }}-${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-${{ matrix.php }}-composer-${{ matrix.prefer }}-
 
       - name: Validate composer files
         run: composer validate composer.json --strict
 
       - name: Install dependencies
         run: |
-          composer update --${{ matrix.dependency-version }} --prefer-dist --no-interaction
+          composer update --${{ matrix.prefer }} --prefer-dist --no-interaction
 
   unit-tests:
-    name: Unit tests (${{ matrix.php}}) / (${{ matrix.dependency-version}})
+    name: Unit tests (${{ matrix.php}}) / (${{ matrix.prefer}})
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        php: [ '8.1', '8.2' ]
-        dependency-version: [ prefer-lowest, prefer-stable ]
+        php: [ '8.3', '8.4' ]
+        prefer: [ prefer-lowest, prefer-stable ]
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
 
       - name: Setup PHP, with composer and extensions
         uses: shivammathur/setup-php@v2
@@ -56,24 +58,24 @@ jobs:
 
       - name: Get composer cache directory
         id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}-
-          restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}-
+          key: ${{ runner.os }}-${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-${{ matrix.php }}-composer-${{ matrix.prefer }}-
 
       - name: Install dependencies
         run: |
-          composer update --${{ matrix.dependency-version }} --prefer-dist --no-interaction
+          composer update --${{ matrix.prefer }} --prefer-dist --no-interaction
 
       - name: Unit tests
         run: ./vendor/bin/phpunit --coverage-clover=coverage/unit.xml
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./coverage/unit.xml
@@ -82,69 +84,83 @@ jobs:
           flags: unittests
 
   phpcsfixer:
+    name: Coding style (${{ matrix.php }})
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        php: [ '8.1' ]
-    name: Coding style (${{ matrix.php }})
+        php: [ '8.3' ]
+        prefer: [ prefer-stable ]
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
 
       - name: Setup PHP, with composer and extensions
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php}}
-          extensions: ctype, iconv, imagick, json, redis, soap, xmlreader, zip
           coverage: none
+          tools: cs2pr, phpcs
 
       - name: Get composer cache directory
         id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}-
-          restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}-
+          key: ${{ runner.os }}-${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-${{ matrix.php }}-composer-${{ matrix.prefer }}-
 
-      - name: Install Dependencies
-        run: composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist
-
-      - name: PHP CS Fixer
-        run: composer coding-standards-check
+      - name: Install dependencies
+        run: composer update --prefer-stable --prefer-dist --no-interaction
 
-  psalm:
+  phpstan:
+    name: PHPStan (${{ matrix.php }})
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        php: [ '8.1' ]
-    name: Psalm static analysis (${{ matrix.php}})
+        php: [ '8.3' ]
+        prefer: [ prefer-stable ]
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
 
       - name: Setup PHP, with composer and extensions
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php}}
-          extensions: ctype, iconv, imagick, json, redis, soap, xmlreader, zip
           coverage: none
+          tools: cs2pr, phpcs
 
       - name: Get composer cache directory
         id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}-${{ matrix.dependency-version }}-
-          restore-keys: ${{ runner.os }}-composer-${{ matrix.dependency-version }}-
+          key: ${{ runner.os }}-${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-${{ matrix.php }}-composer-${{ matrix.prefer }}-
+
+      - name: Install dependencies
+        run: composer update --prefer-stable --prefer-dist --no-interaction
+
+      - name: Run PHPStan
+        run: ./vendor/bin/phpstan
+
+  changelog:
+    runs-on: ubuntu-latest
+    name: Changelog should be updated
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
 
-      - name: Install Dependencies
-        run: composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist
+      - name: Git fetch
+        run: git fetch
 
-      - name: Psalm
-        run: ./vendor/bin/psalm
+      - name: Check that changelog has been updated.
+        run: git diff --exit-code origin/${{ github.base_ref }} -- CHANGELOG.md && exit 1 || exit 0

.gitignore

@@ -16,3 +16,4 @@ build
 var
 .phpcs-cache
 .php-cs-fixer.cache
+.phpunit.cache

CHANGELOG.md

@@ -5,7 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html)
 
-## [Unreleased]
+## [4.0.0] - 2025-01-13
+- Remove support for PHP 8.1 and 8.2 (BC)
+- Remove support for Symfony versions lower than 6.4 (BC)
+- Bump dependency requirements
 
 ## [3.1.0] - 2023-08-03
 

README.md

@@ -10,6 +10,18 @@
 
 Symfony bundle for authorization via OpenID Connect.
 
+## Note: Symfony Native OIDC Support
+
+Since theis bundle was created Symfony has added [support for OpenID Connect](https://symfony.com/blog/new-in-symfony-6-3-openid-connect-token-handler)
+as documented in ["Using OpenID Connect (OIDC)"](https://symfony.com/doc/current/security/access_token.html#using-openid-connect-oidc)
+
+As of Symfony 7.2 (jan. 2025) it seems this still a work in progress: 
+* [OIDC discovery](https://github.com/symfony/symfony/pull/54932) is not yet implemented making config a bit cumbersome. 
+* It's not obvious how to implement support for multiple providers, although it may be possible using [Multiple Authenticators](https://symfony.com/doc/current/security/entry_point.html#multiple-authenticators-with-separate-entry-points)
+
+Until these issues are resolved this bundle cannot be fully replaced by the native features. 
+
+
 ## Installation
 
 To install run

composer.json

@@ -14,26 +14,26 @@
         }
     ],
     "require": {
-        "php": "^8.1",
+        "php": "^8.3",
         "ext-json": "*",
         "ext-openssl": "*",
-        "doctrine/orm": "^2.8",
-        "itk-dev/openid-connect": "^3.1",
-        "symfony/cache": "^5.4|^6.0",
-        "symfony/framework-bundle": "^5.4|^6.0",
-        "symfony/security-bundle": "^5.4|^6.0",
-        "symfony/uid": "^5.4|^6.0",
-        "symfony/yaml": "^5.4|^6.0"
+        "doctrine/orm": "^2.8|3.0",
+        "itk-dev/openid-connect": "^4.0",
+        "symfony/cache": "^6.4|^7.0",
+        "symfony/framework-bundle": "^6.4.13|^7.0",
+        "symfony/security-bundle": "^6.4.13|^7.0",
+        "symfony/uid": "^6.4|^7.0",
+        "symfony/yaml": "^6.4|^7.0"
     },
     "require-dev": {
         "ergebnis/composer-normalize": "^2.28",
         "escapestudios/symfony2-coding-standard": "^3.12",
         "friendsofphp/php-cs-fixer": "^3.11",
         "kubawerlos/php-cs-fixer-custom-fixers": "^3.11",
-        "phpunit/phpunit": "^9.5",
-        "psalm/plugin-symfony": "^5.0",
-        "rector/rector": "^0.14.2",
-        "vimeo/psalm": "^5.0"
+        "phpstan/phpstan": "^2.1",
+        "phpunit/phpunit": "^11.0",
+        "rector/rector": "^2.0",
+        "symfony/runtime": "^6.4.13|^7.0"
     },
     "autoload": {
         "psr-4": {
@@ -47,7 +47,8 @@
     },
     "config": {
         "allow-plugins": {
-            "ergebnis/composer-normalize": true
+            "ergebnis/composer-normalize": true,
+            "symfony/runtime": true
         },
         "sort-packages": true
     },
@@ -58,6 +59,6 @@
         "coding-standards-check": [
             "./vendor/bin/php-cs-fixer fix --dry-run --format=checkstyle"
         ],
-        "test": "./vendor/bin/phpunit"
+        "test": "XDEBUG_MODE=coverage ./vendor/bin/phpunit"
     }
 }

docker-compose.yml

@@ -1,15 +1,16 @@
-# itk-version: 1.0.0
-
-version: "3"
+# itk-version: 3.2.1
 
 services:
   phpfpm:
-    image: itkdev/php8.1-fpm:latest
+    image: itkdev/php8.3-fpm:latest
     environment:
-      - XDEBUG_MODE=${XDEBUG_MODE:-off}
-      - XDEBUG_SESSION=${XDEBUG_SESSION:-0}
-      - COMPOSER_VERSION=2
+      - PHP_XDEBUG_MODE=${PHP_XDEBUG_MODE:-off}
+      - PHP_MAX_EXECUTION_TIME=30
+      - PHP_MEMORY_LIMIT=256M
+      # Depending on the setup, you may have to remove --read-envelope-from from msmtp (cf. https://marlam.de/msmtp/msmtp.html) or use SMTP to send mail
+      - PHP_SENDMAIL_PATH=/usr/bin/msmtp --host=mail --port=1025 --read-recipients --read-envelope-from
       - DOCKER_HOST_DOMAIN=${COMPOSE_DOMAIN}
+      - COMPOSER_VERSION=2
       - PHP_IDE_CONFIG=serverName=localhost
     volumes:
-      - .:/app:delegated
+      - .:/app

phpstan.neon

@@ -0,0 +1,21 @@
+parameters:
+	level: 8
+	paths:
+		- src
+	ignoreErrors:
+		-
+			message: '#^Call to an undefined method Symfony\\Component\\Config\\Definition\\Builder\\NodeDefinition\:\:children\(\)\.$#'
+			identifier: method.notFound
+			path: src/DependencyInjection/Configuration.php
+		-
+			message: '#^Method ItkDev\\OpenIdConnectBundle\\Security\\OpenIdConfigurationProviderManager\:\:__construct\(\) has parameter \$config with no value type specified in iterable type array\.$#'
+			identifier: missingType.iterableValue
+			path: src/Security/OpenIdConfigurationProviderManager.php
+		-
+			message: '#^Method ItkDev\\OpenIdConnectBundle\\Security\\OpenIdConfigurationProviderManager\:\:getProviderKeys\(\) should return array\<string\> but returns list\<int\|string\>\.$#'
+			identifier: return.type
+			path: src/Security/OpenIdConfigurationProviderManager.php
+		-
+			message: '#^Method ItkDev\\OpenIdConnectBundle\\Command\\UserLoginCommand\:\:__construct\(\) has parameter \$userProvider with generic interface Symfony\\Component\\Security\\Core\\User\\UserProviderInterface but does not specify its types\: TUser$#'
+			identifier: missingType.generics
+			path: src/Command/UserLoginCommand.php

phpunit.xml.dist

@@ -1,9 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/autoload.php" backupGlobals="false" backupStaticAttributes="false" colors="true" verbose="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" processIsolation="false" stopOnFailure="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/autoload.php" backupGlobals="false" colors="true" processIsolation="false" stopOnFailure="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/11.5/phpunit.xsd" cacheDirectory=".phpunit.cache" backupStaticProperties="false">
   <coverage>
-    <include>
-      <directory suffix=".php">src/</directory>
-    </include>
     <report>
       <clover outputFile="build/logs/clover.xml"/>
       <html outputDirectory="build/coverage"/>
@@ -18,4 +15,9 @@
   <logging>
     <junit outputFile="build/report.junit.xml"/>
   </logging>
+  <source>
+    <include>
+      <directory suffix=".php">src/</directory>
+    </include>
+  </source>
 </phpunit>