Merge branch 'master' into fix-clever-resource-owner

.github/workflows/ci.yaml

@@ -51,7 +51,7 @@ jobs:
         run: composer phpstan
 
   phpunit:
-    name: PHPUnit (PHP ${{ matrix.php }} + ${{ matrix.symfony-version}})
+    name: PHPUnit (PHP ${{ matrix.php }} + ${{ matrix.symfony-version }})
     runs-on: ubuntu-latest
     timeout-minutes: 20
     strategy:
@@ -68,14 +68,12 @@ jobs:
             symfony-version: ^4.4
           - php: '8.0'
             symfony-version: ^5.4
-          - php: '8.0'
-            symfony-version: ^6.0
           - php: '8.1'
             symfony-version: ^4.4
           - php: '8.1'
             symfony-version: ^5.4
           - php: '8.1'
-            symfony-version: ^6.0
+            symfony-version: ^6.1
       fail-fast: false
 
     steps:
@@ -92,21 +90,16 @@ jobs:
           extensions: intl, bcmath, curl, openssl, mbstring
           ini-values: memory_limit=-1
 
-      - name: "Install dependencies with Composer"
-        uses: "ramsey/composer-install@v1"
-        with:
-          path: ${{ steps.composercache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-          restore-keys: ${{ runner.os }}-composer-
-
-      - name: Update Symfony version
-        if: matrix.symfony-version != ''
-        run: composer require --no-update "symfony/framework-bundle:${{ matrix.symfony-version }}"
-
       - name: Update project dependencies
         run: |
-          composer global require --no-progress --no-scripts --no-plugins symfony/flex
-          composer update --no-interaction --no-progress --ansi
+          composer global config --no-plugins allow-plugins.symfony/flex true
+          composer global require symfony/flex --no-progress --no-scripts --no-plugins
+          composer config extra.symfony.require "${{ matrix.symfony-version }}"
+
+      - name: Install dependencies with Composer
+        uses: "ramsey/composer-install@v2"
+        with:
+          custom-cache-key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
 
       - name: Run PHPUnit tests
         env:

.php-cs-fixer.php

@@ -30,6 +30,7 @@
             'allow_mixed' => true,
             'allow_unused_params' => false,
         ],
+        'phpdoc_types_order' => false,
     ))
     ->setRiskyAllowed(true)
     ->setFinder(

CHANGELOG.md

@@ -1,13 +1,21 @@
 Changelog
 =========
-## 2.0.0-BETA2 (202x-xx-xx)
-* Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option `refresh_on_expure` set to `true`
-* Deprecated: configuration parameter `firewall_names`, firewalls are now computed automatically - all firewalls that have defined `oauth` authenticator/provider will be collected. 
-* Added: Ability to automatically refresh expired access tokens (only for derived from `GenericOAuth2ResourceOwner` resource owners), if option `refresh_on_expire` set to `true`.
-* Enhancement: (@internal) Removed/replaced redundant argument `$firewallNames` from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use `$resourceOwnerMapLocator->getFirewallNames()`.
-* Changed config files from `*.xml` to `*.php` (services and routes). Xml routing configs `connect.xml`, `login.xml` and `redirect.xml` are steel present but deprecated. Please use `*.php` variants in your includes instead.
-* Bugfix: RefreshTokenListener can not be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on `kernel.response`. In this case new access token will not be stored in session. Therefore the expired token will be refreshed on each request.
-* Bugfix: Fixed Authorization Header in CleverResourceOwner::doGetRequest.
+## 2.0.0-BETA3 (2022-xx-xx)
+* BC Break: Dropped support for Symfony: ~6.0,
+* BC Break: Class `Templating\Helper\OAuthHelper` was merged into `Twig\Extension\OAuthRuntime`,
+* Deprecated: method `UserResponseInterface::getUsername()` was deprecated in favour of `UserResponseInterface::getUserIdentifier()` to match changes in Symfony Security component,
+* Enhancement: Class `ConnectController` was split into two smaller ones, `Connect\ConnectController` & `Connect\RegisterController`,
+* Bugfix: Added `OAuth1ResourceOwner` & `OAuth2ResourceOwner` to cover case of implementing custom oauth resource owners,
+* Bugfix: Fixed Authorization Header in `CleverResourceOwner::doGetRequest`.
+
+## 2.0.0-BETA2 (2022-01-16)
+* Deprecated: configuration parameter `firewall_names`, firewalls are now computed automatically - all firewalls that have defined `oauth` authenticator/provider will be collected,
+* Added: Ability to automatically refresh expired access tokens (only for derived from `GenericOAuth2ResourceOwner` resource owners), if option `refresh_on_expire` set to `true`,
+* Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option `refresh_on_expure` set to `true`,
+* Enhancement: (`@internal`) Removed/replaced redundant argument `$firewallNames` from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use `$resourceOwnerMapLocator->getFirewallNames()`,
+* Bugfix: `RefreshTokenListener` cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on `kernel.response`. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request,
+* Bugfix: `InteractiveLoginEvent` will be triggered also for `OAuthAuthenticator`,
+* Maintain: Changed config files from `*.xml` to `*.php` (services and routes). Xml routing configs `connect.xml`, `login.xml` and `redirect.xml` are steel present but deprecated. Please use `*.php` variants in your includes instead.
 
 ## 2.0.0-BETA1 (2021-12-10)
 * BC Break: Dropped PHP 7.3 support,

README.md

@@ -12,9 +12,9 @@ Installation
 
 All the installation instructions are located in the documentation, check it for a specific version:
 
-* [__2.0__](https://github.com/hwi/HWIOAuthBundle/blob/master/docs/1-setting_up_the_bundle.md) (upcoming) - with support for Symfony: `^4.4`, `^5.4` & `^6.0` (PHP: `^7.4`, `^8.0`),
+* [__2.0__](https://github.com/hwi/HWIOAuthBundle/blob/master/docs/1-setting_up_the_bundle.md) (upcoming) - with support for Symfony: `^4.4`, `^5.4` & `^6.1` (PHP: `^7.4`, `^8.0`),
 
-* [__1.4__](https://github.com/hwi/HWIOAuthBundle/blob/1.4/docs/1-setting_up_the_bundle.md) (current) - with support for Symfony: `^4.4` & `^5.1` (PHP: `^7.3` & `^8.0`),
+* [__1.4__](https://github.com/hwi/HWIOAuthBundle/blob/1.4/Resources/doc/1-setting_up_the_bundle.md) (current) - with support for Symfony: `^4.4` & `^5.1` (PHP: `^7.3` & `^8.0`),
 
 * __1.3__ (outdated) - with support for Symfony: `^4.4` and `^5.0` (PHP: `^7.2` & `^8.0`).
 
@@ -25,7 +25,8 @@ Documentation
 The bulk of the documentation is stored in the `Resources/doc/index.md`
 file in this bundle. Read the documentation for version:
 
-* [__1.4__](https://github.com/hwi/HWIOAuthBundle/blob/1.4/docs/index.md)
+* [__2.0__](https://github.com/hwi/HWIOAuthBundle/blob/master/docs/index.md)
+* [__1.4__](https://github.com/hwi/HWIOAuthBundle/blob/1.4/Resources/doc/index.md)
 
 This bundle contains support for 58 different providers:
 * 37signals,

composer.json

@@ -3,7 +3,7 @@
     "type":        "symfony-bundle",
     "homepage":    "https://github.com/hwi/HWIOAuthBundle",
     "license":     "MIT",
-    "description": "Support for authenticating users using both OAuth1.0a and OAuth2 in Symfony2.",
+    "description": "Support for authenticating users using both OAuth1.0a and OAuth2 in Symfony.",
     "keywords":    [
         "authentication",
         "firewall",
@@ -94,32 +94,33 @@
 
     "require": {
         "php":                            "^7.4 || ^8.0",
-        "symfony/framework-bundle":       "^4.4.20 || ^5.4 || ^6.0",
-        "symfony/security-bundle":        "^4.4 || ^5.4 || ^6.0",
-        "symfony/options-resolver":       "^4.4 || ^5.4 || ^6.0",
-        "symfony/form":                   "^4.4 || ^5.4 || ^6.0",
-        "symfony/templating":             "^4.4 || ^5.4 || ^6.0",
-        "symfony/http-client":            "^4.4 || ^5.4 || ^6.0"
+        "symfony/framework-bundle":       "^4.4.20 || ^5.4 || ^6.1",
+        "symfony/security-bundle":        "^4.4 || ^5.4 || ^6.1",
+        "symfony/options-resolver":       "^4.4 || ^5.4 || ^6.1",
+        "symfony/form":                   "^4.4 || ^5.4 || ^6.1",
+        "symfony/templating":             "^4.4 || ^5.4 || ^6.1",
+        "symfony/http-client":            "^4.4 || ^5.4 || ^6.1"
     },
 
     "require-dev": {
         "doctrine/doctrine-bundle":     "^2.4",
         "doctrine/orm":                 "^2.9",
-        "symfony/browser-kit":          "^4.4.20 || ^5.4 || ^6.0",
-        "symfony/css-selector":         "^4.4 || ^5.4 || ^6.0",
-        "symfony/phpunit-bridge":       "^5.4 || ^6.0",
-        "symfony/property-access":      "^4.4 || ^5.4 || ^6.0",
-        "symfony/validator":            "^4.4 || ^5.4 || ^6.0",
-        "symfony/twig-bundle":          "^4.4 || ^5.4 || ^6.0",
-        "symfony/stopwatch":            "^5.4 || ^6.0",
-        "symfony/translation":          "^4.4 || ^5.4 || ^6.0",
-        "symfony/yaml":                 "^4.4 || ^5.4 || ^6.0",
+        "symfony/browser-kit":          "^4.4.20 || ^5.4 || ^6.1",
+        "symfony/css-selector":         "^4.4 || ^5.4 || ^6.1",
+        "symfony/phpunit-bridge":       "^5.4 || ^6.1",
+        "symfony/property-access":      "^4.4 || ^5.4 || ^6.1",
+        "symfony/validator":            "^4.4 || ^5.4 || ^6.1",
+        "symfony/twig-bundle":          "^4.4 || ^5.4 || ^6.1",
+        "symfony/stopwatch":            "^5.4 || ^6.1",
+        "symfony/translation":          "^4.4 || ^5.4 || ^6.1",
+        "symfony/yaml":                 "^4.4 || ^5.4 || ^6.1",
         "phpunit/phpunit":              "^9.5.12",
         "friendsofphp/php-cs-fixer":    "^3.2",
         "symfony/monolog-bundle":       "^3.4",
         "phpstan/phpstan":              "^1.2",
         "phpstan/phpstan-symfony":      "^1.0",
-        "phpstan/extension-installer":  "^1.1"
+        "phpstan/extension-installer":  "^1.1",
+        "firebase/php-jwt":             "^5.5"
     },
 
     "config": {
@@ -142,6 +143,7 @@
 
     "suggest": {
         "doctrine/doctrine-bundle":     "to use Doctrine user provider",
+        "firebase/php-jwt":             "to use JWT utility functions",
         "symfony/property-access":      "to use FOSUB integration with this bundle",
         "symfony/twig-bundle":          "to use the Twig hwi_oauth_* functions"
     },

docs/3-configuring_the_security_layer.md

@@ -7,7 +7,7 @@ The bundle needs a service that is able to load users based on the user
 response of the oauth endpoint. If you have a custom service it should
 implement the interface: `HWI\Bundle\OAuthBundle\Security\Core\User\OAuthAwareUserProviderInterface`.
 
-The HWIOAuthBundle also ships with three default implementations:
+The HWIOAuthBundle also ships with two default implementations:
 
 - `OAuthUserProvider` (service name: `hwi_oauth.user.provider`) - doesn't persist users
 - `EntityUserProvider` (service name: `hwi_oauth.user.provider.entity`) - loads users from a database

docs/bonus/facebook-connect.md

@@ -115,7 +115,7 @@ The following example bases also on the Facebook ["Login with Javascript SDK"](h
     </p>
 
     {# Bonus: Show all available login link in HWIOAuthBundle #}
-    {% render(controller('HWI\\Bundle\\OAuthBundle\\Controller\\ConnectController::connectAction')) %}
+    {% render(controller('HWI\\Bundle\\OAuthBundle\\Controller\\Connect\\ConnectController::connectAction')) %}
 {% endblock %}
 ```
 

docs/resource_owners/apple.md

@@ -8,7 +8,7 @@ Next configure a resource owner of type `apple` with appropriate
 Example `scope` values include:
 * `name`
 * `email`
-``` yaml
+```yaml
 # config/packages/hwi_oauth.yaml
 
 hwi_oauth:
@@ -20,6 +20,30 @@ hwi_oauth:
             scope:               "name email"
 ```
 
+Apple doesn't provide a ready-to-use `client_secret`, it has to be generated manually using a private key downloadable on Apple Developer.
+The generated `client_secret` has an expiration date, so it has to be regenerated continually.
+[See Documentation](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens)
+
+To overcome this inconvenience, you can configure an automatic `client_secret` generation as following.
+This requires [PHP-JWT](https://github.com/firebase/php-jwt) to work. (`composer require firebase/php-jwt`)
+```yaml
+# config/packages/hwi_oauth.yaml
+
+hwi_oauth:
+    resource_owners:
+        any_name:
+            type:                apple
+            client_id:           <client_id>
+            client_secret:       auto
+            scope:               "name email"
+            options:
+                auth_key:        <auth_key>
+                key_id:          <key_id>
+                team_id:         <team_id>
+```
+
+_The auth key can be loaded using an environment variable processor:`%env(file:resolve:APPLE_AUTH_KEY_PATH)%` with `APPLE_AUTH_KEY_PATH=%kernel.project_dir%/path/to/AuthKey_XXXXXXXXXX.p8` set to your `.env`._
+
 When you're done. Continue by configuring the security layer or go back to
 setup more resource owners.
 

docs/resource_owners/others.md

@@ -1,8 +1,7 @@
 Step 2x: Others
 ===============
-If the resource owners you are looking for isn't implemented in this bundle yet
-(implement it and send a PR! ;) ). Alternatively you can configure a general
-resource owner:
+If the resource owners you are looking for isn't implemented in this bundle yet, you can configure a general
+resource owner to use it on your own:
 
 #### OAuth2
 ```yaml
@@ -12,7 +11,7 @@ hwi_oauth:
     resource_owners:
         my_custom:
             type:                oauth2
-            class:               \HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\GenericOAuth2ResourceOwner
+            class:               \HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\OAuth2ResourceOwner
             client_id:           <client_id>
             client_secret:       <client_secret>
             access_token_url:    https://path.to/oauth/v2/token
@@ -35,7 +34,7 @@ hwi_oauth:
     resource_owners:
         my_custom:
             type:                oauth1
-            class:               \HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\GenericOAuth1ResourceOwner
+            class:               \HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\OAuth1ResourceOwner
             client_id:           <client_id>
             client_secret:       <client_secret>
             request_token_url:   https://path.to/oauth/v1/requestToken

phpstan.neon

@@ -16,6 +16,6 @@ parameters:
     # Symfony <5.4 BC layer
     reportUnmatchedIgnoredErrors: false
     ignoreErrors:
-        - '#Parameter \$event of method HWI\\Bundle\\OAuthBundle\\Controller\\ConnectController::dispatch\(\) has invalid type Symfony\\Component\\EventDispatcher\\Event.#'
+        - '#Parameter \$event of method HWI\\Bundle\\OAuthBundle\\Controller\\Connect\\AbstractController::dispatch\(\) has invalid type Symfony\\Component\\EventDispatcher\\Event.#'
         - '#Parameter \#2 \$array of function implode expects array<string>, array<int, array\|string\|null> given.#'
         - '#PHPDoc type DOMNode of property HWI\\Bundle\\OAuthBundle\\OAuth\\Response\\SensioConnectUserResponse::\$data is not covariant with PHPDoc type array of overridden property HWI\\Bundle\\OAuthBundle\\OAuth\\Response\\AbstractUserResponse::\$data#'