Drop support for Symfony 3.4 and 5.3, add support for Symfony 6, drop MongoDB ODM 1.x (lexik#284)

* Drop support for Symfony 3.4 and add support for Symfony 6, and drop support for MongoDB ODM 1.x

* Misc. README updates

Author: mbabker

.gitattributes

@@ -1,8 +1,6 @@
 /.github export-ignore
-/spec export-ignore
 /Tests export-ignore
 /.gitignore export-ignore
 /CHANGELOG.md export-ignore
-/phpspec.yml export-ignore
 /phpunit.xml.dist export-ignore
 /README.md export-ignore

.github/workflows/run-tests.yml

@@ -9,30 +9,20 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php: [7.4, 8.0]
-        symfony: [3.4.*, 4.4.*, 5.2.*, 5.3.*]
+        php: ['7.4', '8.0', '8.1']
+        symfony: ['4.4.*', '5.4.*', '6.0.*']
         composer-flags: ['--prefer-stable']
         can-fail: [false]
         extensions: ['curl, iconv, mbstring, mongodb, pdo, pdo_sqlite, sqlite, zip']
         include:
-          - php: 7.4
-            symfony: 3.4.*
+          - php: '7.4'
+            symfony: '4.4.*'
             composer-flags: '--prefer-stable --prefer-lowest'
             can-fail: false
             extensions: 'curl, iconv, mbstring, mongodb, pdo, pdo_sqlite, sqlite, zip'
-          - php: 8.0
-            symfony: 5.4.*@dev
-            composer-flags: ''
-            can-fail: true
-            extensions: 'curl, iconv, mbstring, mongodb, pdo, pdo_sqlite, sqlite, zip'
-          - php: 8.1
-            symfony: 5.3.*
-            composer-flags: '--ignore-platform-req=php'
-            can-fail: true
-            extensions: 'curl, iconv, mbstring, mongodb-1.11.0alpha1, pdo, pdo_sqlite, sqlite, zip'
         exclude:
-          - php: 8.0
-            symfony: 3.4.*
+          - php: '7.4'
+            symfony: '6.0.*'
 
     name: "PHP ${{ matrix.php }} - Symfony ${{ matrix.symfony }}${{ matrix.composer-flags != '' && format(' - Composer {0}', matrix.composer-flags) || '' }}"
 
@@ -58,9 +48,13 @@ jobs:
         id: setup-mongodb
         uses: mongodb-labs/drivers-evergreen-tools@master
         with:
-          version: 4.4
+          version: '4.4'
           topology: server
 
+      - name: Remove Guard
+        if: matrix.symfony == '6.0.*'
+        run: composer remove --dev --no-update symfony/security-guard
+
       - name: Install dependencies
         run: composer update ${{ matrix.composer-flags }} --prefer-dist --no-suggest
         env:

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## Unreleased
 
+- Dropped support for MongoDB ODM 1.x
+- Dropped support for Symfony 3.4
+- Added support for Symfony 6.0
+
+## 1.0.0-beta4
+
 - Added `Gesdinet\JWTRefreshTokenBundle\Doctrine\RefreshTokenRepositoryInterface`
 - `Gesdinet\JWTRefreshTokenBundle\Doctrine\RefreshTokenManager` now requires all object repositories implement `Gesdinet\JWTRefreshTokenBundle\Doctrine\RefreshTokenRepositoryInterface`
 

DependencyInjection/Configuration.php

@@ -21,7 +21,7 @@ class Configuration implements ConfigurationInterface
     public function getConfigTreeBuilder(): TreeBuilder
     {
         $treeBuilder = new TreeBuilder('gesdinet_jwt_refresh_token');
-        $rootNode = method_exists(TreeBuilder::class, 'getRootNode') ? $treeBuilder->getRootNode() : $treeBuilder->root('gesdinet_jwt_refresh_token');
+        $rootNode = $treeBuilder->getRootNode();
 
         $rootNode
             ->children()

DependencyInjection/GesdinetJWTRefreshTokenExtension.php

@@ -11,7 +11,8 @@
 
 namespace Gesdinet\JWTRefreshTokenBundle\DependencyInjection;
 
-use Doctrine\Bundle\DoctrineBundle\DependencyInjection\Compiler\DoctrineOrmMappingsPass;
+use Doctrine\ODM\MongoDB\DocumentManager;
+use Doctrine\ORM\EntityManager;
 use Gesdinet\JWTRefreshTokenBundle\Document\RefreshToken as RefreshTokenDocument;
 use Gesdinet\JWTRefreshTokenBundle\Entity\RefreshToken as RefreshTokenEntity;
 use Gesdinet\JWTRefreshTokenBundle\Request\Extractor\ExtractorInterface;
@@ -44,7 +45,8 @@ public function load(array $configs, ContainerBuilder $container): void
         $refreshTokenClass = RefreshTokenEntity::class;
         $objectManager = 'doctrine.orm.entity_manager';
 
-        if (!class_exists(DoctrineOrmMappingsPass::class) || 'mongodb' === strtolower($config['manager_type'])) {
+        // Change the refresh token and object manager to the MongoDB ODM if the configuration explicitly sets it or if the ORM is not installed and the MongoDB ODM is
+        if ('mongodb' === strtolower($config['manager_type']) || (!class_exists(EntityManager::class) && class_exists(DocumentManager::class))) {
             $refreshTokenClass = RefreshTokenDocument::class;
             $objectManager = 'doctrine_mongodb.odm.document_manager';
         }

DependencyInjection/Security/Factory/LegacyRefreshTokenAuthenticatorFactory.php

@@ -18,10 +18,7 @@
 use Symfony\Component\DependencyInjection\Parameter;
 use Symfony\Component\DependencyInjection\Reference;
 
-/**
- * @final
- */
-/* final */ class RefreshTokenAuthenticatorFactory implements AuthenticatorFactoryInterface
+final class RefreshTokenAuthenticatorFactory implements AuthenticatorFactoryInterface
 {
     public function getPriority(): int
     {
@@ -59,10 +56,7 @@ public function addConfiguration(NodeDefinition $builder): void
         ;
     }
 
-    /**
-     * @return string
-     */
-    public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId)
+    public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
     {
         $authenticatorId = 'security.authenticator.refresh_jwt.'.$firewallName;
 

DependencyInjection/Security/Factory/RefreshTokenAuthenticatorFactory.php

@@ -41,12 +41,15 @@ class RefreshTokenManager implements RefreshTokenManagerInterface
     public function __construct(ObjectManager $om, $class)
     {
         $this->objectManager = $om;
-        $this->repository = $om->getRepository($class);
 
-        if (!$this->repository instanceof RefreshTokenRepositoryInterface) {
+        $repository = $om->getRepository($class);
+
+        if (!$repository instanceof RefreshTokenRepositoryInterface) {
             throw new \LogicException(sprintf('Repository mapped for "%s" should implement %s.', $class, RefreshTokenRepositoryInterface::class));
         }
 
+        $this->repository = $repository;
+
         $metadata = $om->getClassMetadata($class);
         $this->class = $metadata->getName();
     }

Doctrine/RefreshTokenManager.php

@@ -2,38 +2,14 @@
 
 namespace Gesdinet\JWTRefreshTokenBundle\Document;
 
-use Doctrine\ODM\MongoDB\DocumentRepository;
-use Doctrine\ODM\MongoDB\Repository\DocumentRepository as MongoDBDocumentRepository;
+use Doctrine\ODM\MongoDB\Repository\DocumentRepository;
 use Gesdinet\JWTRefreshTokenBundle\Doctrine\RefreshTokenRepositoryInterface;
 
-if (class_exists(MongoDBDocumentRepository::class)) {
-    /**
-     * Internal repository supporting doctrine/mongodb-odm >=2.0.
-     *
-     * @template T of object
-     * @extends MongoDBDocumentRepository<T>
-     *
-     * @internal
-     */
-    class BaseRepository extends MongoDBDocumentRepository
-    {
-    }
-} else {
-    /**
-     * Internal repository supporting doctrine/mongodb-odm <2.0.
-     *
-     * @internal
-     */
-    class BaseRepository extends DocumentRepository
-    {
-    }
-}
-
 /**
- * @extends BaseRepository<RefreshToken>
+ * @extends DocumentRepository<RefreshToken>
  * @implements RefreshTokenRepositoryInterface<RefreshToken>
  */
-class RefreshTokenRepository extends BaseRepository implements RefreshTokenRepositoryInterface
+class RefreshTokenRepository extends DocumentRepository implements RefreshTokenRepositoryInterface
 {
     /**
      * @param \DateTimeInterface|null $datetime

Document/RefreshTokenRepository.php

@@ -13,14 +13,15 @@
 
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Contracts\EventDispatcher\Event;
 
 class RefreshAuthenticationFailureEvent extends Event
 {
     private AuthenticationException $exception;
 
-    private ?Response $response;
+    private Response $response;
 
-    public function __construct(AuthenticationException $exception, ?Response $response = null)
+    public function __construct(AuthenticationException $exception, Response $response)
     {
         $this->exception = $exception;
         $this->response = $response;
@@ -31,12 +32,12 @@ public function getException(): AuthenticationException
         return $this->exception;
     }
 
-    public function getResponse(): ?Response
+    public function getResponse(): Response
     {
         return $this->response;
     }
 
-    public function setResponse(?Response $response = null): void
+    public function setResponse(Response $response): void
     {
         $this->response = $response;
     }

Event/Event.php

@@ -13,6 +13,7 @@
 
 use Gesdinet\JWTRefreshTokenBundle\Model\RefreshTokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Contracts\EventDispatcher\Event;
 
 class RefreshEvent extends Event
 {

Event/RefreshAuthenticationFailureEvent.php

@@ -13,6 +13,7 @@
 
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Contracts\EventDispatcher\Event;
 
 class RefreshTokenNotFoundEvent extends Event
 {

Event/RefreshEvent.php

@@ -57,10 +57,7 @@ class AttachRefreshTokenOnSuccessListener
      */
     protected $extractor;
 
-    /**
-     * @var array
-     */
-    protected $cookieSettings;
+    protected array $cookieSettings;
 
     /**
      * @param int    $ttl
@@ -85,6 +82,7 @@ public function __construct(
         $this->refreshTokenGenerator = $refreshTokenGenerator;
         $this->extractor = $extractor;
         $this->cookieSettings = array_merge([
+            'enabled' => false,
             'same_site' => 'lax',
             'path' => '/',
             'domain' => null,
@@ -105,6 +103,10 @@ public function attachRefreshToken(AuthenticationSuccessEvent $event): void
         $data = $event->getData();
         $request = $this->requestStack->getCurrentRequest();
 
+        if (null === $request) {
+            return;
+        }
+
         // Extract refreshToken from the request
         $refreshTokenString = $this->extractor->getRefreshToken($request, $this->tokenParameterName);
 
@@ -130,7 +132,7 @@ public function attachRefreshToken(AuthenticationSuccessEvent $event): void
         }
 
         // Add a response cookie if enabled
-        if (isset($this->cookieSettings['enabled']) && $this->cookieSettings['enabled']) {
+        if ($this->cookieSettings['enabled']) {
             $event->getResponse()->headers->setCookie(
                 new Cookie(
                     $this->tokenParameterName,

Event/RefreshTokenNotFoundEvent.php

@@ -6,7 +6,6 @@
 use Gesdinet\JWTRefreshTokenBundle\DependencyInjection\Compiler\CustomUserProviderCompilerPass;
 use Gesdinet\JWTRefreshTokenBundle\DependencyInjection\Compiler\ObjectManagerCompilerPass;
 use Gesdinet\JWTRefreshTokenBundle\DependencyInjection\Compiler\UserCheckerCompilerPass;
-use Gesdinet\JWTRefreshTokenBundle\DependencyInjection\Security\Factory\LegacyRefreshTokenAuthenticatorFactory;
 use Gesdinet\JWTRefreshTokenBundle\DependencyInjection\Security\Factory\RefreshTokenAuthenticatorFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -24,16 +23,11 @@ public function build(ContainerBuilder $container): void
         $container->addCompilerPass(new ObjectManagerCompilerPass());
         $container->addCompilerPass(new UserCheckerCompilerPass(true));
 
-        // Only register the security authenticator for Symfony 5.3+
+        // Only register the security authenticator for Symfony 5.4+
         if (interface_exists(RememberMeHandlerInterface::class)) {
             /** @var SecurityExtension $extension */
             $extension = $container->getExtension('security');
-
-            if (method_exists($extension, 'addAuthenticatorFactory')) {
-                $extension->addAuthenticatorFactory(new RefreshTokenAuthenticatorFactory());
-            } else {
-                $extension->addSecurityListenerFactory(new LegacyRefreshTokenAuthenticatorFactory());
-            }
+            $extension->addAuthenticatorFactory(new RefreshTokenAuthenticatorFactory());
         }
     }
 }