Fix tests

.github/workflows/integrate.yml

@@ -56,7 +56,6 @@ jobs:
         operating-system:
           - "ubuntu-latest"
         php-version:
-          - "8.1"
           - "8.2"
           - "8.3"
         dependencies:

composer.json

@@ -42,12 +42,10 @@
         }
     },
     "require": {
-        "php": ">=8.1",
+        "php": ">=8.2",
         "ext-json": "*",
         "ext-mbstring": "*",
         "ext-openssl": "*",
-        "lcobucci/clock": "^2.2|^3.0",
-        "nyholm/psr7": "^1.5",
         "paragonie/constant_time_encoding": "^2.6",
         "psr/clock": "^1.0",
         "psr/event-dispatcher": "^1.0",
@@ -58,6 +56,7 @@
         "spomky-labs/cbor-php": "^3.0",
         "spomky-labs/pki-framework": "^1.0",
         "symfony/config": "^6.4|^7.0",
+        "symfony/clock": "^6.4|^7.0",
         "symfony/dependency-injection": "^6.4|^7.0",
         "symfony/deprecation-contracts": "^3.2",
         "symfony/framework-bundle": "^6.4|^7.0",
@@ -69,7 +68,7 @@
         "symfony/uid": "^6.4|^7.0",
         "symfony/validator": "^6.4|^7.0",
         "web-auth/cose-lib": "^4.2.3",
-        "web-token/jwt-signature": "^3.1"
+        "web-token/jwt-signature": "^3.2.8"
     },
     "replace": {
         "web-auth/webauthn-lib": "self.version",
@@ -86,7 +85,7 @@
         }
     },
     "suggest": {
-        "psr/clock-implementation": "As of 4.5.x, the PSR Clock implementation will replace lcobucci/clock",
+        "psr/clock-implementation": "For datetime dependency injection",
         "psr/log-implementation": "Recommended to receive logs from the library",
         "symfony/security-bundle": "Symfony firewall using a JSON API (perfect for script applications)",
         "web-token/jwt-key-mgmt": "Mandatory for fetching Metadata Statement from distant sources",
@@ -96,8 +95,9 @@
     },
     "require-dev": {
         "doctrine/dbal": "^3.4",
-        "doctrine/doctrine-bundle": "^2.7",
-        "doctrine/orm": "^2.13",
+        "doctrine/doctrine-bundle": "^2.8",
+        "doctrine/persistence": "^3.1",
+        "doctrine/orm": "^2.14",
         "ekino/phpstan-banned-code": "^1.0",
         "infection/infection": "^0.27",
         "matthiasnoback/symfony-dependency-injection-test": "^4.3|^5.0",
@@ -125,9 +125,9 @@
         "symfony/yaml": "^6.4|^7.0",
         "symplify/easy-coding-standard": "^12.0",
         "web-token/jwt-key-mgmt": "^3.1",
-        "web-token/jwt-signature-algorithm-ecdsa": "^3.1",
-        "web-token/jwt-signature-algorithm-eddsa": "^3.1",
-        "web-token/jwt-signature-algorithm-rsa": "^3.1"
+        "web-token/jwt-signature-algorithm-ecdsa": "^3.2.8",
+        "web-token/jwt-signature-algorithm-eddsa": "^3.2.8",
+        "web-token/jwt-signature-algorithm-rsa": "^3.2.8"
     },
     "extra": {
         "thanks": {

src/metadata-service/composer.json

@@ -20,17 +20,17 @@
         }
     ],
     "require": {
-        "php": ">=8.1",
+        "php": ">=8.2",
         "ext-json": "*",
-        "lcobucci/clock": "^2.2|^3.0",
         "paragonie/constant_time_encoding": "^2.6",
         "psr/clock": "^1.0",
         "psr/event-dispatcher": "^1.0",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0",
         "psr/log": "^1.0|^2.0|^3.0",
         "spomky-labs/pki-framework": "^1.0",
-        "symfony/deprecation-contracts": "^3.2"
+        "symfony/deprecation-contracts": "^3.2",
+        "symfony/clock": "^6.4|^7.0"
     },
     "autoload": {
         "psr-4": {

src/symfony/composer.json

@@ -23,8 +23,7 @@
         }
     ],
     "require": {
-        "php": ">=8.1",
-        "nyholm/psr7": "^1.5",
+        "php": ">=8.2",
         "psr/event-dispatcher": "^1.0",
         "spomky-labs/cbor-bundle": "^3.0",
         "symfony/config": "^6.4|^7.0",
@@ -37,7 +36,7 @@
         "symfony/serializer": "^6.4|^7.0",
         "symfony/validator": "^6.4|^7.0",
         "web-auth/webauthn-lib": "self.version",
-        "web-token/jwt-signature": "^3.1"
+        "web-token/jwt-signature": "^3.2.8"
     },
     "extra": {
         "thanks": {

src/symfony/src/Resources/config/services.php

@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use Lcobucci\Clock\SystemClock;
 use Psr\Http\Message\RequestFactoryInterface;
 use Psr\Log\NullLogger;
+use Symfony\Component\Clock\NativeClock;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 use Symfony\Component\Serializer\SerializerInterface;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
@@ -65,8 +65,7 @@
 
     $container
         ->set('webauthn.clock.default')
-        ->class(SystemClock::class)
-        ->factory([SystemClock::class, 'fromSystemTimezone'])
+        ->class(NativeClock::class)
     ;
 
     $container

src/webauthn/composer.json

@@ -20,7 +20,7 @@
         }
     ],
     "require": {
-        "php": ">=8.1",
+        "php": ">=8.2",
         "ext-json": "*",
         "ext-openssl": "*",
         "ext-mbstring": "*",

src/webauthn/src/AttestationStatement/TPMAttestationStatementSupport.php

@@ -12,9 +12,6 @@
 use Cose\Key\OkpKey;
 use Cose\Key\RsaKey;
 use DateTimeImmutable;
-use DateTimeZone;
-use Lcobucci\Clock\Clock;
-use Lcobucci\Clock\SystemClock;
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use Psr\Clock\ClockInterface;
 use Psr\EventDispatcher\EventDispatcherInterface;
@@ -40,21 +37,11 @@
 
 final class TPMAttestationStatementSupport implements AttestationStatementSupport, CanDispatchEvents
 {
-    private readonly Clock|ClockInterface $clock;
-
     private EventDispatcherInterface $dispatcher;
 
-    public function __construct(null|Clock|ClockInterface $clock = null)
-    {
-        if ($clock === null) {
-            trigger_deprecation(
-                'web-auth/metadata-service',
-                '4.5.0',
-                'The parameter "$clock" will become mandatory in 5.0.0. Please set a valid PSR Clock implementation instead of "null".'
-            );
-            $clock = new SystemClock(new DateTimeZone('UTC'));
-        }
-        $this->clock = $clock;
+    public function __construct(
+        private readonly ClockInterface $clock
+    ) {
         $this->dispatcher = new NullEventDispatcher();
     }
 
@@ -63,7 +50,7 @@ public function setEventDispatcher(EventDispatcherInterface $eventDispatcher): v
         $this->dispatcher = $eventDispatcher;
     }
 
-    public static function create(null|Clock|ClockInterface $clock = null): self
+    public static function create(ClockInterface $clock): self
     {
         return new self($clock);
     }

tests/symfony/config/config.yml

@@ -4,19 +4,29 @@ parameters:
 framework:
   test: true
   secret: 'test'
+  handle_all_throwables: true
   serializer:
     enabled: true
   validation:
     enabled: true
+    email_validation_mode: html5
   session:
     storage_factory_id: 'session.storage.factory.mock_file'
+    save_path: "session.handler.native_file"
+    cookie_samesite: "lax"
+    cookie_secure: "auto"
   fragments: ~
   http_method_override: true
   http_client:
     mock_response_factory: 'Webauthn\Tests\Bundle\Functional\MockClientCallback'
   router:
     utf8: true
     resource: "%kernel.project_dir%/tests/symfony/config/routing.php"
+  uid:
+    default_uuid_version: 7
+    time_based_uuid_version: 7
+  php_errors:
+    log: true
 
 services:
   _defaults:
@@ -85,7 +95,6 @@ services:
     arguments:
       - '@Webauthn\MetadataService\Service\ChainedMetadataServices'
 
-
 doctrine:
   dbal:
     driver: 'pdo_mysql'
@@ -97,6 +106,7 @@ doctrine:
 
     url: '%env(resolve:DATABASE_URL)%'
   orm:
+    enable_lazy_ghost_objects: true
     auto_generate_proxy_classes: true
     naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
     auto_mapping: true

tests/symfony/functional/Attestation/AdditionalAuthenticatorTest.php

@@ -35,28 +35,16 @@
  */
 final class AdditionalAuthenticatorTest extends WebTestCase
 {
-    private KernelBrowser $client;
-
-    private OptionsStorage $storage;
-
-    protected function setUp(): void
-    {
-        $this->client = static::createClient([], [
-            'HTTPS' => 'on',
-        ]);
-
-        $this->storage = static::getContainer()->get(CustomSessionStorage::class);
-    }
-
     #[Test]
     public function anExistingUserCanAskForOptionsUsingTheDedicatedController(): void
     {
-        $this->logIn();
-        $this->client->request(Request::METHOD_POST, '/devices/add/options', [], [], [
+        $client = static::createClient([], ['HTTPS' => 'on']);
+        $this->logIn($client);
+        $client->request(Request::METHOD_POST, '/devices/add/options', [], [], [
             'CONTENT_TYPE' => 'application/json',
             'HTTP_HOST' => 'test.com',
         ], json_encode([], JSON_THROW_ON_ERROR));
-        $response = $this->client->getResponse();
+        $response = $client->getResponse();
         $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertResponseIsSuccessful();
@@ -92,11 +80,12 @@ public function thePublicKeyCredentialDataCanBeLoaded(): void
     #[Depends('thePublicKeyCredentialDataCanBeLoaded')]
     public function withTheOptionAnExistingUserCanRegisterNewAnotherAuthenticator(): void
     {
+        $client = static::createClient([], ['HTTPS' => 'on']);
         /** @var PublicKeyCredentialSourceRepository $publicKeyCredentialSourceRepository */
         $publicKeyCredentialSourceRepository = self::$kernel
             ->getContainer()
             ->get(PublicKeyCredentialSourceRepository::class);
-        $this->logIn();
+        $this->logIn($client);
 
         $publicKeyCredentialUserEntity = PublicKeyCredentialUserEntity::create('[email protected]', random_bytes(
             64
@@ -112,7 +101,8 @@ public function withTheOptionAnExistingUserCanRegisterNewAnotherAuthenticator():
                 [PublicKeyCredentialParameters::create('public-key', Algorithms::COSE_ALGORITHM_ES256)]
             );
 
-        $this->storage->store(Item::create(
+        $storage = static::getContainer()->get(CustomSessionStorage::class);
+        $storage->store(Item::create(
             $publicKeyCredentialCreationOptions,
             $publicKeyCredentialCreationOptions->user
         ));
@@ -124,7 +114,7 @@ public function withTheOptionAnExistingUserCanRegisterNewAnotherAuthenticator():
             $publicKeyCredentialSourceRepository->findAllForUserEntity($publicKeyCredentialCreationOptions->user)
         );
         $body = '{"id":"mMihuIx9LukswxBOMjMHDf6EAONOy7qdWhaQQ7dOtViR2cVB_MNbZxURi2cvgSvKSILb3mISe9lPNG9sYgojuY5iNinYOg6hRVxmm0VssuNG2pm1-RIuTF9DUtEJZEEK","type":"public-key","rawId":"mMihuIx9LukswxBOMjMHDf6EAONOy7qdWhaQQ7dOtViR2cVB/MNbZxURi2cvgSvKSILb3mISe9lPNG9sYgojuY5iNinYOg6hRVxmm0VssuNG2pm1+RIuTF9DUtEJZEEK","response":{"clientDataJSON":"eyJjaGFsbGVuZ2UiOiI5V3FncFJJWXZHTUNVWWlGVDIwbzFVN2hTRDE5M2sxMXp1NHRLUDd3UmNyRTI2enMxemM0TEh5UGludlBHUzg2d3U2YkR2cHdidDhYcDJiUTNWQlJTUSIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjkSZYN5YgOjGh0NBcPZHZgW4/krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJjIobiMfS7pLMMQTjIzBw3+hADjTsu6nVoWkEO3TrVYkdnFQfzDW2cVEYtnL4ErykiC295iEnvZTzRvbGIKI7mOYjYp2DoOoUVcZptFbLLjRtqZtfkSLkxfQ1LRCWRBCqUBAgMmIAEhWCAcPxwKyHADVjTgTsat4R/Jax6PWte50A8ZasMm4w6RxCJYILt0FCiGwC6rBrh3ySNy0yiUjZpNGAhW+aM9YYyYnUTJ"}}';
-        $this->client->request(
+        $client->request(
             Request::METHOD_POST,
             '/devices/add',
             [],
@@ -135,7 +125,7 @@ public function withTheOptionAnExistingUserCanRegisterNewAnotherAuthenticator():
             ],
             $body
         );
-        $response = $this->client->getResponse();
+        $response = $client->getResponse();
         $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertResponseStatusCodeSame(201);
@@ -155,12 +145,13 @@ public function withTheOptionAnExistingUserCanRegisterNewAnotherAuthenticator():
     #[Test]
     public function anExistingUserCanGetOptionsTestItsAuthenticators(): void
     {
-        $this->logIn();
-        $this->client->request(Request::METHOD_POST, '/devices/test/options', [], [], [
+        $client = static::createClient([], ['HTTPS' => 'on']);
+        $this->logIn($client);
+        $client->request(Request::METHOD_POST, '/devices/test/options', [], [], [
             'CONTENT_TYPE' => 'application/json',
             'HTTP_HOST' => 'test.com',
         ], json_encode([], JSON_THROW_ON_ERROR));
-        $response = $this->client->getResponse();
+        $response = $client->getResponse();
         $data = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
 
         static::assertResponseIsSuccessful();
@@ -172,7 +163,7 @@ public function anExistingUserCanGetOptionsTestItsAuthenticators(): void
         static::assertSame('ok', $data['status']);
     }
 
-    private function logIn(): void
+    private function logIn(KernelBrowser $client): void
     {
         /** @var SerializerInterface $serializer */
         $serializer = static::getContainer()->get(SerializerInterface::class);
@@ -231,13 +222,13 @@ private function logIn(): void
         $domains = array_unique(
             array_map(
                 static fn (Cookie $cookie) => $cookie->getName() === $session->getName() ? $cookie->getDomain() : '',
-                $this->client->getCookieJar()
+                $client->getCookieJar()
                     ->all()
             )
         ) ?: [''];
         foreach ($domains as $domain) {
             $cookie = new Cookie($session->getName(), $session->getId(), null, null, $domain);
-            $this->client->getCookieJar()
+            $client->getCookieJar()
                 ->set($cookie);
         }
     }

tests/symfony/functional/Attestation/PackedAttestationStatementTest.php

@@ -28,7 +28,6 @@ final class PackedAttestationStatementTest extends KernelTestCase
     #[Test]
     public function aPackedAttestationWithSelfStatementCanBeVerified(): void
     {
-        self::bootKernel();
         $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
             PublicKeyCredentialRpEntity::create('My Application'),
             PublicKeyCredentialUserEntity::create(