Merge 6.0.0 into master

.phpcs.xml.dist

@@ -20,7 +20,7 @@
     PHPCompatibility sniffs to check for PHP cross-version incompatible code.
     https://github.com/PHPCompatibility/PHPCompatibility
     -->
-    <config name="testVersion" value="5.5-"/>
+    <config name="testVersion" value="7.1-"/>
     <rule ref="PHPCompatibility"/>
 
 </ruleset>

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Change Log
 
+## [6.0.0](https://github.com/auth0/laravel-auth0/tree/6.0.0) (2020-04-09)
+[Full Changelog](https://github.com/auth0/laravel-auth0/compare/5.4.0...6.0.0)
+
+**This is a major release and includes breaking changes!** This release also includes a major version change for the PHP SDK that it relies on. Please see the [migration guide](https://github.com/auth0/auth0-PHP/blob/master/MIGRATE-v5-TO-v7.md) for the PHP SDK for more information.
+
+**Closed issues**
+- auth0-PHP 7.0 - State and nonce handling [\#163](https://github.com/auth0/laravel-auth0/issues/163)
+- Cannot use actingAs unit tests functionality [\#161](https://github.com/auth0/laravel-auth0/issues/161)
+
+**Added**
+- Implement auth0 guard [\#166](https://github.com/auth0/laravel-auth0/pull/166) ([Tamrael](https://github.com/Tamrael))
+
+**Changed**
+- Use array for Auth0JWTUser and add repo return types [\#176](https://github.com/auth0/laravel-auth0/pull/176) ([joshcanhelp](https://github.com/joshcanhelp))
+- Update PHP SDK to v7.0.0 [\#162](https://github.com/auth0/laravel-auth0/pull/162) ([joshcanhelp](https://github.com/joshcanhelp))
+- Bind SessionState handler interface in container [\#147](https://github.com/auth0/laravel-auth0/pull/147) ([nstapelbroek](https://github.com/nstapelbroek))
+
+**Fixed**
+- Fix Laravel session management [\#174](https://github.com/auth0/laravel-auth0/pull/174) ([joshcanhelp](https://github.com/joshcanhelp))
+
 ## [5.4.0](https://github.com/auth0/laravel-auth0/tree/5.4.0) (2020-03-27)
 [Full Changelog](https://github.com/auth0/laravel-auth0/compare/5.3.1...5.4.0)
 

README.md

@@ -46,6 +46,36 @@ You can implement your own cache strategy by creating a new class that implement
 
 You can customize the way you handle the users in your application by creating your own `UserRepository`. This class should implement the `Auth0\Login\Contract\Auth0UserRepository` contract. Please see the [Custom User Handling section of the Laravel Quickstart](https://auth0.com/docs/quickstart/webapp/laravel#optional-custom-user-handling) for the latest example.
 
+### Using auth guard
+
+To protect APIs using an access token generated by Auth0, there is an `auth0` API guard provided ([Laravel documentation on guards](https://laravel.com/docs/7.x/authentication#adding-custom-guards)). To use this guard, add it to `config/auth.php` with the driver `auth0`:
+```
+'guards' => [
+    ...
+    'auth0' => [
+        'driver' => 'auth0',
+        'provider' => 'auth0',
+    ],
+],
+
+'providers' => [
+    ...
+    'auth0' => [
+        'driver' => 'auth0',
+    ],
+],
+```
+
+Once that has been added, add the guard to the middleware of any API route and check authentication during the request:
+```
+// get user
+auth('auth0')->user();
+// check if logged in
+auth('auth0')->check();
+// protect routes via middleware use
+Route::group(['middleware' => 'auth:auth0'], function () {});
+```
+
 ## Installation
 
 Install this plugin into a new or existing project using [Composer](https://getcomposer.org/doc/00-intro.md):

composer.json

@@ -2,18 +2,19 @@
     "name": "auth0/login",
     "description": "Laravel plugin that helps authenticate with the auth0 service",
     "license": "MIT",
+    "prefer-stable": true,
     "require": {
-        "php": ">=5.5.0",
+        "php": "^7.1",
+        "auth0/auth0-php": "^7.1",
         "illuminate/support": "5.* | ^6.0 | ^7.0",
-        "auth0/auth0-php": "^5.6.0",
         "illuminate/contracts": "5.* | ^6.0 | ^7.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^4 | ^7",
+        "phpunit/phpunit": "^7|^8|^9",
         "squizlabs/php_codesniffer": "^3.2",
         "phpcompatibility/php-compatibility": "^8.1",
         "dealerdirect/phpcodesniffer-composer-installer": "^0.5.0",
-        "orchestra/testbench": "^3.8"
+        "orchestra/testbench": "^3.8|^4.0|^5.0"
     },
     "scripts": {
         "test": "SHELL_INTERACTIVE=1 \"vendor/bin/phpunit\" --coverage-text ",

phpunit.xml.dist

@@ -19,4 +19,8 @@
             <directory suffix=".php">src/</directory>
         </whitelist>
     </filter>
+    <php>
+        <ini name="session.use_cookies" value="false"/>
+        <ini name="session.cache_limiter" value="false"/>
+    </php>
 </phpunit>

src/Auth0/Login/Auth0JWTUser.php

@@ -15,9 +15,9 @@ class Auth0JWTUser implements \Illuminate\Contracts\Auth\Authenticatable
      *
      * @param $userInfo
      */
-    public function __construct($userInfo)
+    public function __construct(array $userInfo)
     {
-        $this->userInfo = get_object_vars($userInfo);
+        $this->userInfo = $userInfo;
     }
 
     /**

src/Auth0/Login/Auth0Service.php

@@ -2,16 +2,11 @@
 
 namespace Auth0\Login;
 
-use Auth0\SDK\API\Helpers\State\StateHandler;
-use Auth0\SDK\API\Helpers\State\SessionStateHandler;
 use Auth0\SDK\Auth0;
-use Auth0\SDK\Helpers\Cache\CacheHandler;
-use Auth0\SDK\JWTVerifier;
 use Auth0\SDK\Store\StoreInterface;
-use Config;
-use Illuminate\Contracts\Config\Repository;
-use Illuminate\Contracts\Container\BindingResolutionException;
+use Illuminate\Contracts\Config\Repository as ConfigRepository;
 use Illuminate\Http\RedirectResponse;
+use Psr\SimpleCache\CacheInterface;
 
 /**
  * Service that provides access to the Auth0 SDK.
@@ -30,33 +25,35 @@ class Auth0Service
     /**
      * Auth0Service constructor.
      *
-     * @param array $auth0Config
-     * @param StoreInterface $sessionStorage
+     * @param array|null $auth0Config
+     * @param StoreInterface|null $store
+     * @param CacheInterface|null $cache
      *
-     * @throws \Auth0\SDK\Exception\CoreException
+     * @throws \Illuminate\Contracts\Container\BindingResolutionException
      */
     public function __construct(
-        array $auth0Config = null,
+        array $auth0Config,
         StoreInterface $store = null,
-        StateHandler $stateHandler = null
+        CacheInterface $cache = null
     )
     {
-        if (!$auth0Config instanceof Repository && !is_array($auth0Config)) {
+
+        if (!$auth0Config instanceof ConfigRepository && !is_array($auth0Config)) {
             $auth0Config = config('laravel-auth0');
         }
 
-        $store = isset( $auth0Config['store'] ) ? $auth0Config['store'] : $store;
+        $store = $auth0Config['store'] ?? $store;
         if (false !== $store && !$store instanceof StoreInterface) {
             $store = new LaravelSessionStore();
         }
+        $auth0Config['store'] = $store;
 
-        $stateHandler = isset( $auth0Config['state_handler'] ) ? $auth0Config['state_handler'] : $stateHandler;
-        if (false !== $stateHandler && !$stateHandler instanceof StateHandler) {
-            $stateHandler = new SessionStateHandler($store);
+        $cache = $auth0Config['cache_handler'] ?? $cache;
+        if (!($cache instanceof CacheInterface)) {
+            $cache = app()->make('cache.store');
         }
+        $auth0Config['cache_handler'] = $cache;
 
-        $auth0Config['store'] = $store;
-        $auth0Config['state_handler'] = $stateHandler;
         $this->auth0 = new Auth0($auth0Config);
     }
 
@@ -163,35 +160,14 @@ public function rememberUser($value = null)
 
     /**
      * @param $encUser
+     * @param array $verifierOptions
      *
-     * @return mixed
+     * @return array
+     * @throws \Auth0\SDK\Exception\InvalidTokenException
      */
-    public function decodeJWT($encUser)
+    public function decodeJWT($encUser, array $verifierOptions = [])
     {
-        try {
-            $cache = \App::make(CacheHandler::class);
-        } catch (BindingResolutionException $e) {
-            $cache = null;
-        }
-
-        $secret_base64_encoded = config('laravel-auth0.secret_base64_encoded');
-
-        if (is_null($secret_base64_encoded)) {
-            $secret_base64_encoded = true;
-        }
-
-        $verifier = new JWTVerifier([
-            'valid_audiences' => [config('laravel-auth0.client_id'), config('laravel-auth0.api_identifier')],
-            'supported_algs' => config('laravel-auth0.supported_algs', ['HS256']),
-            'client_secret' => config('laravel-auth0.client_secret'),
-            'authorized_iss' => config('laravel-auth0.authorized_issuers'),
-            'secret_base64_encoded' => $secret_base64_encoded,
-            'cache' => $cache,
-            'guzzle_options' => config('laravel-auth0.guzzle_options'),
-        ]);
-
-        $this->apiuser = $verifier->verifyAndDecode($encUser);
-
+        $this->apiuser = $this->auth0->decodeIdToken($encUser, $verifierOptions);
         return $this->apiuser;
     }
 

src/Auth0/Login/Auth0User.php

@@ -17,7 +17,7 @@ class Auth0User implements \Illuminate\Contracts\Auth\Authenticatable
      * @param array $userInfo
      * @param string|null $accessToken
      */
-    public function __construct($userInfo, $accessToken)
+    public function __construct(array $userInfo, $accessToken)
     {
         $this->userInfo = $userInfo;
         $this->accessToken = $accessToken;

src/Auth0/Login/Contract/Auth0UserRepository.php

@@ -2,26 +2,28 @@
 
 namespace Auth0\Login\Contract;
 
+use \Illuminate\Contracts\Auth\Authenticatable;
+
 interface Auth0UserRepository
 {
     /**
-     * @param \stdClass $jwt with the data provided in the JWT
+     * @param array $decodedJwt with the data provided in the JWT
      *
-     * @return \Illuminate\Contracts\Auth\Authenticatable
+     * @return Authenticatable
      */
-    public function getUserByDecodedJWT($jwt);
+    public function getUserByDecodedJWT(array $decodedJwt) : Authenticatable;
 
     /**
      * @param array $userInfo representing the user profile and user accessToken
      *
-     * @return \Illuminate\Contracts\Auth\Authenticatable
+     * @return Authenticatable
      */
-    public function getUserByUserInfo($userInfo);
+    public function getUserByUserInfo(array $userInfo) : Authenticatable;
 
     /**
-     * @param mixed $identifier the user id
+     * @param string|int|null $identifier the user id
      *
-     * @return \Illuminate\Contracts\Auth\Authenticatable
+     * @return Authenticatable|null
      */
-    public function getUserByIdentifier($identifier);
+    public function getUserByIdentifier($identifier) : ?Authenticatable;
 }

src/Auth0/Login/LaravelSessionStore.php

@@ -2,7 +2,6 @@
 
 namespace Auth0\Login;
 
-use Session;
 use Auth0\SDK\Store\StoreInterface;
 
 class LaravelSessionStore implements StoreInterface
@@ -12,16 +11,14 @@ class LaravelSessionStore implements StoreInterface
     /**
      * Persists $value on $_SESSION, identified by $key.
      *
-     * @see Auth0SDK\BaseAuth0
-     *
      * @param string $key
      * @param mixed  $value
      */
-    public function set($key, $value)
+    public function set(string $key, $value)
     {
         $key_name = $this->getSessionKeyName($key);
 
-        Session::put($key_name, $value);
+        \session([$key_name => $value]);
     }
 
     /**
@@ -30,11 +27,11 @@ public function set($key, $value)
      *
      * @return mixed
      */
-    public function get($key, $default = null)
+    public function get(string $key, $default = null)
     {
         $key_name = $this->getSessionKeyName($key);
 
-        return Session::get($key_name, $default);
+        return \session($key_name, $default);
     }
 
     /**
@@ -44,11 +41,11 @@ public function get($key, $default = null)
      *
      * @param string $key
      */
-    public function delete($key)
+    public function delete(string $key)
     {
         $key_name = $this->getSessionKeyName($key);
 
-        Session::forget($key_name);
+        \session([$key_name => null]);
     }
 
     /**