Allow lcobucci/jwt v5

Services/JWSProvider/LcobucciJWSProvider.php

@@ -68,11 +68,6 @@ class LcobucciJWSProvider implements JWSProviderInterface
      */
     private $allowNoExpiration;
 
-    /**
-     * @var bool
-     */
-    private $useDateObjects;
-
     /**
      * @throws \InvalidArgumentException If the given crypto engine is not supported
      */
@@ -82,7 +77,7 @@ public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine,
             throw new \InvalidArgumentException(sprintf('The %s provider supports only "openssl" as crypto engine.', self::class));
         }
         if (null === $clock) {
-            $clock = SystemClock::fromUTC();
+            $clock = new SystemClock(new \DateTimeZone('UTC'));
         }
 
         $this->keyLoader = $keyLoader;
@@ -91,7 +86,6 @@ public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine,
         $this->ttl = $ttl;
         $this->clockSkew = $clockSkew;
         $this->allowNoExpiration = $allowNoExpiration;
-        $this->useDateObjects = method_exists(Token::class, 'payload') || class_exists(Plain::class);  // exists only on lcobucci/jwt 3.4+
     }
 
     /**
@@ -106,36 +100,36 @@ public function create(array $payload, array $header = [])
         }
 
         foreach ($header as $k => $v) {
-            $jws->withHeader($k, $v);
+            $jws = $jws->withHeader($k, $v);
         }
 
         $now = time();
 
         $issuedAt = $payload['iat'] ?? $now;
         unset($payload['iat']);
 
-        $jws->issuedAt($this->useDateObjects && !$issuedAt instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$issuedAt}") : $issuedAt);
+        $jws = $jws->issuedAt(!$issuedAt instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$issuedAt}") : $issuedAt);
 
         if (null !== $this->ttl || isset($payload['exp'])) {
             $exp = $payload['exp'] ?? $now + $this->ttl;
             unset($payload['exp']);
 
             if ($exp) {
-                $jws->expiresAt($exp instanceof \DateTimeImmutable ? $exp : ($this->useDateObjects ? new \DateTimeImmutable("@$exp") : $exp));
+                $jws = $jws->expiresAt(!$exp instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$exp}") : $exp);
             }
         }
 
         if (isset($payload['sub'])) {
-            $jws->relatedTo($payload['sub']);
+            $jws = $jws->relatedTo($payload['sub']);
             unset($payload['sub']);
         }
 
         if (interface_exists(RegisteredClaims::class)) {
-            $this->addStandardClaims($jws, $payload);
+            $jws = $this->addStandardClaims($jws, $payload);
         }
 
         foreach ($payload as $name => $value) {
-            $jws->withClaim($name, $value);
+            $jws = $jws->withClaim($name, $value);
         }
 
         $e = $token = null;
@@ -159,25 +153,18 @@ public function load($token)
         }
 
         $payload = [];
-
-        if (!$this->useDateObjects) {
-            foreach ($jws->getClaims() as $claim) {
-                $payload[$claim->getName()] = $claim->getValue();
-            }
-        } else {
-            foreach ($jws->claims()->all() as $name => $value) {
-                if ($value instanceof \DateTimeInterface) {
-                    $value = $value->getTimestamp();
-                }
-                $payload[$name] = $value;
+        foreach ($jws->claims()->all() as $name => $value) {
+            if ($value instanceof \DateTimeInterface) {
+                $value = $value->getTimestamp();
             }
+            $payload[$name] = $value;
         }
 
         $jws = new LoadedJWS(
             $payload,
             $this->verify($jws),
             false == $this->allowNoExpiration,
-            $this->useDateObjects ? $jws->headers()->all() : $jws->getHeaders(),
+            $jws->headers()->all(),
             $this->clockSkew
         );
 
@@ -230,29 +217,6 @@ private function getSignedToken(Builder $jws)
 
     private function verify(Token $jwt)
     {
-        if (!$this->useDateObjects) {
-            if (!$jwt->validate(new ValidationData(time() + $this->clockSkew))) {
-                return false;
-            }
-
-            if ($this->signer instanceof Hmac) {
-                return $jwt->verify(
-                    $this->signer,
-                    $this->keyLoader->loadKey(RawKeyLoader::TYPE_PRIVATE)
-                );
-            }
-
-            if (!empty($keys = $this->keyLoader->getAdditionalPublicKeys())) {
-                foreach ($keys as $key) {
-                    if ($jwt->verify($this->signer, $key)) {
-                        return true;
-                    }
-                }
-
-                return false;
-            }
-        }
-
         if (class_exists(InMemory::class)) {
             $key = InMemory::plainText($this->signer instanceof Hmac ? $this->keyLoader->loadKey(RawKeyLoader::TYPE_PRIVATE) : $this->keyLoader->loadKey(RawKeyLoader::TYPE_PUBLIC));
         } else {
@@ -289,7 +253,7 @@ private function verify(Token $jwt)
         return false;
     }
 
-    private function addStandardClaims(Builder $builder, array &$payload)
+    private function addStandardClaims(Builder $builder, array &$payload): Builder
     {
         $mutatorMap = [
             RegisteredClaims::AUDIENCE => 'permittedFor',
@@ -311,7 +275,9 @@ private function addStandardClaims(Builder $builder, array &$payload)
                 continue;
             }
 
-            $builder->{$mutator}($value);
+            $builder = $builder->{$mutator}($value);
         }
+
+        return $builder;
     }
 }

composer.json

@@ -39,7 +39,8 @@
     "require": {
         "php": ">=7.1",
         "ext-openssl": "*",
-        "lcobucci/jwt": "^3.4|^4.0",
+        "lcobucci/clock": "^1.2|^2.0|^3.0",
+        "lcobucci/jwt": "^3.4|^4.1|^5.0",
         "namshi/jose": "^7.2",
         "symfony/config": "^4.4|^5.3|^6.0",
         "symfony/dependency-injection": "^4.4|^5.3|^6.0",