-
-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Encoder] Handle OpenSSL/phpseclib engines and algorithms #162
Conversation
b90fa44
to
477f5ea
Compare
Hi,
Again, thanks for the hard work @chalasr ! |
@slashfan You're welcome, I'll personally benefit from this changes, plus it's a pleasure to work on cool things. For the keys generation, you're right, I suspected that it is the reason of why you don't provide it before. I be back when I've some news! |
e955bef
to
fd283ed
Compare
Let me know about your eventual suggestions (especially about naming and documentation). Have a good review :) |
@@ -19,9 +21,15 @@ | |||
</parameters> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For a 2.0 release, the class parameters could be removed. But let's do it in a different PR (later) to keep things focused here :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@weaverryan Totally agreed. As long as I worked on different files I saw things that need to be changed, such as the documentation that needs more clean examples with namespaces, following best practices. It itches me to change them, but as you said, it's out of the scope of this PR. So, I'll propose this changes in a next one. Thank you for the review!
Hi guys! Really happy to see this stuff :). I started reviewing and I have one suggestion I'd like you to consider: avoid renaming services or classes (unless we have a real reason). For example, the Let me know what you think. And thank you! |
@weaverryan Also, what do you mean by "making changes in a BC way like the Symfony core does"? I have to learn a lot about keeping BC as possible and letting the time to upgrade, I'm not sure to do the good choices, So many thanks for your help on these several questions. @slashfan What do you think about this? |
If the library were new today, then I think having the
This change - unlike moving the
If you can make everything work with one class, and it's a nice solution (I mean: you're not forcing and hacking things together to make it work), that would be awesome! :)
Yes, you have exactly the idea :). If you kept the old way of doing things and just deprecated them, then we could merge this into the 1.x branch (as you wouldn't be breaking BC). If you followed the Symfony philosophy entirely, when 2.0 is released, we would simply remove the old deprecated features (this was done with Symfony 2.8 and 3.0). To give a specific example, if you did rename the Cheers! |
@weaverryan Thank you very much for take the time to educate me on this way, it will be helpful for my next contributions on Symfony and community bundles. Create the two services is the "easy" way, because the logic is already in place , we can use the Please let me know if I'm wrong, if I misunderstood or if you see a better way for something :) I'll wait for the opinion of @slashfan and do my best for make upgrading as soft as possible for developers, while providing these new features. EDIT I just realize that you was talking about the OpenSSLKeyLoader and not the new OpenSSLEncoder. |
d22f7b1
to
5b87e71
Compare
Encoder update:
About the I think that keep the |
5f9bce6
to
3f91857
Compare
<argument>%lexik_jwt_authentication.pass_phrase%</argument> | ||
</service> | ||
<!--- OpenSSL Key Loader / Old implementation (deprecated since 2.0) --> | ||
<service id="lexik_jwt_authentication.openssl_key_loader" class="Lexik\Bundle\JWTAuthenticationBundle\Services\OpenSSLKeyLoader"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can officially deprecate these - which will cause the user to see a deprecation warning :) http://symfony.com/blog/new-in-symfony-2-8-deprecated-service-definitions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@weaverryan I was glad to discover this feature, but as we have some tests running on old symfony versions, the tests don't pass anymore :/ So I had to rollback. I need to discuss with maintainers to know if we keep the compatibility with symfony versions older than 2.8. What do you think about this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, that's interesting! As long as the class itself is deprecated (with the trigger), it's not big deal.
0eae21b
to
3920c2f
Compare
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard'
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace
…chalasr) | Q | A | |---------------|------| | Bug fix? | no | | New feature? | yes | | BC breaks? | yes | | Deprecations | yes | | Fixed tickets | n/a | | Tests pass? | yes | After discussed in lexik#132, I open this PR representing one of the first new features of the `v2.0`. - [x] Ability to choose the encoder's encryption algorithm used by the encoder - [x] Ability to choose the encoder's encryption engine between phpseclib and openssl (default) - [x] Create a JWSProvider that manages Namshi\JOSE\JWS instances - [x] Create a new DefaultEncoder that takes the JWSProvider service as argument - [x] Create two base JWT[Decode/Encode]FailureException classes and their children - [x] Throw the good exception depending on the fail's reason during `DefaultEncoder::[encode/decode]()` - [x] Handle exceptions properly from the JWTProvider - [x] Update the existing tests / add new ones (unit & functional) - [x] Update the documentation - [x] Rebase after merged lexik#164 & update changelog - [x] Add an UPGRADE file and document this feature The v2 is coming!
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Add JWTGuardAuthenticationFactory to use our guard authenticator through 'lexik_jwt_guard' Rebase, catch JWTDecodeFailureException precisely Consistency in class naming fix bad namespace Update JWTGuardAuthenticator.php Handle token extractors configuration CS Fixes, Remove useless configuration in JWTGuardAuthenticationFactory
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Handle token extractors configuration Split configuration for readability Require browser-kit for tests Refactor functional tests structure Add more functional tests Depreciate current system classes Tests subscribing to authentication events Update CHANGELOG according to these changes Document config-related changes in UPGRADE.md Deprecate JWTManagerInterface in favor of JWTTokenManagerInterface Improve functional tests by adding CallableEventSubscriber Avoid calling onAuthenticationFailure() from start() Grammar
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Handle token extractors configuration Split configuration for readability Require browser-kit for tests Refactor functional tests structure Add more functional tests Depreciate current system classes Tests subscribing to authentication events Update CHANGELOG according to these changes Document config-related changes in UPGRADE.md Deprecate JWTManagerInterface in favor of JWTTokenManagerInterface Improve functional tests by adding CallableEventSubscriber Avoid calling onAuthenticationFailure() from start() Grammar Scrutinizer fixes
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Handle token extractors configuration Split configuration for readability Require browser-kit for tests Refactor functional tests structure Add more functional tests Depreciate current system classes Tests subscribing to authentication events Update CHANGELOG according to these changes Document config-related changes in UPGRADE.md Deprecate JWTManagerInterface in favor of JWTTokenManagerInterface Improve functional tests by adding CallableEventSubscriber Avoid calling onAuthenticationFailure() from start() Grammar Scrutinizer fixes
This PR was merged into the 2.0 branch. Discussion ---------- Next to #195 where we changed `encryption_algorithm` to `signature_algorithm`, this adapt the (forgotten) existing code, changing `encryptionAlgorithm` to `signatureAlgorithm` everywhere. 2.0 being not yet released, we must profit to ensure that the introduced features are following good practices, conventions and naming. @Spomky as you are quite aware of the good practices in term of encoding in general, it would be awesome if you could do a quick review of the terms we use in the corresponding part of our code base, especially on the `2.0` branch after #162. For instance I thought about `encryption_engine`, is it always correct in the contexts we use it? Otherwise, what about simply name it `engine`? That would give `encoder.engine` as option name. Let me know about your suggestions! Commits ------- a0b4430 Change encryptionAlgorithm to encryptionEngine Use 'crypto' term for keys
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Handle token extractors configuration Split configuration for readability Require browser-kit for tests Refactor functional tests structure Add more functional tests Depreciate current system classes Tests subscribing to authentication events Update CHANGELOG according to these changes Document config-related changes in UPGRADE.md Deprecate JWTManagerInterface in favor of JWTTokenManagerInterface Improve functional tests by adding CallableEventSubscriber Avoid calling onAuthenticationFailure() from start() Grammar Scrutinizer fixes
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after #162) Handle token extractors configuration Split configuration for readability Require browser-kit for tests Refactor functional tests structure Add more functional tests Depreciate current system classes Tests subscribing to authentication events Update CHANGELOG according to these changes Document config-related changes in UPGRADE.md Deprecate JWTManagerInterface in favor of JWTTokenManagerInterface Improve functional tests by adding CallableEventSubscriber Avoid calling onAuthenticationFailure() from start() Grammar Scrutinizer fixes
Retrieve user from the dynamic userProvider Catch possible encode/decode failure exceptions (better after lexik#162) Handle token extractors configuration Split configuration for readability Require browser-kit for tests Refactor functional tests structure Add more functional tests Depreciate current system classes Tests subscribing to authentication events Update CHANGELOG according to these changes Document config-related changes in UPGRADE.md Deprecate JWTManagerInterface in favor of JWTTokenManagerInterface Improve functional tests by adding CallableEventSubscriber Avoid calling onAuthenticationFailure() from start() Grammar Scrutinizer fixes
After discussed in #132, I open this PR representing one of the first new features of the
v2.0
.@slashfan I need your opinion about:
I used
\Encoder\NamshiJOSE
to avoid possible conflicts between two bridges namedJOSE
, maybe you have a better name?Same for the class names, maybe prefixing encoders by
JWT
would make more sense?If you have any idea or suggestion about how write tests for the new encoders and BTW improve the existing (encoding), the current tests should not pass with the large feature added, I'll try to improve them (for the ones concerning encoders).
I think that all can be done in the configuration reference. Do you see any other part that need to be updated?
Do we need to give a way to generate keys for phpseclib in addition of the openssl keys generation process? (I have a local work in progress containing a
GenerateKeysCommand
and theOpenSSLKeyGenerator
+SecLibKeyGenerator
services, I'd have your opinion about providing this feature)I think to add something about the key loaders, but not sure about if it shouldn't stay internal.
Waiting for your suggestions.
Also I'll be glad to have the opinion of any developer interested by this changes.
Steps:
DefaultEncoder::[encode/decode]()
The v2 is coming!