Upgrade to Symfony 6 (#22)

.github/workflows/ci.yaml

@@ -96,7 +96,7 @@ jobs:
         php-version:
           - '8.1'
         symfony-version:
-          - '5.4'
+          - '6.1'
     steps:
       - name: 'Checkout Code'
         uses: actions/checkout@v2

EventListener/Security/CheckVerifiedUserSubscriber.php

@@ -0,0 +1,66 @@
+<?php
+/*
+ * This file is part of the StfalconApiBundle.
+ *
+ * (c) Stfalcon LLC <stfalcon.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace StfalconStudio\ApiBundle\EventListener\Security;
+
+use StfalconStudio\ApiBundle\Model\Credentials\CredentialsInterface;
+use StfalconStudio\ApiBundle\Security\JwtBlackListService;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Http\Event\CheckPassportEvent;
+
+/**
+ * CheckVerifiedUserSubscriber.
+ */
+final class CheckVerifiedUserSubscriber implements EventSubscriberInterface
+{
+    private readonly JwtBlackListService $tokenBlackListService;
+
+    /**
+     * @param JwtBlackListService $tokenBlackListService
+     */
+    public function __construct(JwtBlackListService $tokenBlackListService)
+    {
+        $this->tokenBlackListService = $tokenBlackListService;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents(): iterable
+    {
+        yield CheckPassportEvent::class => 'onCheckPassport';
+    }
+
+    /**
+     * @param CheckPassportEvent $event
+     *
+     * @throws BadCredentialsException
+     *
+     * @return void
+     */
+    public function onCheckPassport(CheckPassportEvent $event): void
+    {
+        $passport = $event->getPassport();
+        $user = $passport->getUser();
+
+        $payload = $passport->getAttribute('payload');
+        if ($user instanceof CredentialsInterface && $user->getCredentialsLastChangedAt() instanceof \DateTime && is_array($payload) && (int) $payload['iat'] < $user->getCredentialsLastChangedAt()->getTimestamp()) {
+            throw new BadCredentialsException('Credentials were changed.');
+        }
+
+        $token = $passport->getAttribute('token');
+        if (\is_string($token) && $this->tokenBlackListService->tokenIsNotInBlackList($user, $token)) {
+            throw new BadCredentialsException('Token in the black list.');
+        }
+    }
+}

Exception/Http/Json/MalformedJsonException.php

@@ -22,10 +22,10 @@
 class MalformedJsonException extends AbstractCustomHttpAppException
 {
     /**
-     * @param string|null     $message
+     * @param string          $message
      * @param \Exception|null $previous
      */
-    public function __construct(?string $message = '', \Exception $previous = null)
+    public function __construct(string $message = '', \Exception $previous = null)
     {
         parent::__construct(Response::HTTP_BAD_REQUEST, $message, $previous);
     }

Security/AnonymousUser.php

@@ -45,14 +45,6 @@ public function getSalt(): ?string
         return null;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getUsername(): string
-    {
-        return self::USERNAME;
-    }
-
     /**
      * {@inheritdoc}
      */
@@ -65,6 +57,6 @@ public function eraseCredentials(): void
      */
     public function getUserIdentifier(): string
     {
-        return $this->getUsername();
+        return self::USERNAME;
     }
 }

Security/JwtBlackListService.php

@@ -12,7 +12,6 @@
 
 namespace StfalconStudio\ApiBundle\Security;
 
-use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\PreAuthenticationJWTUserToken;
 use Lexik\Bundle\JWTAuthenticationBundle\Services\JWSProvider\JWSProviderInterface;
 use Predis\Client;
 use StfalconStudio\ApiBundle\Exception\DomainException;
@@ -97,18 +96,14 @@ public function addTokenToBlackList(string $rawToken): void
     }
 
     /**
-     * @param UserInterface                 $user
-     * @param PreAuthenticationJWTUserToken $preAuthenticationJwtUserToken
+     * @param UserInterface $user
+     * @param string        $token
      *
      * @return bool
      */
-    public function tokenIsNotInBlackList(UserInterface $user, PreAuthenticationJWTUserToken $preAuthenticationJwtUserToken): bool
+    public function tokenIsNotInBlackList(UserInterface $user, string $token): bool
     {
-        if (!\is_scalar($preAuthenticationJwtUserToken->getCredentials())) {
-            throw new InvalidArgumentException('Token cannot be casted to string');
-        }
-
-        $key = $this->jwtCacheHelper->getRedisKeyForUserRawToken($user->getUserIdentifier(), (string) $preAuthenticationJwtUserToken->getCredentials());
+        $key = $this->jwtCacheHelper->getRedisKeyForUserRawToken($user->getUserIdentifier(), $token);
         $tokenIsInBlackList = (bool) $this->redisClientJwtBlackList->exists($key);
 
         return !$tokenIsInBlackList;

Tests/EventListener/JWT/DummyUser.php

@@ -0,0 +1,42 @@
+<?php
+/*
+ * This file is part of the StfalconApiBundle.
+ *
+ * (c) Stfalcon LLC <stfalcon.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace StfalconStudio\ApiBundle\Tests\EventListener\JWT;
+
+use StfalconStudio\ApiBundle\Model\Credentials\CredentialsInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class DummyUser implements UserInterface, CredentialsInterface
+{
+    public function setCredentialsLastChangedAt(?\DateTime $credentialsLastChangedAt): void
+    {
+    }
+
+    public function getCredentialsLastChangedAt(): ?\DateTime
+    {
+        return null;
+    }
+
+    public function getRoles(): array
+    {
+        return ['ROLE_USER'];
+    }
+
+    public function eraseCredentials(): void
+    {
+    }
+
+    public function getUserIdentifier(): string
+    {
+        return 'dummy';
+    }
+}

Tests/EventListener/JWT/JwtRefreshSubscriberTest.php

@@ -19,15 +19,15 @@
 use StfalconStudio\ApiBundle\EventListener\JWT\JwtRefreshSubscriber;
 use StfalconStudio\ApiBundle\Exception\JWT\InvalidRefreshTokenException;
 use StfalconStudio\ApiBundle\Model\Credentials\CredentialsInterface;
-use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 final class JwtRefreshSubscriberTest extends TestCase
 {
     /** @var RefreshEvent|MockObject */
     private RefreshEvent|MockObject $refreshEvent;
 
-    /** @var PostAuthenticationGuardToken|MockObject */
-    private PostAuthenticationGuardToken|MockObject $token;
+    /** @var TokenInterface|MockObject */
+    private TokenInterface|MockObject $token;
 
     /** @var RefreshToken|MockObject */
     private RefreshToken|MockObject $refreshToken;
@@ -40,8 +40,8 @@ final class JwtRefreshSubscriberTest extends TestCase
     protected function setUp(): void
     {
         $this->refreshEvent = $this->createMock(RefreshEvent::class);
-        $this->user = $this->createMock(CredentialsInterface::class);
-        $this->token = $this->createMock(PostAuthenticationGuardToken::class);
+        $this->user = $this->createMock(DummyUser::class);
+        $this->token = $this->createMock(TokenInterface::class);
         $this->refreshToken = $this->createMock(RefreshToken::class);
         $this->subscriber = new JwtRefreshSubscriber();
     }

Tests/EventListener/ORM/Aggregate/AggregatePartListenerTest.php

@@ -39,6 +39,7 @@ protected function setUp(): void
     protected function tearDown(): void
     {
         unset(
+            $this->dateTimeHelper,
             $this->listener,
         );
     }