Merge pull request #12 from Staffbase/NFS-616-dependency-update

NFS-616: update deps, fixes tests

Author: Ninerian

.travis.yml

@@ -2,7 +2,7 @@ dist: trusty
 sudo: false
 language: php
 php:
-  - '5.6'
+  - '7.4'
 install:
   - composer install
 script:

composer.json

@@ -12,14 +12,14 @@
 		}
 	],
 	"require": {
-		"php": ">=5.5.9",
+		"php": "^7.3",
 		"lcobucci/jwt": "^3.2"
 
 	},
 	"require-dev": {
-		"cvuorinen/phpdoc-markdown-public": "^0.1.2",
+		"cvuorinen/phpdoc-markdown-public": "^0.2.0",
 		"phpseclib/phpseclib": "^2.0",
-		"phpunit/phpunit": "^4.8"
+		"phpunit/phpunit": "^9.0"
 	},
 	"autoload": {
 		"psr-4": {

phpunit.xml

@@ -1,10 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit colors="true" name="unit" bootstrap="vendor/autoload.php">
+<phpunit colors="true" bootstrap="vendor/autoload.php">
 	<testsuites>
 		<testsuite name="Plugins SDK unit test suite">
 			<file>test/SSODataTest.php</file>
 			<file>test/SSOTokenTest.php</file>
 			<file>test/PluginSessionTest.php</file>
 		</testsuite>
+
 	</testsuites>
+	<filter>
+		<whitelist processUncoveredFilesFromWhitelist="true">
+			<directory suffix=".php">src</directory>
+		</whitelist>
+	</filter>
 </phpunit>

src/PluginSession.php

@@ -15,8 +15,6 @@
 namespace Staffbase\plugins\sdk;
 
 use SessionHandlerInterface;
-use Staffbase\plugins\sdk\SSOData;
-use Staffbase\plugins\sdk\SSOToken;
 use Staffbase\plugins\sdk\Exceptions\SSOException;
 use Staffbase\plugins\sdk\Exceptions\SSOAuthenticationException;
 use Staffbase\plugins\sdk\RemoteCall\RemoteCallInterface;
@@ -35,12 +33,12 @@ class PluginSession extends SSOData
 	const KEY_DATA = 'data';
 
 	/**
-	 * @var $pluginInstanceId the id of the currently used instance.
+	 * @var String $pluginInstanceId the id of the currently used instance.
 	 */
 	private $pluginInstanceId  = null;
 
 	/**
-	 * @var $userView flag for userView mode.
+	 * @var boolean $userView flag for userView mode.
 	 */
 	private $userView = true;
 
@@ -49,9 +47,9 @@ class PluginSession extends SSOData
 	 *
 	 * @param string $pluginId the unique name of the plugin
 	 * @param string $appSecret application public key
-	 * @param $sessionHandler optional custom session handler
-	 * @param $leeway in seconds to compensate clock skew
-	 * @param $remoteCallHandler a class handling remote calls
+	 * @param SessionHandlerInterface $sessionHandler optional custom session handler
+	 * @param int $leeway in seconds to compensate clock skew
+	 * @param RemoteCallInterface $remoteCallHandler a class handling remote calls
 	 *
 	 * @throws SSOAuthenticationException | SSOException
 	 */

src/SSOToken.php

@@ -6,19 +6,19 @@
  * PHP version 5.5.9
  *
  * @category  Authentication
- * @copyright 2017-2019 Staffbase, GmbH. 
+ * @copyright 2017-2019 Staffbase, GmbH.
  * @author    Vitaliy Ivanov
  * @license   http://www.apache.org/licenses/LICENSE-2.0
  * @link      https://github.com/staffbase/plugins-sdk-php
  */
 
 namespace Staffbase\plugins\sdk;
 
+use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Parser;
-use Lcobucci\JWT\Builder;
+use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\ValidationData;
 use Lcobucci\JWT\Claim\Validatable;
-use Lcobucci\JWT\Signer\Keychain;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use Staffbase\plugins\sdk\Exceptions\SSOException;
 use Staffbase\plugins\sdk\Exceptions\SSOAuthenticationException;
@@ -29,8 +29,8 @@
  */
 class SSOToken extends SSOData
 {
-	/** 
-	 * @var $token  Lcobucci\JWT\Token 
+	/**
+	 * @var Token $token
 	 */
 	private $token = null;
 
@@ -39,7 +39,7 @@ class SSOToken extends SSOData
 	 *
 	 * @param string $appSecret Either a PEM key or a file:// URL.
 	 * @param string $tokenData The token text.
-	 * @param int $leeway count of seconds added to current timestamp 
+	 * @param int $leeway count of seconds added to current timestamp
 	 *
 	 * @throws SSOException on invalid parameters.
 	 */
@@ -66,9 +66,7 @@ public function __construct($appSecret, $tokenData, $leeway = 0) {
 	 *
 	 * @param string $appSecret Either a PEM formatted key or a file:// URL of the same.
 	 * @param string $tokenData The token text.
-	 * @param int $leeway count of seconds added to current timestamp 
-	 * 
-	 * @return Lcobucci\JWT\Token;
+	 * @param int $leeway count of seconds added to current timestamp
 	 *
 	 * @throws SSOAuthenticationException if the parsing/verification/validation of the token fails.
 	 */
@@ -79,13 +77,13 @@ protected function parseToken($appSecret, $tokenData, $leeway) {
 
 		// verify signature
 		$signer = new Sha256();
-		$keychain = new Keychain();
+		$key = new Key($appSecret);
 
-		if (!$this->token->verify($signer, $keychain->getPublicKey($appSecret)))
+		if (!$this->token->verify($signer, $key))
 			throw new SSOAuthenticationException('Token verification failed.');
 
 		// validate claims
-		$data = new ValidationData(time() +$leeway); // iat, nbf and exp are validated by default
+		$data = new ValidationData(time(), $leeway); // iat, nbf and exp are validated by default
 
 		if (!$this->token->validate($data)) {
 			$this->throwVerboseException($data);
@@ -104,7 +102,7 @@ protected function parseToken($appSecret, $tokenData, $leeway) {
 	 * @return string PEM encoded key
 	 */
 	public static function base64ToPEMPublicKey($data) {
-		
+
 		$data = strtr($data, array(
 			"\r" => "",
 			"\n" => ""
@@ -122,13 +120,13 @@ public static function base64ToPEMPublicKey($data) {
 	 * Due to minor shortcomings of the library we have to redo the validation
 	 * manually to get the reason for the failure and propagate it.
 	 * We emulate the validation process for the v3.x of the library.
-	 * 
+	 *
 	 * This will most likely have to change on library upgrade either
 	 * by using then supported verbosity or reimplementing validation
 	 * as done in the new flow.
-	 * 
-	 * @param Lcobucci\JWT\ValidationData $data to validate against
-	 * 
+	 *
+	 * @param ValidationData $data to validate against
+	 *
 	 * @throws SSOAuthenticationException always.
 	 */
 	protected function throwVerboseException(ValidationData $data) {
@@ -193,4 +191,4 @@ protected function getAllClaims() {
 
 		return $res;
 	}
-}
+}