feature #937 Symfony 6 Compatibility (mbabker)

This PR was squashed before being merged into the 2.x branch.

Discussion
----------

Symfony 6 Compatibility

This is the work needed for Symfony 6 compatibility.  The gist of the changes are:

- Allow Symfony 6 install
- Tweak the GitHub actions config, the tested versions are now set in a matrix so there's only one build config instead of duplicating it for each build
- Drops Symfony 5.3 support, the return signature change in `Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface::authenticate()` between 5.3 and 5.4 is a bit tricky to deal with while keeping support for the non-LTS 5.3
- Updates `Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory\JWTAuthenticatorFactory` to address the security listener factory -> authenticator factory changes/deprecations in the SecurityBundle in 5.4
- Adds typehints or doc blocks as needed

Commits
-------

36e1d8a Add Symfony 6 compatibility
5a46311 Update CI config to use a matrix and use Flex for locking Symfony versions

.github/workflows/ci.yml

@@ -5,148 +5,79 @@ on:
     push:
 
 jobs:
-    php-71:
-        name: PHP 7.1 / Symfony 4.4
+    tests:
         runs-on: ubuntu-latest
-        steps:
-            - name: "Checkout"
-              uses: "actions/checkout@v2"
-              with:
-                  fetch-depth: 2
-
-            - name: "Install PHP"
-              uses: "shivammathur/setup-php@v2"
-              with:
-                  php-version: "7.1"
-
-            - name: "Cache composer packages"
-              uses: "actions/cache@v2"
-              with:
-                  path: "~/.composer/cache"
-                  key: "php-7.1-composer-locked-${{ hashFiles('composer.lock') }}"
-                  restore-keys: "php-7.1-composer-locked-"
-
-            - name: "Install Symfony 4.4"
-              run: "composer require symfony/symfony:4.4.* --no-update"
-
-            - name: "Install dependencies with composer"
-              run: "composer update --no-interaction"
-
-            - name: "Run PHPUnit Tests"
-              run: "composer test"
-    php-72:
-        name: PHP 7.2 / Symfony 5.1
-        runs-on: ubuntu-latest
-        steps:
-            - name: "Checkout"
-              uses: "actions/checkout@v2"
-              with:
-                  fetch-depth: 2
-
-            - name: "Install PHP 7.2"
-              uses: "shivammathur/setup-php@v2"
-              with:
-                  php-version: "7.2"
-
-            - name: "Cache composer packages"
-              uses: "actions/cache@v2"
-              with:
-                  path: "~/.composer/cache"
-                  key: "php-7.2-composer-locked-${{ hashFiles('composer.lock') }}"
-                  restore-keys: "php-7.2-composer-locked-"
-
-            - name: "Install Symfony 5.1"
-              run: "composer require symfony/symfony:5.1.* --no-update"
-
-            - name: "Install dependencies with composer"
-              run: "composer update --no-interaction"
-
-            - name: "Run PHPUnit Tests"
-              run: "composer test"
-    php-73:
-        name: PHP 7.3 / Symfony 5.2
-        runs-on: ubuntu-latest
-        steps:
-            - name: "Checkout"
-              uses: "actions/checkout@v2"
-              with:
-                  fetch-depth: 2
-
-            - name: "Install PHP 7.3"
-              uses: "shivammathur/setup-php@v2"
-              with:
-                  php-version: "7.3"
+        continue-on-error: ${{ matrix.can-fail }}
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                    # Lowest Deps
+                    - php: 7.1
+                      symfony: 4.4.*
+                      composer-flags: '--prefer-stable --prefer-lowest'
+                      can-fail: false
+                    # LTS with latest stable PHP
+                    - php: 8.0
+                      symfony: 4.4.*
+                      composer-flags: '--prefer-stable'
+                      can-fail: false
+                    # Stable Symfony branches
+                    - php: 7.2
+                      symfony: 4.4.*
+                      composer-flags: '--prefer-stable'
+                      can-fail: false
+                    # Development Symfony branches
+                    - php: 7.3
+                      symfony: 5.4.*@dev
+                      composer-flags: '--prefer-stable' # Needed to force `lcobucci/jwt` to install a usable version
+                      can-fail: false
+                    - php: 7.4
+                      symfony: 5.4.*@dev
+                      composer-flags: ''
+                      can-fail: false
+                    - php: 8.0
+                      symfony: 5.4.*@dev
+                      composer-flags: ''
+                      can-fail: false
+                    - php: 8.0
+                      symfony: 6.0.*@dev
+                      composer-flags: ''
+                      can-fail: false
+
+        name: "PHP ${{ matrix.php }} - Symfony ${{ matrix.symfony }}${{ matrix.composer-flags != '' && format(' - Composer {0}', matrix.composer-flags) || '' }}"
 
-            - name: "Cache composer packages"
-              uses: "actions/cache@v2"
-              with:
-                  path: "~/.composer/cache"
-                  key: "php-7.3-composer-locked-${{ hashFiles('composer.lock') }}"
-                  restore-keys: "php-7.3-composer-locked-"
-
-            - name: "Install Symfony 5.2"
-              run: "composer require symfony/symfony:5.2.* --no-update"
-
-            - name: "Install dependencies with composer"
-              run: "composer update --no-interaction"
-
-            - name: "Run PHPUnit Tests"
-              run: "composer test"
-    php-74:
-        name: PHP 7.4 / Symfony 5.3
-        runs-on: ubuntu-latest
         steps:
             - name: "Checkout"
               uses: "actions/checkout@v2"
               with:
                   fetch-depth: 2
 
-            - name: "Install PHP 7.4"
-              uses: "shivammathur/setup-php@v2"
-              with:
-                  php-version: "7.4"
-
-            - name: "Cache composer packages"
+            - name: "Cache Composer packages"
               uses: "actions/cache@v2"
               with:
                   path: "~/.composer/cache"
-                  key: "php-7.4-composer-locked-${{ hashFiles('composer.lock') }}"
-                  restore-keys: "php-7.4-composer-locked-"
-
-            - name: "Install Symfony 5.3"
-              run: "composer require symfony/symfony:5.3.* --no-update"
-
-            - name: "Install dependencies with composer"
-              run: "composer update --no-interaction"
-
-            - name: "Run PHPUnit Tests"
-              run: "composer test"
-    php8:
-        name: PHP 8 / Symfony 5.4@dev
-        runs-on: ubuntu-latest
-        steps:
-            - name: "Checkout"
-              uses: "actions/checkout@v2"
-              with:
-                  fetch-depth: 2
+                  key: "php-${{ matrix.php }}-symfony-${{ matrix.symfony }}-composer-${{ hashFiles('composer.json') }}-flags-${{ matrix.composer-flags }}"
+                  restore-keys: "php-"
 
-            - name: "Install PHP 8"
+            - name: "Install PHP"
               uses: "shivammathur/setup-php@v2"
               with:
-                  php-version: "8"
+                  php-version: "${{ matrix.php }}"
+                  tools: "composer:v2,flex"
 
-            - name: "Cache composer packages"
-              uses: "actions/cache@v2"
-              with:
-                  path: "~/.composer/cache"
-                  key: "php-8-composer-locked-${{ hashFiles('composer.lock') }}"
-                  restore-keys: "php-8-composer-locked-"
+            - name: "Set Composer stability"
+              if: "matrix.symfony == '5.4.*@dev' || matrix.symfony == '6.0.*@dev'"
+              run: "composer config minimum-stability dev"
 
-            - name: "Install Symfony 5.4"
-              run: "composer require symfony/symfony:5.4.*@dev --no-update"
+            - name: "Remove symfony/security-guard"
+              if: "matrix.symfony == '6.0.*@dev'"
+              run: "composer remove --dev --no-update symfony/security-guard"
 
-            - name: "Install dependencies with composer"
-              run: "composer update --no-interaction"
+            - name: "Install dependencies"
+              run: "composer update ${{ matrix.composer-flags }} --prefer-dist"
+              env:
+                SYMFONY_REQUIRE: "${{ matrix.symfony }}"
 
             - name: "Run PHPUnit Tests"
               run: "composer test"

Command/CheckConfigCommand.php

@@ -40,6 +40,8 @@ protected function configure()
 
     /**
      * {@inheritdoc}
+     *
+     * @return int
      */
     protected function execute(InputInterface $input, OutputInterface $output)
     {

Command/GenerateTokenCommand.php

@@ -47,6 +47,8 @@ protected function configure()
 
     /**
      * {@inheritdoc}
+     *
+     * @return int
      */
     protected function execute(InputInterface $input, OutputInterface $output)
     {

DependencyInjection/Security/Factory/JWTAuthenticatorFactory.php

@@ -2,9 +2,7 @@
 
 namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory;
 
-use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\JWTAuthenticator;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
-use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -15,7 +13,7 @@
  *
  * @author Robin Chalas <robin.chalas@gmail.com>
  */
-class JWTAuthenticatorFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
+class JWTAuthenticatorFactory implements AuthenticatorFactoryInterface
 {
     /**
      * @throws \LogicException
@@ -28,15 +26,15 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
     /**
      * {@inheritdoc}
      */
-    public function getPosition()
+    public function getPriority(): int
     {
-        return 'pre_auth';
+        return -10;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function getKey()
+    public function getKey(): string
     {
         return 'jwt';
     }
@@ -55,7 +53,7 @@ public function addConfiguration(NodeDefinition $node)
         ;
     }
 
-    public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId)
+    public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
     {
         $authenticatorId = 'security.authenticator.jwt.'.$firewallName;
         $container

DependencyInjection/Security/Factory/JWTFactory.php

@@ -28,6 +28,8 @@ public function __construct($triggerDeprecation = true)
 
     /**
      * {@inheritdoc}
+     *
+     * @return array
      */
     public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
     {
@@ -86,6 +88,8 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
 
     /**
      * {@inheritdoc}
+     *
+     * @return string
      */
     public function getPosition()
     {
@@ -94,6 +98,8 @@ public function getPosition()
 
     /**
      * {@inheritdoc}
+     *
+     * @return string
      */
     public function getKey()
     {

Exception/ExpiredTokenException.php

@@ -14,6 +14,8 @@ class ExpiredTokenException extends AuthenticationException
 {
     /**
      * {@inheritdoc}
+     *
+     * @return string
      */
     public function getMessageKey()
     {

Exception/InvalidPayloadException.php

@@ -23,6 +23,8 @@ public function __construct(string $invalidKey)
 
     /**
      * {@inheritdoc}
+     *
+     * @return string
      */
     public function getMessageKey()
     {

Exception/InvalidTokenException.php

@@ -13,6 +13,8 @@ class InvalidTokenException extends AuthenticationException
 {
     /**
      * {@inheritdoc}
+     *
+     * @return string
      */
     public function getMessageKey()
     {

Exception/MissingTokenException.php

@@ -13,6 +13,8 @@ class MissingTokenException extends AuthenticationException
 {
     /**
      * {@inheritdoc}
+     *
+     * @return string
      */
     public function getMessageKey()
     {

LexikJWTAuthenticationBundle.php

@@ -7,6 +7,7 @@
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler\WireGenerateTokenCommandPass;
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory\JWTAuthenticatorFactory;
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory\JWTFactory;
+use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory\JWTSecurityFactory;
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Security\Factory\JWTUserFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
@@ -35,9 +36,15 @@ public function build(ContainerBuilder $container)
         $extension = $container->getExtension('security');
 
         $extension->addUserProviderFactory(new JWTUserFactory());
-        $extension->addSecurityListenerFactory(new JWTFactory(false)); // BC 1.x, to be removed in 3.0
-        if (interface_exists(AuthenticatorFactoryInterface::class)) {
-            $extension->addSecurityListenerFactory(new JWTAuthenticatorFactory());
+
+        // Authenticator factory for Symfony 5.4 and later
+        if (method_exists($extension, 'addAuthenticatorFactory')) {
+            $extension->addAuthenticatorFactory(new JWTAuthenticatorFactory());
+        }
+
+        // Security listener factory for Symfony 5.4 and earlier
+        if (method_exists($extension, 'addSecurityListenerFactory')) {
+            $extension->addSecurityListenerFactory(new JWTFactory(false)); // BC 1.x, to be removed in 3.0
         }
     }