Update PHP SDK to v7.0.0

Author: joshcanhelp

.phpcs.xml.dist

@@ -20,7 +20,7 @@
     PHPCompatibility sniffs to check for PHP cross-version incompatible code.
     https://github.com/PHPCompatibility/PHPCompatibility
     -->
-    <config name="testVersion" value="5.5-"/>
+    <config name="testVersion" value="7.1-"/>
     <rule ref="PHPCompatibility"/>
 
 </ruleset>

composer.json

@@ -2,14 +2,15 @@
     "name": "auth0/login",
     "description": "Laravel plugin that helps authenticate with the auth0 service",
     "license": "MIT",
+    "prefer-stable": true,
     "require": {
-        "php": ">=5.5.0",
+        "php": "^7.1",
+        "auth0/auth0-php": "^7.0",
         "illuminate/support": "5.* | ^6.0",
-        "auth0/auth0-php": "^5.6.0",
         "illuminate/contracts": "5.* | ^6.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^4 | ^7",
+        "phpunit/phpunit": "^7",
         "squizlabs/php_codesniffer": "^3.2",
         "phpcompatibility/php-compatibility": "^8.1",
         "dealerdirect/phpcodesniffer-composer-installer": "^0.5.0",

phpunit.xml.dist

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit bootstrap="vendor/autoload.php"
+<phpunit bootstrap="tests/bootstrap.php"
          backupGlobals="false"
          backupStaticAttributes="false"
          colors="true"

src/Auth0/Login/Auth0Service.php

@@ -2,14 +2,11 @@
 
 namespace Auth0\Login;
 
-use Auth0\SDK\API\Helpers\State\SessionStateHandler;
-use Auth0\SDK\API\Helpers\State\StateHandler;
 use Auth0\SDK\Auth0;
-use Auth0\SDK\Helpers\Cache\CacheHandler;
-use Auth0\SDK\JWTVerifier;
 use Auth0\SDK\Store\StoreInterface;
-use Illuminate\Contracts\Container\BindingResolutionException;
+use Illuminate\Contracts\Config\Repository as ConfigRepository;
 use Illuminate\Http\RedirectResponse;
+use Psr\SimpleCache\CacheInterface;
 
 /**
  * Service that provides access to the Auth0 SDK.
@@ -28,28 +25,35 @@ class Auth0Service
     /**
      * Auth0Service constructor.
      *
-     * @param array $auth0Config
+     * @param array|null $auth0Config
      * @param StoreInterface|null $store
-     * @param StateHandler|null $stateHandler
+     * @param CacheInterface|null $cache
+     *
+     * @throws \Illuminate\Contracts\Container\BindingResolutionException
      */
     public function __construct(
         array $auth0Config,
         StoreInterface $store = null,
-        StateHandler $stateHandler = null
+        CacheInterface $cache = null
     )
     {
-        $store = isset( $auth0Config['store'] ) ? $auth0Config['store'] : $store;
+
+        if (!$auth0Config instanceof ConfigRepository && !is_array($auth0Config)) {
+            $auth0Config = config('laravel-auth0');
+        }
+
+        $store = $auth0Config['store'] ?? $store;
         if (false !== $store && !$store instanceof StoreInterface) {
             $store = new LaravelSessionStore();
         }
+        $auth0Config['store'] = $store;
 
-        $stateHandler = isset( $auth0Config['state_handler'] ) ? $auth0Config['state_handler'] : $stateHandler;
-        if (false !== $stateHandler && !$stateHandler instanceof StateHandler) {
-            $stateHandler = new SessionStateHandler($store);
+        $cache = $auth0Config['cache_handler'] ?? $cache;
+        if (!($cache instanceof CacheInterface)) {
+            $cache = app()->make('cache.store');
         }
+        $auth0Config['cache_handler'] = $cache;
 
-        $auth0Config['store'] = $store;
-        $auth0Config['state_handler'] = $stateHandler;
         $this->auth0 = new Auth0($auth0Config);
     }
 
@@ -156,35 +160,14 @@ public function rememberUser($value = null)
 
     /**
      * @param $encUser
+     * @param array $verifierOptions
      *
-     * @return mixed
+     * @return object
+     * @throws \Auth0\SDK\Exception\InvalidTokenException
      */
-    public function decodeJWT($encUser)
+    public function decodeJWT($encUser, array $verifierOptions = [])
     {
-        try {
-            $cache = \App::make(CacheHandler::class);
-        } catch (BindingResolutionException $e) {
-            $cache = null;
-        }
-
-        $secret_base64_encoded = config('laravel-auth0.secret_base64_encoded');
-
-        if (is_null($secret_base64_encoded)) {
-            $secret_base64_encoded = true;
-        }
-
-        $verifier = new JWTVerifier([
-            'valid_audiences' => [config('laravel-auth0.client_id'), config('laravel-auth0.api_identifier')],
-            'supported_algs' => config('laravel-auth0.supported_algs', ['HS256']),
-            'client_secret' => config('laravel-auth0.client_secret'),
-            'authorized_iss' => config('laravel-auth0.authorized_issuers'),
-            'secret_base64_encoded' => $secret_base64_encoded,
-            'cache' => $cache,
-            'guzzle_options' => config('laravel-auth0.guzzle_options'),
-        ]);
-
-        $this->apiuser = $verifier->verifyAndDecode($encUser);
-
+        $this->apiuser = (object) $this->auth0->decodeIdToken($encUser, $verifierOptions);
         return $this->apiuser;
     }
 

src/Auth0/Login/LaravelCacheWrapper.php

@@ -2,7 +2,6 @@
 
 namespace Auth0\Login;
 
-use Session;
 use Auth0\SDK\Store\StoreInterface;
 
 class LaravelSessionStore implements StoreInterface
@@ -12,16 +11,14 @@ class LaravelSessionStore implements StoreInterface
     /**
      * Persists $value on $_SESSION, identified by $key.
      *
-     * @see Auth0SDK\BaseAuth0
-     *
      * @param string $key
      * @param mixed  $value
      */
-    public function set($key, $value)
+    public function set(string $key, $value)
     {
         $key_name = $this->getSessionKeyName($key);
 
-        Session::put($key_name, $value);
+        \session([$key_name, $value]);
     }
 
     /**
@@ -30,11 +27,11 @@ public function set($key, $value)
      *
      * @return mixed
      */
-    public function get($key, $default = null)
+    public function get(string $key, $default = null)
     {
         $key_name = $this->getSessionKeyName($key);
 
-        return Session::get($key_name, $default);
+        return \session($key_name, $default);
     }
 
     /**
@@ -44,11 +41,11 @@ public function get($key, $default = null)
      *
      * @param string $key
      */
-    public function delete($key)
+    public function delete(string $key)
     {
         $key_name = $this->getSessionKeyName($key);
 
-        Session::forget($key_name);
+        \session([$key_name, null]);
     }
 
     /**

src/Auth0/Login/LaravelSessionStore.php

@@ -4,8 +4,6 @@
 
 use Auth0\SDK\API\Helpers\ApiClient;
 use Auth0\SDK\API\Helpers\InformationHeaders;
-use Auth0\SDK\API\Helpers\State\StateHandler;
-use Auth0\SDK\API\Helpers\State\SessionStateHandler;
 use Auth0\SDK\Store\StoreInterface;
 use Illuminate\Support\ServiceProvider;
 
@@ -50,16 +48,12 @@ public function register()
             return new LaravelSessionStore();
         });
 
-        $this->app->bind(StateHandler::class, function ($app) {
-            return new SessionStateHandler($app->make(LaravelSessionStore::class));
-        });
-
         // Bind the auth0 name to a singleton instance of the Auth0 Service
         $this->app->singleton(Auth0Service::class, function ($app) {
             return new Auth0Service(
                 $app->make('config')->get('laravel-auth0'),
                 $app->make(StoreInterface::class),
-                $app->make(StateHandler::class)
+                $app->make('cache.store')
             );
         });
         $this->app->singleton('auth0', function () {

src/Auth0/Login/LoginServiceProvider.php

@@ -3,13 +3,12 @@
 
 use Auth0\Login\Auth0Service;
 use Auth0\Login\Facade\Auth0 as Auth0Facade;
-use Auth0\Login\LaravelSessionStore;
 use Auth0\Login\LoginServiceProvider as Auth0ServiceProvider;
-use Auth0\SDK\API\Helpers\State\DummyStateHandler;
-use Auth0\SDK\Store\EmptyStore;
+use Auth0\SDK\Exception\InvalidTokenException;
 use Auth0\SDK\Store\SessionStore;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Cache;
 use Orchestra\Testbench\TestCase as OrchestraTestCase;
-use Session;
 
 class Auth0ServiceTest extends OrchestraTestCase
 {
@@ -23,13 +22,19 @@ public static function setUpBeforeClass()
             'client_id' => '__test_client_id__',
             'client_secret' => '__test_client_secret__',
             'redirect_uri' => 'https://example.com/callback',
+            'transient_store' => new SessionStore(),
         ];
     }
 
+    public function tearDown() : void
+    {
+        Cache::flush();
+    }
+
     public function testThatServiceUsesSessionStoreByDefault()
     {
-        Session::put('auth0__user', '__test_user__');
-        $service = new Auth0Service(self::$defaultConfig, new LaravelSessionStore(), new DummyStateHandler());
+        session(['auth0__user' => '__test_user__']);
+        $service = new Auth0Service(self::$defaultConfig);
         $user = $service->getUser();
 
         $this->assertArrayHasKey('profile', $user);
@@ -38,12 +43,9 @@ public function testThatServiceUsesSessionStoreByDefault()
 
     public function testThatServiceSetsEmptyStoreFromConfigAndConstructor()
     {
-        Session::put('auth0__user', '__test_user__');
+        session(['auth0__user' => '__test_user__']);
 
-        $service = new Auth0Service(self::$defaultConfig + ['store' => false, 'state_handler' => false]);
-        $this->assertNull($service->getUser());
-
-        $service = new Auth0Service(self::$defaultConfig, new EmptyStore(), new DummyStateHandler());
+        $service = new Auth0Service(self::$defaultConfig + ['store' => false]);
         $this->assertNull($service->getUser());
 
         $service = new Auth0Service(self::$defaultConfig);
@@ -52,11 +54,10 @@ public function testThatServiceSetsEmptyStoreFromConfigAndConstructor()
 
     public function testThatServiceLoginReturnsRedirect()
     {
-
         $service = new Auth0Service(self::$defaultConfig);
         $redirect = $service->login();
 
-        $this->assertInstanceOf( \Illuminate\Http\RedirectResponse::class, $redirect );
+        $this->assertInstanceOf( RedirectResponse::class, $redirect );
 
         $targetUrl = parse_url($redirect->getTargetUrl());
 
@@ -68,6 +69,22 @@ public function testThatServiceLoginReturnsRedirect()
         $this->assertContains('client_id=__test_client_id__', $targetUrlQuery);
     }
 
+    /**
+     * @throws InvalidTokenException
+     */
+    public function testThatServiceCanUseLaravelCache()
+    {
+        $cache_key = md5('https://__invalid_domain__/.well-known/jwks.json');
+        cache([$cache_key => [uniqid()]], 10);
+        session(['auth0__nonce' => uniqid()]);
+
+        $service = new Auth0Service(['domain' => '__invalid_domain__'] + self::$defaultConfig);
+
+        // Without the cache set above, would expect a cURL error for a bad domain.
+        $this->expectException(InvalidTokenException::class);
+        $service->decodeJWT(uniqid());
+    }
+
     /*
      * Test suite helpers
      */

tests/Auth0ServiceTest.php

@@ -0,0 +1,7 @@
+<?php
+$tests_dir = dirname(__FILE__).'/';
+
+require_once $tests_dir.'../vendor/autoload.php';
+
+ini_set('session.use_cookies', false);
+ini_set('session.cache_limiter', false);