♻️ upgrade lcobucci/jwt

src/JwtRequestAuthenticator.php

@@ -7,12 +7,11 @@
 use DateTimeImmutable;
 use Exception;
 use Illuminate\Http\Request;
-use Lcobucci\JWT\Parser;
-use Lcobucci\JWT\Signer\Key;
+use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
-use Lcobucci\JWT\Validation\Validator;
 use MyParcelCom\AuthModule\Interfaces\RequestAuthenticatorInterface;
 use MyParcelCom\JsonApi\Exceptions\InvalidAccessTokenException;
 use MyParcelCom\JsonApi\Exceptions\MissingTokenException;
@@ -31,12 +30,17 @@ class JwtRequestAuthenticator implements RequestAuthenticatorInterface
     public function authenticate(Request $request): Token
     {
         try {
-            $parsedToken = (new Parser())->parse(
+            $config = Configuration::forSymmetricSigner(
+                new Sha256(),
+                InMemory::plainText($this->getPublicKey())
+            );
+
+            $parsedToken = $config->parser()->parse(
                 $this->getTokenString($request)
             );
 
-            $constraint = new SignedWith(new Sha256(), new Key($this->getPublicKey()));
-            $valid = (new Validator())->validate($parsedToken, $constraint);
+            $constraint = new SignedWith($config->signer(), $config->signingKey());
+            $valid = $config->validator()->validate($parsedToken, $constraint);
 
             if (!$valid) {
                 throw new InvalidAccessTokenException('Token could not be verified');

tests/JwtRequestAuthenticatorTest.php

@@ -87,6 +87,8 @@ public function testAuthenticateWithInvalidSignature()
     {
         $privateKeyResource = openssl_pkey_new(['private_key_bits' => 1024]);
         openssl_pkey_export($privateKeyResource, $this->privateKey);
+        $this->generateKeys();
+
         $authorizationHeader = 'Bearer ' . $this->createTokenString([], null, 'some-user-id', []);
         $request = Mockery::mock(Request::class, ['header' => $authorizationHeader, 'has' => false]);
 

tests/Traits/AccessTokenTrait.php

@@ -6,9 +6,8 @@
 
 use DateTimeImmutable;
 use Illuminate\Http\Request;
-use Lcobucci\JWT\Builder;
-use Lcobucci\JWT\Parser;
-use Lcobucci\JWT\Signer\Key;
+use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use Lcobucci\JWT\Token;
 
@@ -20,6 +19,9 @@ trait AccessTokenTrait
     /** @var string */
     protected $publicKey;
 
+    /** @var Configuration */
+    protected $config;
+
     /**
      * Generate RSA keys.
      *
@@ -34,6 +36,12 @@ protected function generateKeys(bool $overrideConfig = false)
         if ($overrideConfig) {
             config(['auth.public_key' => $this->publicKey]);
         }
+
+        $this->config = Configuration::forAsymmetricSigner(
+            new Sha256(),
+            InMemory::plainText($this->privateKey),
+            InMemory::plainText($this->publicKey)
+        );
     }
 
     /**
@@ -51,7 +59,7 @@ protected function createTokenString(
         string $userId = '',
         array $claims = []
     ): string {
-        $builder = new Builder();
+        $builder = $this->config->builder();
         $builder
             ->withClaim('user_id', $userId)
             ->withClaim('scope', implode(' ', $scopes));
@@ -64,7 +72,7 @@ protected function createTokenString(
             $builder->expiresAt((new DateTimeImmutable())->setTimestamp($expiration));
         }
 
-        return (string) $builder->getToken(new Sha256(), new Key($this->privateKey));
+        return $builder->getToken($this->config->signer(), $this->config->signingKey())->toString();
     }
 
     /**
@@ -84,7 +92,7 @@ protected function createParsedToken(
     ): Token {
         $tokenString = $this->createTokenString($scopes, $expiration, $userId, $claims);
 
-        return (new Parser())->parse($tokenString);
+        return $this->config->parser()->parse($tokenString);
     }
 
     /**